Abstract
Fog computing improves efficiency and reduces the amount of bandwidth to the cloud. In many use cases, the internet of things (IoT) devices do not know the fog nodes in advance. Moreover, as the fog nodes are often placed in open publicly available places, they can be easily captured. Therefore, it should be ensured that even if the key material is leaked from the fog devices, the previously generated session keys and the identity of the devices can be kept secret, i.e. satisfying anonymity, unlinkability, perfect forward secrecy and resistance against stolen devices attack. Such demands require a multi-factor authentication scheme, which is typically done by providing input of the user with password or biometric data. However, in real use case scenarios, IoT devices should be able to automatically start the process without requiring such manual interaction and also fog devices need to autonomously operate. Therefore, this paper proposes a physical unclonable function (PUF) based mutual authentication scheme, being the first security scheme for a fog architecture, capable of providing simultaneously all these suggested security features. In addition, we also show the resistance against other types of attacks like synchronization and known session specific temporary information attack. Moreover, the scheme only relies on symmetric key based operations and thus results in very good performance, compared to the other fog based security systems proposed in literature.
Similar content being viewed by others
References
Bonomi, F., Milito, R., Zhu, J., & Addepalli, S. (2012). Fog computing and its role in the internet of things. In Proceedings of the First Edition of the MCC Workshop on Mobile Cloud Computing, ACM (pp. 13–16).
Osanaiye, O. A., Chen, S., Yan, Z., Lu, R., Choo, K. K. R., & Dlodlo, M. E. (2017). From cloud to fog computing: A review and a conceptual live vm migration framework. IEEE Access, 5, 8284–8300.
Farahani, B., Firouzi, F., Chang, V., Badaroglu, M., Constant, N., & Mankodiya, K. (2018). Towards fog-driven IoT ehealth: Promises and challenges of IoT in medicine and healthcare. Future Generation Computer Systems, 78, 659–676.
Gia, T. N., Jiang, M., Rahmani, A. M., Westerlund, T., Liljeberg, P., & Tenhunen, H. (2015). Fog computing in healthcare internet of things: A case study on ECG feature extraction, In IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), IEEE (pp. 356–363).
Huang, C., Lu, R., & Choo, K. K. R. (2017). Vehicular fog computing: Architecture, use case, and security and forensic challenges. IEEE Communications Magazine, 55(11), 105–111.
Stojmenovic, I. & Wen, S. (2014). The fog computing paradigm: Scenarios and security issues, In Federated Conference on Computer Science and Information Systems (FedCSIS), IEEE (pp. 1–8.)
Hu, P., Dhelim, S., Ning, H., & Qiu, T. (2017). Survey on fog computing: Architecture, key technologies, applications and open issues. Journal of Network and Computer Applications, 98, 27–42.
Khan, S., Parkinson, S., & Qin, Y. (2017). Fog computing security: A review of current applications and security solutions. Journal of Cloud Computing, 6(1), 19.
Yi, S., Qin, Z., & Li, A. (2015). Security and privacy issues of fog computing: A survey. In International Conference on Wireless Algorithms, Systems, and Applications, Springer (pp. 685–695).
Pappu, S. R. (2001). Physical One-way functions. Ph.D. thesis, Massachusetts Institute of Technology, USA.
Tuyls, P., Schrijen, G. J., Skoric, B., Van Geloven, J., Verhaegh, N., & Wolters, R. (2006). Read-proof hardware from protective coatings. In Cryptographic Hardware and Embedded Systems (CHES), LNCS, Springer Verlag (pp. 369–383).
Skoric, B., Schrijen, G.-J., Ophey, W., Wolters, R., Verhaegh, N. & Van Geloven, J. (2007). Experimental hardware for coating PUFs and optical PUFS, In security with noisy data: on private biometrics, secure key storage and anti-counterfeiting, Springer-Verlag, Chapter 15.
Kursawe, K., Sadeghi, A.-R., Schellekens, D., Skoric, B., & Tuyls, P. (2009). Reconfigurable physical unclonable functions: Enabling technology for tamper resistant storage. IEEE International Workshop on Hardware-Oriented Security and Trust, HOST
Delvaux, J. (2017). Security analysis of PUF-based key generation and entity authentication. PhD thesis, Katholieke Universiteit Leuven (KULeuven), Leuven, Belgium.
Gope, P. (2020). PMAKE: Privacy-aware multi-factor authenticated key establishment scheme for advance metering infrastructure in smart grid. Computer Communications, 152, 338–344.
Chatterjee, U., Chakraborty, R. S., & Mukhopadhyay, D. (2017). A PUF-based secure communication protocol for IoT. ACM Transactions on Embedded Computer Systems, 16(3), 25. Article 67.
Braeken, A. (2019). PUF based authentication security for IoT. Symmetry, 10(8), 352.
Jia, X., He, D., Kumar, N., & Choo, K. K. R. (2018). Authenticated key agreement scheme for fog-driven IoT healthcare system. Wireless Networks, 25, 4737–4750. https://doi.org/10.1007/s11276-018-1759-3
Patonico, S., Braeken, A., & Steenhaut, K. (2019). Identity-based and anonymous key agreement protocol for fog computing resistant in the Canetti–Krawczyk security model. Wireless Networks, 362, 13.
