A Lightweight Anonymous Authentication and Secure Communication Scheme for Fog Computing Services

Fog-driven IoT architecture located between IoT devices and the centralized cloud infrastructure is introduced to extend computing, storage and network services to the edge of the Internet and therefore resources and services of the fog nodes are available and are closer to the end user and end device for providing mobility, low latency and location awareness. However, the paradigm of fog computing due to its inherited properties from cloud as inherits its security and privacy concerns such as spoofing, message replay, impersonation, man-in-the middle and physical capturing of IoT devices etc. To address these concerns in fog computing services, in this paper, a lightweight anonymous authentication and secure communication scheme is proposed and it only used secure one-way hash function and bitwise XOR operations when cloud, fog and user mutually authenticate each other. After the successful authentication, both fog-based participants can agree on a session key to encrypt the subsequent communication messages. The security can be ensured during authentication process by using the Burrows-Abadi-Needham (BAN) logic and the performance comparisons with existing schemes demonstrate that the proposed scheme is secure and highly efficient.

application service providers or cloud data centers from any place, anytime through personal communication devices with network connectivity, such as tablet computers, smartphones, and mobile devices [10], [21], [22]. However, the limited execution efficiency of the cloud computing environment has resulted in its inability to meet the requirements of many existing intelligent application services, such as the low latency, context awareness, and support for mobility of intelligent applications such as in-vehicle networks and medical augmented reality. In order to meet the above requirements, the concept of Fog Computing was first proposed by Cisco in 2012. It is an extension of traditional cloud computing. Its main purpose is to provide better computing power, storage space, and network services between terminal devices and cloud servers, as well as to reduce communication delay and management control complexity. Through the hierarchical architecture established by fog computing, computing requirements can be layered and processed in different regions, so that the information generated by local devices can be initially analyzed, and the back-end cloud can perform data analysis and calculation for heavy computationally demanding work such as coordination and global analysis. The advantage of this architecture is that it can solve the possible network congestion, speed up the data processing and transmission, and reduce the delay.
The fog computing architecture is generally composed of three different working layers, namely terminal layer, fog layer and cloud layer. The three-layer architecture of fog computing and its detailed description are shown in Fig. 1: 1) Edge layer: this layer is closest to end-users and end-devices and consists of various IoT or intelligent devices, such as sensors, mobile phones, intelligent vehicles, smart cards, and readers. What is special is that although these devices have the capability of computing, we usually only use these devices to carry out intelligent sensing of entity objects or events, and upload the collected sensing data to the upper layer for subsequent processing and storage. 2) Fog layer: this layer is located at the edge of the network and consists of a large number of fog nodes. These fog nodes usually contain routers, gateways, switchers, access points, base stations, and specific fog servers. These fog nodes can be widely distributed between terminal devices and the cloud, such as cafes, shopping centers, bus stops, streets, and parks. Fog nodes can be placed in a fixed position or moved on a mobile vehicle and are linked to terminal devices to provide intelligent services. In addition, they can calculate, transmit, and temporarily store the sensing data they receive, allowing real-time analysis and delay-sensitive applications to be performed within the fog layer. Finally, fog nodes are connected through IP core networks and cloud data centers, and through cooperation with cloud centers, they can obtain more powerful computing and storage capabilities. 3) Cloud layer: cloud layer is composed of multiple servers and storage devices with high performance to provide various intelligent application services, such as smart home, intelligent transportation, smart factory, and intelligent medical care. This layer has powerful computing and storage capabilities to support a wide range of computational analysis and storage of a large number of data. However, unlike the traditional cloud computing architecture, fog computing does not handle all computing and storage through the cloud. According to the demand load principle, some control strategies can be used to effectively manage and schedule the core cloud, so as to improve the utilization rate of cloud resources. Compared with the traditional cloud computing mode, the main advantage of fog computing is that it is as close as possible to the network edge devices of the client to perform computing, communication, and storage. In this plan, its advantages are summarized and briefly described as follows: 1) Low latency and real-time interaction: the fog node is located at the edge of the network to quickly receive the data generated by the sensors and devices at the local end, and the data is processed and stored by the network edge devices in the local area network. In this way, fog computing can significantly reduce data transmission on the Internet and provide high speed and high-quality localization services, to achieve low latency and meet the needs of real-time interaction. It is especially suitable for delay-sensitive or time-sensitive application services. 2) Bandwidth saving: fog computing performs some computing work, such as data processing, redundancy removing, data filtering, and valuable information extraction at the local end, and only a small part of the data needs to be transferred to the cloud at the back end. For example, in the face recognition system based on fog computing, the fog node only needs to transmit the face identifier to the cloud, while the system based on traditional cloud computing needs to transmit the original face image to the cloud. Therefore, fog computing can effectively reduce network transmission and save bandwidth. In addition, in some application scenarios, decision making can be implemented locally on the fog node, rather than in the cloud on the back end. In this way, fog computing can effectively save bandwidth. With the advent of the era of big data, the advantages brought by this feature will become more and more important.
