A new hybrid online and offline multi-factor cross-domain authentication method for IoT applications in the automotive industry
Connected vehicles have emerged as the latest revolution in the automotive industry, utilizing the advent of the Internet of Things (IoT). However, most IoT-connected cars mechanisms currently depend on available network services and need continuous network connections to allow users to connect to t...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Published: |
Multidisciplinary Digital Publishing Institute
2021
|
| _version_ | 1825937625542819840 |
|---|---|
| author | Khalid, Haqi Hashim, Shaiful Jahari Syed Ahmad Abdul Rahman, Sharifah Mumtazah Hashim, Fazirulhisyam Chaudhary, Muhammad Akmal |
| author_facet | Khalid, Haqi Hashim, Shaiful Jahari Syed Ahmad Abdul Rahman, Sharifah Mumtazah Hashim, Fazirulhisyam Chaudhary, Muhammad Akmal |
| author_sort | Khalid, Haqi |
| collection | UPM |
| description | Connected vehicles have emerged as the latest revolution in the automotive industry, utilizing the advent of the Internet of Things (IoT). However, most IoT-connected cars mechanisms currently depend on available network services and need continuous network connections to allow users to connect to their vehicles. Nevertheless, the connectivity availability shortcoming in remote or rural areas with no network coverage makes vehicle sharing or any IoT-connected device problematic and undesirable. Furthermore, IoT-connected cars are vulnerable to various passive and active attacks (e.g., replay attacks, MiTM attacks, impersonation attacks, and offline guessing attacks). Adversaries could all use these attacks to disrupt networks posing a threat to the entire automotive industry. Therefore, to overcome this issue, we propose a hybrid online and offline multi-factor authentication cross-domain authentication method for a connected car-sharing environment based on the user’s smartphone. The proposed scheme lets users book a vehicle using the online booking phase based on the secured and trusted Kerberos workflow. Furthermore, an offline authentication phase uses the OTP algorithm to authenticate registered users even if the connectivity services are unavailable. The proposed scheme uses the AES-ECC algorithm to provide secure communication and efficient key management. The formal SOV logic verification was used to demonstrate the security of the proposed scheme. Furthermore, the AVISPA tool has been used to check that the proposed scheme is secured against passive and active attacks. Compared to the previous works, the scheme requires less computation due to the lightweight cryptographic algorithms utilized. Finally, the results showed that the proposed system provides seamless, secure, and efficient authentication operation for the automotive industry, specifically car-sharing systems, making the proposed system suitable for applications in limited and intermittent network connections. |
| first_indexed | 2024-03-06T11:02:22Z |
| format | Article |
| id | upm.eprints-95841 |
| institution | Universiti Putra Malaysia |
| last_indexed | 2024-03-06T11:02:22Z |
| publishDate | 2021 |
| publisher | Multidisciplinary Digital Publishing Institute |
| record_format | dspace |
| spelling | upm.eprints-958412023-03-28T04:08:10Z http://psasir.upm.edu.my/id/eprint/95841/ A new hybrid online and offline multi-factor cross-domain authentication method for IoT applications in the automotive industry Khalid, Haqi Hashim, Shaiful Jahari Syed Ahmad Abdul Rahman, Sharifah Mumtazah Hashim, Fazirulhisyam Chaudhary, Muhammad Akmal Connected vehicles have emerged as the latest revolution in the automotive industry, utilizing the advent of the Internet of Things (IoT). However, most IoT-connected cars mechanisms currently depend on available network services and need continuous network connections to allow users to connect to their vehicles. Nevertheless, the connectivity availability shortcoming in remote or rural areas with no network coverage makes vehicle sharing or any IoT-connected device problematic and undesirable. Furthermore, IoT-connected cars are vulnerable to various passive and active attacks (e.g., replay attacks, MiTM attacks, impersonation attacks, and offline guessing attacks). Adversaries could all use