Fog computing is a new computing model with limited resources located near the Internet of Things (IoT) devices to provide low transmission delay, mobility, and location awareness services. However, fog technology not only extends the cloud resources but also inherits its properties and security problems, such as device capture, man-in-the-middle, secret key compromise, identity impersonation, and message replay attacks. These vulnerabilities pose significant risks to the integrity of IoT-fog communications. Nevertheless, the existing mutual authentication approaches either suffer from high computational overheads or fail to provide secure mutual authentication. To address this gap, this paper introduces LAAKA, a Lightweight Anonymous Authentication and Key Agreement scheme. Considering the constrained resources of IoT and fog devices, LAAKA utilizes lightweight operations such as hash function and bitwise XOR. Its main objective is to facilitate mutual authentication and establish secure session keys between IoT devices and fog servers, making it useful for various IoT applications. We validate the robustness of LAAKA against various security threats by conducting comprehensive formal security analysis, including Burrows-Abadi-Needham (BAN) logic and Random Oracle Model (ROM), as well as informal analysis. The efficacy of our scheme is further demonstrated through evaluation with the Scyther tool. Compared to other proposed authentication approaches, the results illustrate the superior performance and efficiency of our approach in enhancing the security features, minimizing the computational cost, and optimizing storage utilization.
Read full abstract