Abstract
Connected vehicles have emerged as the latest revolution in the automotive industry, utilizing the advent of the Internet of Things (IoT). However, most IoT-connected cars mechanisms currently depend on available network services and need continuous network connections to allow users to connect to their vehicles. Nevertheless, the connectivity availability shortcoming in remote or rural areas with no network coverage makes vehicle sharing or any IoT-connected device problematic and undesirable. Furthermore, IoT-connected cars are vulnerable to various passive and active attacks (e.g., replay attacks, MiTM attacks, impersonation attacks, and offline guessing attacks). Adversaries could all use these attacks to disrupt networks posing a threat to the entire automotive industry. Therefore, to overcome this issue, we propose a hybrid online and offline multi-factor authentication cross-domain authentication method for a connected car-sharing environment based on the user’s smartphone. The proposed scheme lets users book a vehicle using the online booking phase based on the secured and trusted Kerberos workflow. Furthermore, an offline authentication phase uses the OTP algorithm to authenticate registered users even if the connectivity services are unavailable. The proposed scheme uses the AES-ECC algorithm to provide secure communication and efficient key management. The formal SOV logic verification was used to demonstrate the security of the proposed scheme. Furthermore, the AVISPA tool has been used to check that the proposed scheme is secured against passive and active attacks. Compared to the previous works, the scheme requires less computation due to the lightweight cryptographic algorithms utilized. Finally, the results showed that the proposed system provides seamless, secure, and efficient authentication operation for the automotive industry, specifically car-sharing systems, making the proposed system suitable for applications in limited and intermittent network connections.
Highlights
The Internet of Things (IoT) paradigm has profoundly affected the automotive industry and its long-term prospects [1,2]
Offline Authentication: The car or any IoT-connected devices solutions depend on connected vehicles, which restricts their functional areas to areas with a stable network link
This paper proposed a hybrid online–offline multi-factor cross-domain authentication method for IoT applications in the automotive industry, especially car-sharing systems
Summary
The Internet of Things (IoT) paradigm has profoundly affected the automotive industry and its long-term prospects [1,2]. Suppliers, and service providers will benefit from unprecedented data collecting, easy connectivity, locationbased utilities, personalized insurance benefits, intelligent diagnostics, and assisted driving as the Internet of Things (IoT) is introduced to cars [6,7]. These opportunities are essential somehow, they are only as good as their weakest link [8]. Automakers emphasize their connected features, which range from on-board Wi-Fi to mobile applications that monitor locks and even start vehicles. The one-time password (OTP) is added to the offline authentication to allow the user to access offline mode when the connectivity is unavailable in regions with poor network availability
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
