A New Hybrid Online and Offline Multi-Factor Cross-Domain Authentication Method for IoT Applications in the Automotive Industry

Haqi Khalid; Shaiful Jahari Hashim; Sharifah Mumtazah Syed Ahmad; Fazirulhisyam Hashim; Muhammad Akmal Chaudhary

doi:10.3390/en14217437

Energies (Nov 2021)

A New Hybrid Online and Offline Multi-Factor Cross-Domain Authentication Method for IoT Applications in the Automotive Industry

Haqi Khalid,
Shaiful Jahari Hashim,
Sharifah Mumtazah Syed Ahmad,
Fazirulhisyam Hashim,
Muhammad Akmal Chaudhary

Affiliations

Haqi Khalid: Department of Computer and Communication Systems Engineering, Faculty of Engineering, Universiti Putra Malaysia, Serdang 43400, Malaysia
Shaiful Jahari Hashim: Department of Computer and Communication Systems Engineering, Faculty of Engineering, Universiti Putra Malaysia, Serdang 43400, Malaysia
Sharifah Mumtazah Syed Ahmad: Department of Computer and Communication Systems Engineering, Faculty of Engineering, Universiti Putra Malaysia, Serdang 43400, Malaysia
Fazirulhisyam Hashim: Department of Computer and Communication Systems Engineering, Faculty of Engineering, Universiti Putra Malaysia, Serdang 43400, Malaysia
Muhammad Akmal Chaudhary: Department of Electrical and Computer Engineering, College of Engineering and Information Technology, Ajman University, Ajman 346, United Arab Emirates

DOI: https://doi.org/10.3390/en14217437
Journal volume & issue: Vol. 14, no. 21
p. 7437

Abstract

Read online

Connected vehicles have emerged as the latest revolution in the automotive industry, utilizing the advent of the Internet of Things (IoT). However, most IoT-connected cars mechanisms currently depend on available network services and need continuous network connections to allow users to connect to their vehicles. Nevertheless, the connectivity availability shortcoming in remote or rural areas with no network coverage makes vehicle sharing or any IoT-connected device problematic and undesirable. Furthermore, IoT-connected cars are vulnerable to various passive and active attacks (e.g., replay attacks, MiTM attacks, impersonation attacks, and offline guessing attacks). Adversaries could all use these attacks to disrupt networks posing a threat to the entire automotive industry. Therefore, to overcome this issue, we propose a hybrid online and offline multi-factor authentication cross-domain authentication method for a connected car-sharing environment based on the user’s smartphone. The proposed scheme lets users book a vehicle using the online booking phase based on the secured and trusted Kerberos workflow. Furthermore, an offline authentication phase uses the OTP algorithm to authenticate registered users even if the connectivity services are unavailable. The proposed scheme uses the AES-ECC algorithm to provide secure communication and efficient key management. The formal SOV logic verification was used to demonstrate the security of the proposed scheme. Furthermore, the AVISPA tool has been used to check that the proposed scheme is secured against passive and active attacks. Compared to the previous works, the scheme requires less computation due to the lightweight cryptographic algorithms utilized. Finally, the results showed that the proposed system provides seamless, secure, and efficient authentication operation for the automotive industry, specifically car-sharing systems, making the proposed system suitable for applications in limited and intermittent network connections.

Published in Energies

ISSN: 1996-1073 (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Technology
Website: http://www.mdpi.com/journal/energies

About the journal

Abstract

Keywords