The manipulation of odometers in cars is a major annoyance and is considered fraud under German law. The resulting economic damage is enormous. According to estimates by TÜV Rheinland, it can be assumed that one third of all used cars sold in Germany have odometers which have been manipulated /1, 2/. For the buyer, this translates into an average loss of 3,000 euros. The damages amount to approx. 6 billion euros per year /3/. As a result, there is quite a bit of skepticism on the part of customers. More than 60 percent distrust dealers and private sellers. A third of people are even skeptical about brand dealers /2/.
Back in the days, manipulating an odometer required quite a bit of finesse and a good dose of muscle. Nowadays, odometers can be manipulated quickly and simply with the right technology. For example, the police in Munich confiscated a car in 2011 with a registered mileage of 150,000 kilometers on the odometer even though the car had actually run more than 700,000 kilometers /1/.
One approach to prevent this type of fraud would be to write the mileage of all passen-ger vehicles into a database that is protected from manipulation. This type of database technology already exists in the form of blockchain databases. Using a blockchain would simply and thoroughly prevent all types of odometer manipulation. It would dissolve the foundation for the entire fraud industry and push it out of the market.
A simple explanation of blockchain
A blockchain is a database with two elementary characteristics. It is considered safe from manipulation due to an extremely complex encryption system. In addition, copies of the database are distributed all over the Internet which would all have to be manipulated in order to falsify a database entry. Looking at the status of research technology today, billions would have to be invested in order to simply change one odometer.
A technical explanation of blockchain
Blockchain is a technology used for storing data. Imagine a blockchain as a chain of data blocks. In contrast to a conventional database, the data is not saved on a central server. /8/.
Johannes Kuhn provides a good and short definition in the Süddeutsche Zeitung /7/:
“The blockchain is a digital bank statement for transactions between computers which records every change and saves it decentralized and transparently on many different computers. This makes it impossible (or possible only with enormous efforts) to manipulate this information which has already been verified.”
The blockchain principle is: “Logically centralized, organizationally decentralized” /1/. The principle of a blockchain is a decentralized database which provides a constantly growing list of transaction data sets. The database expands chronologically linearly, comparable to a chain to which elements are constantly added at the lower end (therefore the term “blockchain”). Once a block is complete, the next one is created /9/.
Important terminology about blockchain
Transaction: Designates the content to be saved in a blockchain. These transactions are created by the participants of the system. They can either display the entire content, such as a financial transaction, or simply represent a link to further information, such as for extensive smart contracts.
Blocks: Transactions are summarized into blocks which are cryptographically protected from being changed. Mining creates blocks which function through a process called “proof of work” in the case of the BitCoin blockchain and most other current implementations.
Distribution and decentralization: An important feature of the blockchain is the distributed nature of the system in which each node in the system receives at least part of the blockchain as a copy. Changes can be made in various nodes which are then communicated to the central system.
Mining: Mining is a service which ensures that a blockchain remains consistent, complete and not modified or at least hardly modified. To do so, it constantly summarizes the new transactions into groups, each of which represents a block. It also contains information linking it to the previous block. It is through this process that the blockchain is created.
Proof of work: For a proof of work, miners have to find a number called “nonce” for which the hash of the block content together with nonce is smaller than the “difficult target” of the network. The term “nonce” is derived from the expression “number used once”. Nonce are number or letter combinations which are only used one single time in each context. After a certain number of blocks, the system is regularly adjusted. The objective is to receive a new block approximately every ten minutes.
Reward: The reward is required – at least in public, anonymous implementations of blockchains – and should motivate the entities involved to assume the calculation-intensive mining task. The BitCoin system, for example, rewards successful miners with newly created BitCoins.
Confirmation: Confirmations are not confirmations in the traditional sense. They designate the number of blocks, including that of a specific transaction, which were added to the blockchain. In order to reduce the risk of abuse, recipients of BitCoin payments can wait for one or several confirmations, for example. The more blocks once waits for, the longer the confirmation will take.
The terminology was used followed /6/.
How can a blockchain be used in this scenario?