3) Supporting mobility: in some fog computing situations, various mobile devices, such as smartphones, smart cars, and smartwatches, can act at the terminal layer at will, while some terminal devices, such as traffic cameras, will remain static. Fog nodes in the fog layer can also be mobile or static computing resource platforms, which can be statically deployed in airports, coffee shops, or dynamically deployed on moving vehicles and trains. 4) Geographic distribution and distributed data analysis: compared with traditional centralized cloud computing, fog computing's services and applications are deployed in a geographically distributed manner, consisting of a large number of widely distributed nodes, enabling it to track and infer the location of end devices to support mobility. Unlike centralized data centers, where information is processed and stored far away from the end user, the fog computing environment of the distributed architecture will be as close to the client for data analysis and processing as possible. By the user location-based service model, it can provide users with more powerful real-time decision-making capability. 5) Heterogeneity: generally speaking, fog nodes are deployed in a variety of environments in various forms. They usually come from high-performance servers, edge servers, gateways, access points, base stations, etc. These hardware platforms have different levels of computing and storage capacity, and can run a variety of operating systems and load different software applications. Fog computing is a highly virtualized platform. Some virtual nodes, such as virtual computing nodes and virtual network nodes, can be regarded as fog nodes. Therefore, fog nodes are heterogeneous. In addition, the network infrastructure of fog computing is also heterogeneous, including high-speed connected data centers, many wireless access technologies, such as WLAN, WiFi, 3G/4G, and ZigBee, which are connected to edge devices. 6) Interoperability: because of the heterogeneity of fog computing, fog nodes and terminals are often from different suppliers and deployed in a variety of environments. Fog computing must be interoperable and work with different suppliers to provide a wide range of services in a seamless manner. For example, an intelligent transportation system based on fog computing needs to perform real-time data analysis and provide dynamic traffic information to intelligent vehicles, traffic signals, fog nodes, and fog applications. In order to realize complex cooperation and information sharing, a policy-based resource management scheme must be proposed to ensure that the resources requested by different users can be interoperable and cooperate safely in fog computing. 7) Data security and privacy protection: the host service provided by fog computing is close to the end user, so the data security and privacy protection of the fog computing environment must be ensured. First, data can be protected by encryption and isolation. The fog node provides mechanisms such as access control policies, encryption methods, integrity checks, and isolation measures to protect sensitive data. Secondly, in order to avoid the low efficiency of traditional devices when performing remote updates, fog computing does not need to update the firmware system, but only the algorithm and micro-application at the fog node end. 8) Low energy consumption: in the fog computing architecture, due to the geographical distribution of the fog nodes, it does not generate excessive heat energy and does not need to use an additional cooling system. In addition, short-range communication nodes combined with some energy management strategies can significantly reduce communication energy consumption and save energy consumption, so that fog computing can provide a more environmentally friendly computing situation. Many computing models have been proposed, such as cloud computing, edge computing, cluster computing, and jungle computing. Their computing tasks have their own advantages in specific scenarios. Edge computing is a computing method that extends cloud computing services to edge devices so that edge devices can perform computing and storage functions and make computing and storage occur at the source of things and data as much as possible. Edge nodes and devices can perform a large number of computing tasks, such as data processing, data staging, device management, decision making, and privacy protection, to reduce network latency and bandwidth congestion between terminal devices and the cloud. These edge nodes can be composed of smart sensors, smart phones, smart vehicles, or even edge servers. They can be linked to each other at the local end to form an edge network. In addition, edge devices can also provide edge intelligence services to nearby users through the connection with cloud data centers, so as to meet the key needs of the digital industry in real-time services, data optimization, application intelligence, security and privacy protection.
