Blockchain-Assisted Personalized Car Insurance With Privacy Preservation and Fraud Resistance

It is well known that auto insurance companies (ICs) use personalized car insurance (PCI) to continuously track drivers' behavior to determine their auto premiums. However, drivers inevitably have concerns about the transparency of data collection/processing and the potential privacy leakage. In this paper, we propose a new PCI scheme to achieve privacy preservation and transparency with the assistance of a consortium blockchain. Specifically, a blockchain is first established by a group of consortium members, and each IC can deploy insurance contracts on the blockchain to support public verification of data collection/processing and thus fulfill the transparency requirement. Then a verifiable and privacy-preserving driving behavior evaluation protocol is designed by tailoring partially homomorphic encryption and zero-knowledge proof techniques. Drivers can use the protocol to interact with ICs through the contracts, and ICs can learn drivers' behavior and set corresponding auto premiums by analyzing encrypted driving data. Furthermore, a third-party auditor (TPA) is authorized by drivers and ICs to audit encrypted driving data on the contracts and resist fraud attacks. We model the contract-based auditing as a recursive inspection game where TPA can minimize the number of audits to detect data fraud and penalize malicious drivers according to Nash equilibrium. Therefore, the proposed PCI scheme can guarantee that most of the collected driving data are not biased. Formal simulation-based security analysis is given to prove the security of the proposed scheme, and a proof-of-concept prototype is also developed on an open-source blockchain to demonstrate the feasibility.