No matter what kind of safeguards car manufacturers invent to securely store the mile-age of a car on its on-board computer, it will always be possible to find a way to circum-vent these mechanisms. Basic problem: If a system uses an encryption and a dec-ryption is required for reading this information, the entire encryption and decryption process is available within the same system and can be compromised by an attack much more easily than if the decryption is distributed to a second system. When the system (e.g. the on-board computer) is replaced and the mileage is set again by the garage, a potential attack vector is the result.
If this data is stored outside of the vehicle, manipulations will become much more diffi-cult already. The blockchain technology, secure against manipulation, is virtually predestined for this type of use.
How does the whole thing work in practice?
Using the emerging vehicle network, each vehicle will regularly write its own mileage with a specification of its vehicle identification number (VIN) into a decentralized data-base. One entry per week would be a possibility. The data could be transmitted using a SIM card located in the vehicle. When a vehicle is sold, the buyer can check the last entry in the database. The current mileage of the vehicle can then only be somewhat higher or equal to the entry of the database. Attempting to manipulate the database would require serious financial expenditures for a possible value increase of max. a few thousand euros. Vehicles meanwhile transmit so much information to manufacturers that the transmission of the information regarding mileage can be ignored in theory for now.
Current attempts at stopping odometer manipulation /4/ and their wrong approaches
- The ADAC (German Automotive Association) is demanding a technical solution from car manufacturers to stop odometer manipulation by garages, dealers or service providers.
Assessment: As previously mentioned, any on-board solution of storing mileages is by definition unsafe. Closed systems live off secrets. In the IT world, such systems are called “security through obscurity”. And this approach corresponds to placing the key under the doormat. The moment a secret carrier reveals his secret, the entire encryption becomes invalid.
- The AvD (Automotive Club of Germany), however, is demanding a database solution which will document the mileage from every car and protect it from manipulation.
Assessment: This comes close to a blockchain but if the database is operated by one single company, control would be passed to a third party which would not necessarily be trustworthy.
- The KÜS (Vehicle Monitoring Organization of Independent Vehicle Experts) prefers a database solution in combination with the use of an odometer spy: a device which determines the degree of wear of engines using ultrasound technology and a special software in order to draw conclusions about the accuracy of the mileage presented on the odometer.
Assessment: This approach is comparable to asking a crystal ball for information. It is highly unlikely that valid data about the mileage of a car can be obtained through ultrasound. Extensive trials would have to take place first. Simply imagine that you only drove 50,000 kilometers with a particular car but the test reveals that the condition of the car corresponds to 100,000 kilometers. Good luck with the compensation claims against the manufacturer.
In Germany, the introduction of an official car life story is a small challenge considering the legal situation. Fact is that the vehicle identification number (VIN) is subject to data protection /3/. One option to overcome this challenge while adhering to legal regula-tions would be crypto-hash functions (one-time functions used for encryption purposes). Their result would make it impossible to conclude anything about the initial value. A possible solution would be, for example, using the VIN and a private key for the generation of the hash-value per entry. The unique key could be created during the first registration of a vehicle in the database. The following calculation will show how complex the calculation from the hash-value back to a specific VIN would be.
SHA-256 /5/ is used as hash-function, the input value consists of min. 200 characters and a character can be selected from a pool of 20 (256 characters would be possible without any problems as well).
20^200 would approximately result in 10^260 combinations. In order to calculate a combina-tion back, 10^260 trial hashes would be required during an attack. 10^15 trial hashes at current energy prices cost approximately 1 euro, even in China, which means 10^201 euros would be required to check all possible input values. By comparison: One billion euro = 10^9.
And if a back calculation actually worked, the result would only be the VIN and the key of the vehicle. To now manipulate the history of the vehicle in the database, the technology of the prior calculation would have to be executed several million times again.
Using a blockchain-based odometer database would make it possible to record the mileage of all vehicles world-wide with moderate resources while adhering to legal regulations and protecting it from manipulation. The vehicles would write their mileage into the blockchain database once per week. Due to the large number of participants in this project and the resulting high degree of distribution of the database across the Internet and the high degree of technical protection against manipulation, any type of odometer manipulation would become uneconomical. One would hope that legislators recognize the potential of a blockchain-based odometer database and aspire to create one.
By the way: If an existing business model is robbed of its right to exist through network-ing, that process is called disruption. Currently, a large part of successful business mod-els is subject to digital disruption.
Published by: R & D faizod, Dresden, Dr. Thomas Kaltofen