Privacy-Preserving Mutual Authentication Protocol With Forward Secrecy for IoT–Edge–Cloud
Mohamed Seifelnasr, Riham AlTawy, Amr Youssef, Essam Ghadafi
Abstract
The three-tier IoT–Edge–Cloud paradigm enables low-end devices to use the computation capabilities of the more powerful edge nodes to meet efficiency constraints for real-time applications. Many symmetric-key-based schemes rely on an online trusted cloud admin (CA) to establish session keys between IoT devices and edge nodes. In this study, we propose a new provably-secure mutual authentication privacy-preserving protocol with forward secrecy (MAPFS), which eliminates the requirement for an online CA during IoT authentication. To achieve anonymity, our construction utilizes zero-knowledge proofs and randomizes the IoT authentication request. The security of our construction is based on the well-studied discrete logarithm and decisional Diffie–Hellman assumptions in elliptic curve groups. We formally prove that MAPFS ensures mutual authentication and semantic security for session keys. We also evaluate MAPFS performance in terms of the communication overhead, storage requirements, and computation complexity. Finally, we test the performance of MAPFS on a Raspberry Pi 4 and compare it against other certificate-less protocols.