In this paper, fog computing, edge computing, cloud computing and other modes are sorted out and summarized as shown in Fig. 2. In terms of latency and mobility, cloud computing has a higher degree of latency than edge computing and fog computing, and the mobility is limited due to the centralized architecture. In terms of bandwidth cost, because the cloud computing model must transmit all the data collected from the sensor layer to the remote cloud server center through the network layer transmission technology, its bandwidth cost is higher than the other two models. In terms of deployment, cloud computing is mostly deployed in the core of the network system, while edge computing will limit the deployment of the edge computing platform to mobile network infrastructure, such as 5G. Fog computing can be deployed anywhere near the edge of the network, such as user-managed servers, access points, routers, and gateways.
In terms of network architecture, the cloud computing model is the centralized control architecture, while edge computing and fog computing can be regarded as the extension of the cloud to supplement its services, so as to realize the creation of n-level distributed network architecture. Edge computing can provide services and decisions autonomously without relying on a central infrastructure, and multiple edge infrastructures can exchange information and services with each other. In terms of computing and storage capacity, the main goal of both edge computing and fog computing is to make the network edge have similar functions to cloud computing, hoping to achieve computing and storage capacity near the end user, reduce service latency and save network bandwidth for delay-sensitive applications. Even though edge computing has the same goal as fog computing, they have some potential differences. For example, in edge computing, edge devices cannot implement multiple IoT applications because limited resources lead to resource contention and increased processing latency. By seamlessly integrating edge devices and cloud resources, fog computing can overcome the limitations of edge computing and avoid the contention of edge resources, and coordinate the geographically distributed network edge devices to balance the utilization rate of cloud resources.
The fog computing environment combines various IoTs sensing components, location services, wireless transmission reading, content services and other technologies, and has spawned many types of fog computing applications. The following is an introduction to the application scope of fog computing: 1) Application in the smart city [6]: The fog computing environment is especially suitable for smart city applications, such as urban disaster notification, through real-time data feedback and reply. In the development of a flood decision support system, the fog node is used to collect real-time data of urban water regimen and give early warning and alarm when there is doubt about the flood. 2) Application in medical care [7]: Fog computing can also be used in medical care. This paper proposes a fall monitoring system named FAST, which is aided by fog computing analysis. By measuring and analyzing the pulse between the edge device (connected to the user's smartphone) and the cloud server, the system can judge whether the user has fallen or other emergency situations at home, so as to provide real-time medical rescue services. 3) Application in intelligent transportation [14]: VANET (Vehicular Ad Hoc Network) ensures transportation efficiency, safety and convenience of driving by exchanging valuable information, and its applications include content sharing (such as advertising and entertainment) and information dissemination services (such as emergency operations such as natural disasters and terrorist attacks). New transportation applications, such as augmented reality and autonomous driving, require complex storage operations and data processing, and therefore require higher-level data storage, computing, and communication capabilities. A program called VFC (Vehicular Fog Computing) was proposed to meet the requirements of the above applications and some special requirements such as mobility, position awareness, and low latency. 4) Application in Fog in IoT and CoT (Cloud of Things) [1]: as different devices generate different types and frequencies of data, CoT combining IoT and cloud computing is proposed to simplify the ever-growing multimedia content and manage other data. In addition, CoT plays a key role in service discovery, resource provision, and ubiquitous access, especially for medical, emergency, and real-time response applications. In addition, when fog computing exists between the cloud and the Internet of Things, its work tasks can include resource management, data pretreatment, data filtering, and security assessment. Therefore, fog computing needs an effective and efficient IoT resource management framework. The application of fog computing IIoT (Industrial Internet of Things) can make the machines, sensors, actuators and gateways on the production site form a fog network to improve production efficiency [36]. 