Abstract
Driven by the demand for cost-effective vehicle access, enhanced flexibility, and sustainable transportation practices, smart car-sharing has emerged as a prominent alternative to traditional vehicle rental systems. Leveraging the Internet of Vehicles (IoV) and wireless communication, these systems feature dynamic renter-vehicle mappings, enabling users to access any available vehicle rather than being restricted to a specific one pre-assigned by the service provider. However, many existing schemes in the IoV field conflate users and vehicles, complicating the identification and tracking of the vehicle's actual driver. Moreover, most current authentication protocols rely on a strict, initial binding between a user and a vehicle, rendering them unsuitable for the dynamic nature of car-sharing environments. To address these challenges, we propose an enhanced certificateless signature scheme tailored for smart car-sharing. By employing a biometric fuzzy extractor and the Chinese Remainder Theorem, our scheme provides a fine-grained authentication mechanism that eliminates the need for local computations on the user's side, meaning users do not require a smartphone or other digital device. Furthermore, our scheme introduces category identifiers to facilitate vehicle selection based on specific classes within car-sharing contexts. A formal security analysis demonstrates that our scheme is existentially unforgeable against adversaries under the random oracle model. Finally, a comprehensive evaluation shows that our proposed scheme achieves competitive performance in terms of computational and communication overhead while offering enhanced practical functionalities.