New and Simple Offline Authentication Approach using Time-based One-time Password with Biometric for Car Sharing Vehicles

Car sharing provides consumers a flexible peer-to-peer service or station service. However, the connectivity problems are pervasive in remote areas and places with multi-path obstructions with no clear line-of-sight (LoS). In this scenario, availability of the network can be intermittent and is not always guaranteed, especially for untethered wireless networks consisting of mobile vehicles. A conventional online authentication scheme; therefore, is not an effective solution when it comes to securing the vehicles. Also, the malicious attackers could gain access to the vehicles using a replay of the user signal, that is known as a “replay attack” In order to provide an effective authentication approach, we propose an offline authentication approach based on a Time-based One-time Password (TOTP) algorithm. OTP is chosen due to its protection against the notorious replay attack that is popular against keyless start vehicles. It also utilized an additional security biometric factor to enhance the security of the driver’s authentication. The new proposed scheme is divided into online and offline schemes to provide a secure solution. The novelty is that it can enable the authorized drivers to securely start and operate during offline duration just by using their mobile devices. The other car-sharing maintenance operations including registration, booking, telematics monitoring, and location tracking can be performed or synchronized whenever the network is back in connection and reachable within the wireless coverage area.