Shabisha, P., Steenhaut, K. & Braeken, A. (2020). Anonymous symmetric key based key agreement protocol for fog computing. Internal Report, Vrije Universiteit Brussel, 2020.
Xiong, L., Peng, D., Peng, T., Liang, H., & Liu, Z. (2017). A lightweight anonymous authentication protocol with perfect forward secrecy for wireless sensor networks. Sensors, 17, 2681.
Gope, P., & Hwang, T. (2016). A realistic lightweight anonymous authentication protocol for securing realtime application data access in wireless sensor networks. IEEE Transactions in Industrial Electronics, 63, 7124–7132.
Gong, L. (1993). Lower bounds on messages and rounds for network authentication Protocols. In Proceedings of the 1st ACM Conference on Computer and Communications Security (pp. 26–37).
Lee, C. C., Chen, S. D., & Chen, C. L. (2012). A computation-efficient three-party encrypted key exchange protocol. Applied Mathematics and Information Sciences Letters, 6(3), 573–579.
Li, X., Niu, J., Kumari, S., Khan, M. K., Liao, L., & Liang, W. (2015). Design and analysis of a chaotic maps-based three-party authenticated key agreement protocol. Nonlinear Dynamics, 80(3), 1209–1220.
Lee, T. F., & Hwang, T. (2017). Three-party authenticated key agreements for optimal communication. PloS ONE, 12(3), e0174473.
Ni, L., Chen, G., & Li, J. (2013). Escrowable identity-based authenticated key agreement protocol with strong security. Computers and Mathematics with Applications, 65, 1339–1349.
Lu, Y., Ping, L., Peng, H., & Yang, Y. (2016). An energy efficient mutual authentication and key agreement scheme preserving anonymity for wireless sensor networks. Sensors, 16, 837.
Canetti, R. & Krawczyk, H. (2001). Analysis of key-exchange protocols and their use for building secure channels. In International Conference on the Theory and Applications of Cryptographic Techniques, Springer-Verlag (pp. 453–373).
Wang, D., & Wang, P. (2014). On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions. Computer Networks, 73, 41–57.
Dodis, Y., Reyzin, L., & Smith, A. (2004). Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. Advances in Cryptology EuroCrypt, LNCS, 3027, 523–540.
Delvaux, J., Gu, D., Verbauwhede, I., Hiller, M., & Yu, M.-D. (2016). Efficient fuzzy extraction of PUF-induced secrets: Theory and applications. In Cryptographic Hardware for Embedded Systems (CHES), LNCS 8913, Springer (pp. 412–430).
Delvaux, J., Gu, D., Schellekens, D., & Verbauwhede, I. (2015). Helper data algorithms for PUF-based key generation: Overview and analysis. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 34(6), 889–902.
Dolev, D., & Yao, A. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.
Khalafalla, M., & Gebotys, C. (2019). PUFs deep attacks: Enhanced modeling attacks using deep learning techniques to break the security of double arbiter PUFs. In Design, automation and test in Europe conference and exhibition (DATE).
Rubin, A. D., & Honeyman, P. (1994). Nonmonotonic cryptographic protocols. In Proceedings of the Computer Security Foundation Workshop VII, Franconia, NH, USA (pp. 100–116).
Yang, X., & Xiaoyao, X. (2008). Analysis of authentication protocols based on Rubin logic. In 4th International Conference on Wireless Communications. Networking and Mobile Computing, IEEE.
Choi, Y., Lee, D., Kim, J., Jung, J., Nam, J., & Won, D. (2014). Security enhanced user authentication protocol for wireless sensor networks using elliptic curves cryptography, Sensors, 14(6), 10081–10106.
Braeken, A., Liyanage, M., Kumar, P., & Muphy, J. (2019). Novel 5G authentication protocol to improve the resistance against active attacks and malicious serving Networks. IEEE Access, 7, 64040–64052.
Nanjo, Y., Khandaker, M. A. A., Kusaka, T., & Nogami, Y. (2018). Efficient pairing-based cryptography on raspberry pi. Journal of Communications, 13(2), 88–93.
Kim, T., & Barbulescu, R. (2016). Extended tower number field sieve: A new complexity for the medium prime case. Advances in Cryptolopgy: Crypto, Part I, 9814, 543–571.
Barbulescu, R., & Duquesne, S. (2019). Updating key size estimations for pairings. Journal of Cryptology, 32, 1298–1336.
Acknowledgements
This paper has been made thanks to the TETRA grant HBC.2019.2017—OpenCloudEdge provided by Vlaio (Flanders Innovation and Entrepreneurship).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This work was supported by the Vlaio TETRA Project OpenCloudEdge (HBC.2019.2017).
Rights and permissions
About this article
Cite this article
De Smet, R., Vandervelden, T., Steenhaut, K. et al. Lightweight PUF based authentication scheme for fog architecture. Wireless Netw 27, 947–959 (2021). https://doi.org/10.1007/s11276-020-02491-0
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11276-020-02491-0