Abstract: The application of the Internet of Things has been greatly expanded; meanwhile, real-time and efficient communication has become an important feature of the Internet of Things. However, the centralized characteristics of cloud computing cannot meet the needs of low latency and high computing efficiency. To solve these issues, we utilized fog computing which is a new distributed computing paradigm that extends cloud services to the edge of the network, with mobility and low latency. Nevertheless, fog computing also brings new security issues, especially identity authentication. Authentication and key exchange are significant challenges that need to be taken into consideration in fog computing. We proposed the architecture of the mutual authentication key establishment scheme based on elliptic curve cryptography for fog computing. After mutual authentication, the cloud server can transfer the remaining verification work to fog nodes. Fog nodes will be responsible for authenticating the device and distributing the established session key, thereby reducing the computational cost of the cloud server. After mutual authentication is completed, the cloud server, fog nodes, and devices can communicate with each other. The Security of the proposed scheme proved that it is strong enough against several attacks