these attacks to disrupt networks posing a threat to the entire automotive industry. Therefore, to overcome this issue, we propose a hybrid online and offline multi-factor authentication cross-domain authentication method for a connected car-sharing environment based on the user’s smartphone. The proposed scheme lets users book a vehicle using the online booking phase based on the secured and trusted Kerberos workflow. Furthermore, an offline authentication phase uses the OTP algorithm to authenticate registered users even if the connectivity services are unavailable. The proposed scheme uses the AES-ECC algorithm to provide secure communication and efficient key management. The formal SOV logic verification was used to demonstrate the security of the proposed scheme. Furthermore, the AVISPA tool has been used to check that the proposed scheme is secured against passive and active attacks. Compared to the previous works, the scheme requires less computation due to the lightweight cryptographic algorithms utilized. Finally, the results showed that the proposed system provides seamless, secure, and efficient authentication operation for the automotive industry, specifically car-sharing systems, making the proposed system suitable for applications in limited and intermittent network connections. Multidisciplinary Digital Publishing Institute 2021 Article PeerReviewed Khalid, Haqi and Hashim, Shaiful Jahari and Syed Ahmad Abdul Rahman, Sharifah Mumtazah and Hashim, Fazirulhisyam and Chaudhary, Muhammad Akmal (2021) A new hybrid online and offline multi-factor cross-domain authentication method for IoT applications in the automotive industry. Energies, 14 (21). art. no. 7437. pp. 1-34. ISSN 1996-1073 https://www.mdpi.com/1996-1073/14/21/7437 10.3390/en14217437 |
| spellingShingle | Khalid, Haqi Hashim, Shaiful Jahari Syed Ahmad Abdul Rahman, Sharifah Mumtazah Hashim, Fazirulhisyam Chaudhary, Muhammad Akmal A new hybrid online and offline multi-factor cross-domain authentication method for IoT applications in the automotive industry |
| title | A new hybrid online and offline multi-factor cross-domain authentication method for IoT applications in the automotive industry |
| title_full | A new hybrid online and offline multi-factor cross-domain authentication method for IoT applications in the automotive industry |
| title_fullStr | A new hybrid online and offline multi-factor cross-domain authentication method for IoT applications in the automotive industry |
| title_full_unstemmed | A new hybrid online and offline multi-factor cross-domain authentication method for IoT applications in the automotive industry |
| title_short | A new hybrid online and offline multi-factor cross-domain authentication method for IoT applications in the automotive industry |
| title_sort | new hybrid online and offline multi factor cross domain authentication method for iot applications in the automotive industry |
| work_keys_str_mv | AT khalidhaqi anewhybridonlineandofflinemultifactorcrossdomainauthenticationmethodforiotapplicationsintheautomotiveindustry AT hashimshaifuljahari anewhybridonlineandofflinemultifactorcrossdomainauthenticationmethodforiotapplicationsintheautomotiveindustry AT syedahmadabdulrahmansharifahmumtazah anewhybridonlineandofflinemultifactorcrossdomainauthenticationmethodforiotapplicationsintheautomotiveindustry AT hashimfazirulhisyam anewhybridonlineandofflinemultifactorcrossdomainauthenticationmethodforiotapplicationsintheautomotiveindustry AT chaudharymuhammadakmal anewhybridonlineandofflinemultifactorcrossdomainauthenticationmethodforiotapplicationsintheautomotiveindustry AT khalidhaqi newhybridonlineandofflinemultifactorcrossdomainauthenticationmethodforiotapplicationsintheautomotiveindustry AT hashimshaifuljahari newhybridonlineandofflinemultifactorcrossdomainauthenticationmethodforiotapplicationsintheautomotiveindustry AT syedahmadabdulrahmansharifahmumtazah newhybridonlineandofflinemultifactorcrossdomainauthenticationmethodforiotapplicationsintheautomotiveindustry AT hashimfazirulhisyam newhybridonlineandofflinemultifactorcrossdomainauthenticationmethodforiotapplicationsintheautomotiveindustry AT chaudharymuhammadakmal newhybridonlineandofflinemultifactorcrossdomainauthenticationmethodforiotapplicationsintheautomotiveindustry |