A Secure Mutual authentication approach to fog computing environment

Abstract

Fog computing is a new emerging technology that complements the cloud and extends the services of cloud computing to be closer to the end devices. The cloud is usually located far from the devices which use their services and some of the recent research suggests that using a fog server as a nearby lightweight middleware can bridge the gap and provides rich resources closer to the end devices. Security is a crucial factor for the appropriate functioning of fog computing. In particular, authentication and key exchange are significant challenges which need to be taken into consideration in fog computing. Ensuring secure mutual authentication is very important for the security of fog computing since fog servers provide services to number of end users. However, the existing mutual authentication schemes are either having large computational overheads or are not able to achieve secure mutual authentication. In this paper, we propose a fog-based mutual authentication scheme using low-cost primitives such as Elliptic Curve Cryptography (ECC) and one-way hash functions. We also present the formal security analysis of our authentication approach to show that it protects all the interacting entities against various known cyber attacks. In addition, we validate our authentication scheme using the SPAN of AVISPA tool to confirm that it protects end users against several attacks. We evaluate our proposed authentication approach by comparing it against state-of-the-art authentication schemes. Finally, through a case study and performance evaluation, we illustrate that our approach provides a secure and lightweight mutual key exchange protocol between three parties: the cloud, fog and edge devices.