Professional Documents
Culture Documents
Abstract—The fusion of peer-to-peer (P2P) fog network and model is shown in Fig. 1. It comprises the IoT, fog, and the
the traditional three-tier fog computing architecture allows fog cloud layers. The IoT (or lower) layer consists of smart devices
devices to conjointly pool their resources together for improved which collect and offload humongous heterogeneous data to
service provisioning and better bandwidth utilization. However,
any authorized access to the fog network may have calami- the fog servers in the fog (or middle) layer. Depending on the
tous consequences. In this paper, a new lightweight two-party offloading model, the fog nodes may process or offload the
authenticated and key agreement (AKA) protocol is proposed data to a neighboring fog node or cloud servers.
for fog-to-fog collaboration. The security analysis of the pro-
tocol reveals that it is resilient to possible attacks. Moreover,
the validation of the protocol conducted using the broadly-
accepted Automated Verification of internet Security Protocols
and Applications (AVISPA) shows that it is safe for practical
deployment. The performance evaluation in terms of computation
and communication overheads demonstrates its transcendence
over the state-of-the-art protocols.
Index Terms—Fog computing, Authentication Protocol,
AVISPA, IoT, Collaboration
I. I NTRODUCTION
One notable technological advancement in the last decade is
the advent of Internet of Things (IoT), where numerous smart
devices embedded with sensors, chips, and actuators collect,
store, analyze, and transmit information with the support of
their hardware devices and IP addresses – thanks to the
Internet. In the conventional cloud computing architecture,
an end user can directly offload its service requests to a
centralized cloud server which has huge resources. However,
the technology suffers several drawbacks, such as high la-
tency, network congestion, low bandwidth usage, security, and
privacy issues [1]. The introduction of IoT exacerbates the
issue due to the ultra-low latency and security requirements
for realtime and mission-critical applications such as virtual Fig. 1. A Three-tier Fog Computing Architecture
reality, augmented reality, tele-surgery, traffic management,
etc., as well as the resource-constrained nature of IoT devices. In recent times, many researchers are directing their efforts
Recently, the concept of fog computing was introduced to toward the design of P2P fog computing models where fog
address the foregoing challenges in cloud computing. The idea devices concertedly pool their resources (e.g., storage, process-
is to extend the traditional cloud computing architecture by ing, data management, networking, etc.) to provide services to
bringing resources to the network’s edge and very close to end users [2]–[4]. The fog-to-fog collaborative model provides
the end users [2]. Fog computing offers services to end users very useful benefits especially when there is intermittent or no
in a distributed way and supports delay-sensitive, realtime, connection with the cloud servers. For instance, when there is a
and mission-critical applications. A three-tier fog computing natural disaster (e.g., earthquake, tsunami, etc.) in the premises
of a cloud service provider and the cloud becomes unavailable between a smart device and a cloud server. Maarof et al.
[2]. Moreover, since the intention behind fog computing is to [10] developed an improved authentication protocol for IoT
complement the cloud computing and bring resources closer to based on elliptic curve cryptography (ECC) where an end
end users, it is imperative to ensure that the bulk of the tasks device and a cloud server can authenticate each other and
is executed at the fog layer while only the computationally- compute a secret key for secure future communications. A
intensive, latency-tolerant, and those requiring long-term stor- new authentication scheme based on bilinear pairing was
age are offloaded to the cloud. Considering the heterogeneous constructed in [11]. The scheme prevents unauthorized access
and mobility of fog devices as well as the distributed nature of to the IoT network by allowing an embedded device and
the fog computing architecture, the security of the information a cloud server to communicate securely using a pre-shared
transmitted is paramount and critical since fog nodes may be secret key. Li et al. [12] also designed a new protocol known
used to process sensitive information such as biomedical data. as AEP-PPA for mobile communication in IoT environment.
Besides, because the communication is done over an insecure
(or open) channel, any unauthorized access may disastrous In the context of fog computing, there have been some
consequences. Therefore, to fully exploit the potentials of studies focusing on the design of AKA protocols for fog-based
fog-to-fog collaborative model, we design an authentication IoT applications. For instance, Chen et al. [13] proposed an
protocol which allows two collaborating fogs to mutually ECC-based AKA scheme for fog computing. The scheme
authenticate each other and share a common secret session allows a mobile user, a fog server, and a cloud service
for secure communication. provider (CSP) to authenticate one another and establish
a unique secret session key. However, the scheme cannot
A. Contributions
achieve mutual authentication because a fog node does
The main contributions of this study are as follows. not confirm the authenticity of the authentication message
• Design of a lightweight mutual authentication and key received from the mobile user. In addition, the scheme cannot
exchange protocol for secure fog-to-fog communication. prevent a replay attack. Wazid et al. [14] developed an AKA
• An extensive informal security analysis is conducted to protocol for fog-supported vehicular network. The protocol
show that the proposed protocol provides the desirable se- provides a mutual authentication between a vehicle and a
curity features and resilience against well-known attacks. fog device, an RSU and a fog device, and a fog device and
• A formal security evaluation using the widely-accepted a cloud server. However, Saleem et al. [15] pointed out that
AVISPA software tool [5]. that the protocol in [14] is prone to impersonation attacks.
• The performance evaluation to demonstrate the loftiness Amin et al. [16] proposed a new scheme where a user, a fog
of the proposed AKA protocol over the state-of-the-art server, and a cloud server can securely communicate via a
schemes. unanimous authentication and an established secret key.