Understanding Usability and User Acceptance of Usage-Based Insurance from Users' View

Intelligent Transportation Systems (ITS) cover a variety of services related to topics such as traffic control and safe driving, among others. In the context of car insurance, a recent application for ITS is known as Usage-Based Insurance (UBI). UBI refers to car insurance policies that enable insurance companies to collect individual driving data using a telematics device. Collected data is analysed and used to offer individual discounts based on driving behaviour and to provide feedback on driving performance. Although there are plenty of advertising materials about the benefits of UBI, the user acceptance and the usability of UBI systems have not received research attention so far. To this end, we conduct two user studies: semi-structured interviews with UBI users and a qualitative analysis of 186 customer inquiries from a web forum of a German insurance company. We find that under certain circumstances, UBI provokes dangerous driving behaviour. These situations could be mitigated by making UBI transparent and the feedback customisable by drivers. Moreover, the country driving conditions, the policy conditions, and the perceived driving style influence UBI acceptance

Access Control in Wireless Sensor Networks

Wireless sensor networks consist of a large amount of sensor nodes, small low-cost wireless computing devices equipped with different sensors. Sensor networks collect and process environmental data and can be used for habitat monitoring, precision agriculture, wildfire detection, structural health monitoring and many other applications. Securing sensor networks calls for novel solutions, especially because of their unattended deployment and strong resource limitations. Moreover, developing security solutions without knowing precisely against what threats the system should be protected is impossible. Thus, the first task in securing sensor networks is to define a realistic adversary model. We systematically investigate vulnerabilities in sensor networks, specifically focusing on physical attacks on sensor node hardware. These are all attacks that require direct physical access to the sensor nodes. Most severe attacks of this kind are also known as node capture, or node compromise. Based on the vulnerability analysis, we present a novel general adversary model for sensor networks. If the data collected within a sensor network is valuable or should be kept confidential then the data should be protected from unauthorized access. We determine security issues in the context of access control in sensor networks in presence of node capture attacks and develop protocols for broadcast authentication that constitute the core of our solutions for access control. We develop broadcast authentication protocols for the case where the adversary can capture up to some threshold t sensor nodes. The developed protocols offer absolute protection while not more than t nodes are captured, but their security breaks completely otherwise. Moreover, security in this case comes at a high cost, as the resource requirements for the protocols grow rapidly with t. One of the most popular ways to overcome impossibility or inefficiency of solutions in distributed systems is to make the protocol goals probabilistic. We therefore develop efficient probabilistic protocols for broadcast authentication. Security of these protocols degrades gracefully with the increasing number of captured nodes. We conclude that the perfect threshold security is less appropriate for sensor networks than the probabilistic approach. Gracefully degrading security offers better scalability and saves resources, and should be considered as a promising security paradigm for sensor networks

Look Before You Leap: Improving the Users’ Ability to Detect Fraud in Electronic Marketplaces

Reputation systems in current electronic marketplaces can easily be manipulated by malicious sellers in order to appear more reputable than appropriate. We conducted a controlled experiment with 40 UK and 41 German participants on their ability to detect malicious behavior by means of an eBay-like feedback profile versus a novel interface involving an interactive visualization of reputation data. The results show that participants using the new interface could better detect and understand malicious behavior in three out of four attacks (the overall detection accuracy 77% in the new vs. 56% in the old interface). Moreover, with the new interface, only 7% of the users decided to buy from the malicious seller (the options being to buy from one of the available sellers or to abstain from buying), as opposed to 30% in the old interface condition

An algorithmic framework for robust access control in wireless sensor networks

If the data collected within a sensor network is valuable or should be kept confidential then security measures should protect the access to this data. We first determine security issues in the context of access control in sensor networks especially focusing on the problem of node capture, i.e., the possibility that an attacker can completely take over some of the sensor nodes. We then introduce the notion of ¡-robust sensor networks which can withstand capture of up to ¡ nodes and consider three basic security concepts for such networks: (1) ¡-robust storage, a mechanism to securely store data within a set of sensors such that capture of any ¡ sensors does not reveal that data to the adversary; (2) ¢-authentication which ensures that authentication is achieved with every uncompromised sensor in the broadcast range of a client ( ¢ denotes the number of nodes in that broadcast range); and (3) ¢-authorization, an authorization primitive with similar properties like ¢-authentication. We present a generic ¡-robust protocol for implementing access control using these primitives.

Realizing Robust User Authentication in Sensor Networks

We investigate how to organize access control to the WSN data in such a way that an unauthorized entity (the adversary) cannot make arbitrary queries to the WSN. We call this problem authenticated querying. Roughly, this means that whenever the sensor nodes process a query, they should be able to verify that the query comes from a legitimate user. Authenticated querying is especially challenging if the adversary can gain full control over some sensor nodes through physical access (node capture attack). We propose first solution to this problem and present our experiments with an implementation of the first step of this solution