Critical infrastructure refers to the key systems, assets, and facilities, whether they are physical or virtual, that are necessary for the overall functioning of a country. As our reliance on technology and networked systems continues to expand, so does the significance of taking precautions to protect critical infrastructure from being compromised by cyberattacks. We need some security schemes to secure the communication happening in the critical infrastructure devices. Therefore, in this paper, we focus on the design of an authentication and key establishment scheme, which is used in the critical infrastructure to secure its data transmissions. A secure authentication and key management mechanism for fog computing-based IoT-driven critical infrastructures (in short, AKM-FCCI) is proposed in the paper. We then provide the network model and threat model of the proposed AKM-FCCI to explain its deployment and organization of devices and servers. The threat model further explains the various threats of this communication environment. In addition, the security analysis of AKM-FCCI is presented to demonstrate that it is secure against the many different kinds of attacks that could be launched against it. The comparisons demonstrate that the performance of AKM-FCCI is superior to that of the other currently used schemes. In addition to that, it offers a high level of security and utility. Therefore, the proposed AKM-FCCI is appropriate for use in protecting critical infrastructure equipment against a wide variety of threats.