Abstract
Fog computing is a computing structure which is distributed in nature. Low latency, reasonably low communication overhead and ability to support real time applications are the reasons for which fog computing approach said to provide better performance than cloud computing. Although, it is an extension of the cloud computing. Fog computing also inherits some critical security and privacy issues of cloud computing. Secure key management and user authentication are among the key issues faced by fog computing. Various schemes with probable solutions of these issues have been proposed by many authors in this context. Among them, a notable scheme has been presented by Wajid et al. known as SAKA-FC, where authors used three-factor authentication with privacy preservation for remote user based on ECC, hash functions, fuzzy extractor and symmetric bivariate polynomial function. This paper analyses the SAKA-FC protocol and found that it is not resilient against fog server insider attack, message intercept attack and replay attack. Consequently, an improved, lightweight and secure authentication scheme in context of fog-centric IoT communication is proposed in this paper to eradicate all the above mentioned security shortfalls of Wajid et al scheme. The proposed scheme is verified using mathematical security analysis and simulated using AVISPA which proves that the proposed scheme prevents all pertinent security threats. The performance analysis of our scheme proves its effectiveness over other related existing schemes in this context.
Similar content being viewed by others
References
Wazid M, Das AK, Kumar N, Vasilakos AV (2019) Design of secure key management and user authentication scheme for fog computing services. Future Gener Comput Syst 91:475–492
Martini B, Choo KKR (2012) An integrated conceptual digital forensic framework for cloud computing. Digit Investig 9(2):71–80
Hu P, Ning H, Qiu T, Song H, Wang Y, Yao X (2017) Security and privacy preservation scheme of face identification and resolution framework using fog computing in internet of things. IEEE Internet Things J 4(5):1143–1155
Abdul W, Ali Z, Ghouzali S, Alfawaz B, Muhammad G, Hossain MS (2017) Biometric security through visual encryption for fog edge computing. IEEE Access 5:5531–5538
Koo D, Hur J (2018) Privacy-preserving deduplication of encrypted data with dynamic ownership management in fog computing. Future Gener Comput Syst 78:739–752
Wang H, Wang Z, Domingo-Ferrer J (2018) Anonymous and secure aggregation scheme in fog-based public cloud computing. Future Gener Comput Syst 78:712–719
Jia X, He D, Kumar N, Choo KKR (2019) Authenticated key agreement scheme for fog-driven IoT healthcare system. Wirel Netw 25(8):4737–4750
Rostampour S, Safkhani M, Bendavid Y, Bagheri N (2020) ECCbAP: a secure ECC-based authentication protocol for IoT edge devices. Pervasive Mob Comput 67:101194
Wu TY, Wang T, Lee YQ, Zheng W, Kumari S, Kumar S (2021) Improved authenticated key agreement scheme for fog-driven IoT healthcare system. Secur Commun Netw 2021:1–16
Wu TY, Lee Z, Yang L, Luo JN, Tso R (2021) Provably secure authentication key exchange scheme using fog nodes in vehicular ad hoc networks. J Supercomput 77:1–29
Jan SU, Qayum F, Khan HU (2021) Design and analysis of lightweight authentication protocol for securing IoD. IEEE Access 9:69287–69306
Banerjee S, Das AK, Chattopadhyay S, Jamal SS, Rodrigues JJ, Park Y (2021) Lightweight failover authentication mechanism for IoT-based fog computing environment. Electronics 10(12):1417
Rangwani D, Om H (2021) A secure user authentication protocol based on ECC for cloud computing environment. Arab J Sci Eng 46(4):3865–3888
Adhikari S, Ray S, Obaidat MS, Biswas GP (2020) Efficient and secure content dissemination architecture for content centric network using ECC-based public key infrastructure. Comput Commun 157:187–203
Sadhukhan D, Ray S, Biswas GP, Khan MK, Dasgupta M (2021) A lightweight remote user authentication scheme for IoT communication using elliptic curve cryptography. J Supercomput 77(2):1114–1151
Rangwani D, Sadhukhan D, Ray S, Khan MK, Dasgupta M (2021) An improved privacy preserving remote user authentication scheme for agricultural wireless sensor network. Trans Emerg Telecommun Technol 32(3):1–31
