%0 Conference Paper %1 CarSharing2017 %A Dmitrienko, Alexandra %A Plappert, Christian %B ACM Conference on Data and Application Security and Privacy (CODASPY) %D 2017 %K International-Conference-Workshop-Papers-Book-Chapters myown %T Secure Free-Floating Car Sharing for Offline Cars %X In this paper, we present a new access control system for free-floating car sharing, which achieves a number of appealing features not available in the state-of-the-art solutions.First of all, it does not require online connection for cars,and, therefore, allows car sharing providers to expand their services to areas without reliable network coverage (e.g., with blind spots). Second, the solution is compatible to RFID cards – the most commonly deployed authentication token sin car sharing, and can be deployed on standard mobile platforms with various hardware features. Third, it is fully compatible with off-the-shelf cars and does not require any intrusive modifications to car’s internals.These new properties can be achieved due to a novel system design which deploys two-factor authentication and combines an RFID card (the real one or emulated in software) with a”soft” authentication token stored on a mobile platform. Such a combination increases security of the solution, preserves backward compatibility to RFID technology and enables great flexibility in protection of authentication secrets on the mobile platform. To demonstrate such a flexibility, we present a platform security concept which can be instantiate din various deployment options and provides the means to achieve best possible security given available hardware.We implemented our solution on Android and instantiated the platform security concept in three different deployment options. We evaluate security of our solution and report performance measurements

@inproceedings{CarSharing2017, abstract = {In this paper, we present a new access control system for free-floating car sharing, which achieves a number of appealing features not available in the state-of-the-art solutions.First of all, it does not require online connection for cars,and, therefore, allows car sharing providers to expand their services to areas without reliable network coverage (e.g., with blind spots). Second, the solution is compatible to RFID cards – the most commonly deployed authentication token sin car sharing, and can be deployed on standard mobile platforms with various hardware features. Third, it is fully compatible with off-the-shelf cars and does not require any intrusive modifications to car’s internals.These new properties can be achieved due to a novel system design which deploys two-factor authentication and combines an RFID card (the real one or emulated in software) with a”soft” authentication token stored on a mobile platform. Such a combination increases security of the solution, preserves backward compatibility to RFID technology and enables great flexibility in protection of authentication secrets on the mobile platform. To demonstrate such a flexibility, we present a platform security concept which can be instantiate din various deployment options and provides the means to achieve best possible security given available hardware.We implemented our solution on Android and instantiated the platform security concept in three different deployment options. We evaluate security of our solution and report performance measurements}, added-at = {2020-05-03T20:09:10.000+0200}, author = {Dmitrienko, Alexandra and Plappert, Christian}, biburl = {https://www.bibsonomy.org/bibtex/23a034f2d5735a899d57bd811b9dab9bd/sssgroup}, booktitle = { ACM Conference on Data and Application Security and Privacy (CODASPY)}, interhash = {b0d91c603956ca7c4c692e149d445b9d}, intrahash = {3a034f2d5735a899d57bd811b9dab9bd}, keywords = {International-Conference-Workshop-Papers-Book-Chapters myown}, month = mar, pdf = {https://se2.informatik.uni-wuerzburg.de/pa/publications/download/paper/1542.pdf}, timestamp = {2022-12-19T21:25:01.000+0100}, title = {Secure Free-Floating Car Sharing for Offline Cars}, venue = {ACM CODASPY}, year = 2017 }