Miao Y, Ma J, Liu X, Weng J, Li H, Li H (2018) Lightweight fine-grained search over encrypted data in fog computing. IEEE Trans Serv Comput 12(5):772–785
Sowjanya K, Dasgupta M, Ray S, Obaidat MS (2019) An efficient elliptic curve cryptography-based without pairing KPABE for Internet of Things. IEEE Syst J 14(2):2154–2163
Li X, Peng J, Obaidat MS, Wu F, Khan MK, Chen C (2019) A secure three-factor user authentication protocol with forward secrecy for wireless medical sensor network systems. IEEE Syst J 14(1):39–50
Harbi Y, Aliouat Z, Refoufi A, Harous S, Bentaleb A (2019) Enhanced authentication and key management scheme for securing data transmission in the internet of things. Ad Hoc Netw 94:101948
Ali Z, Chaudhry SA, Mahmood K, Garg S, Lv Z, Zikria YB (2021) A clogging resistant secure authentication scheme for fog computing services. Comput Netw 185:107731
Ray S, Biswas GP, Dasgupta M (2016) Secure multi-purpose mobile-banking using elliptic curve cryptography. Wirel Pers Commun 90(3):1331–1354
Ray S, Biswas GP (2012) Establishment of ECC-based initial secrecy usable for IKE implementation. In: Proceedings of the world congress on engineering, vol 1, pp 530–535
Ray S, Biswas GP (2012) An ECC based public key infrastructure usable for mobile applications. In: Proceedings of the second international conference on computational science, engineering and information technology, pp 562–568
Chatterjee U, Sadhukhan D, Ray S (2020) An improved authentication and key agreement protocol for smart healthcare system in the context of Internet of Things using elliptic curve cryptography. In: Proceedings of international conference on IoT inclusive life (ICIIL 2019), NITTTR Chandigarh, India. Springer, Singapore, pp 11–22
Islam SH, Amin R, Biswas GP, Farash MS, Li X, Kumari S (2017) An improved three party authenticated key exchange protocol using hash function and elliptic curve cryptography for mobile-commerce environments. J King Saud Univ Comput Inf Sci 29(3):311–324
Stallings W (2006) Cryptography and network security, 4/E. Pearson Education India
Mahmood K, Chaudhry SA, Naqvi H, Kumari S, Li X, Sangaiah AK (2018) An elliptic curve cryptography based lightweight authentication scheme for smart grid communication. Futur Gener Comput Syst 81:557–565
Sowjanya K, Dasgupta M, Ray S (2020) An elliptic curve cryptography based enhanced anonymous authentication protocol for wearable health monitoring systems. Int J Inf Secur 19(1):129–146
Adhikari S, Ray S (2019) A Lightweight and secure IoT communication framework in content-centric network using elliptic curve cryptography. In: Recent trends in communication, computing, and electronics. Springer, Singapore, pp 207–216
Shafiq A, Altaf I, Mahmood K, Kumari S, Chen CM (2020) An ECC based remote user authentication protocol. J Internet Technol 21(1):285–294
Chen CM, Huang Y, Wang KH, Kumari S, Wu ME (2020) A secure authenticated and key exchange scheme for fog computing. Enterp Inf Syst 15(9):1200–1215
Amin R, Kunal S, Saha A, Das D, Alamri A (2020) CFSec: Password based secure communication protocol in cloud-fog environment. J Parallel Distrib Comput 140:52–62
Li CT, Hwang MS, Chu YP (2008) A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks. Comput Commun 31(12):2803–2814
Li W, Wen Q, Su Q, Jin Z (2012) An efficient and secure mobile payment protocol for restricted connectivity scenarios in vehicular ad hoc network. Comput Commun 35(2):188–195
He D, Kumar N, Lee JH, Sherratt RS (2014) Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Trans Consum Electron 60(1):30–37
Acknowledgements
The research work is supported by Ministry of Education, Govt of India. Muhammad Khurram Khan is supported by researchers supporting Project Number (RSP-2021/12), King Saud University, Riyadh, Saudi Arabia.
Author information
Authors and Affiliations
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Chatterjee, U., Ray, S., Khan, M.K. et al. An ECC-based lightweight remote user authentication and key management scheme for IoT communication in context of fog computing. Computing 104, 1359–1395 (2022). https://doi.org/10.1007/s00607-022-01055-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00607-022-01055-8