5) Application in Smart Grid [31]: energy grid deploys smart meters in all locations of the distribution network to measure real-time status information in energy generation, energy transmission, energy consumption and pricing. A centralized server system called SCADA (Supervisory Control and Data Acquisition) collects and analyzes status information commands to respond to any demand change or emergency and stabilize the grid. After the introduction of fog computing, the smart grid can become a multi-level layered system, allowing the fog layer to interact with the SCADA system, and take charge of the micro-grid and communicate with neighboring fog layers and higher-level fog. The higher the layer, the greater the latency and the wider the geographical coverage. While the integration of IoT-based smart services into fog computing can play a key role in delivering a wide range of smart application services to deployed smart devices in a more efficient manner, there are still potential security and privacy risks that need to be eliminated. First, the high frequency of data collection may cause great risks to location privacy, allowing attackers to track smart devices. Moreover, the identities of fog nodes and smart devices may also be impersonated by an attacker to transmit malicious data or illegally collect data [11], [15]- [17], [23]. In recent years, many researchers have proposed security and privacy issues in the fog computing environment [5], [9], [12], [25], [26], [28]. Alrawais et al. [3] proposed a secure key exchange method between the fog node and the cloud center. Koo and Hur [20] designed a data deduplication method with a privacy protection function, which can effectively manage the ownership of fog computing. Wang et al. [32] proposed VOLUME 9, 2021 an anonymous and secure aggregation method in the fog computing environment. Data from terminal nodes can be aggregated through the fog nodes, and then the aggregated data is forwarded to the public cloud server. In addition, some methods emphasize the protection of device privacy, but the computing capacity between the smart devices and the fog nodes in the fog computing environment cannot meet their requirements, so they are not applicable to real-time IoT applications. Guan et al. [13] and Lin et al. [24] proposed a data aggregation method based on blockchain technology. The paradigm of fog computing due to its inherited properties from cloud as inherits its security and privacy concerns such as spoofing, message replay, impersonation, man-in-the middle and physical capturing of IoT devices etc. To erase the various security pitfalls found in existing authentication schemes, existing schemes are not sustainable in fog computing environments, and it motivated us to design a new lightweight anonymous authentication and secure communication scheme that overcomes the drawbacks of existing authentication schemes and ensures both security and efficiency.
The remainder of the paper is organized as follows. Section 2 presents a new security architecture along with the threat model for fog computing services. Section 3 introduces our lightweight anonymous authentication scheme with privacy preserving for fog computing services. We present the security proof of the proposed scheme and evaluate the performance of the proposed authentication scheme with other related fog computing schemes in Section 4 and Section, respectively. Finally we conclude this paper in Section 6.

II. SYSTEM ARCHITECTURE IN FOG COMPUTING SERVICES
In this section, we will illustrate the proposed system architecture for fog computing paradigm, subsequently we define two adversary models to evaluate its security and usability.

A. SYSTEM MODEL
The system architecture used in fog computing services is shown in Fig. 3. In the given architecture, four roles participate in this system: the cloud server (CS), the fog server (FS), the edge user (U ) and the edge device (D). When an U and FS (or D and FS) need to interact securely, they must be able to authenticate each others and may need the support of CS. Suppose CS wants to access the real-time data gathered from deployed edge devices, the given model is designed to minimize delay and burden on CS by exploiting the fog layer and the interactions between FS and CS become important since FS can easily gets local overview while the global coverage can be achieved at cloud layer. Therefore, a secure mutual authentication and key agreement mechanism among the deployed CS, FS, U and D is necessary because the communication happens through insecure channel and an adversary can be given an opportunity to threat with the privacy in fog computing services. After executing authentication process, cloud server, fog servers, edge users and edge devices can establish session keys for securing their interactions. There are three types of communication involve in this system: (1) edge user to fog server communication, (2) edge device to fog server communication, and (3) cloud server to fog server communication. The detailed steps of Fig. 3 are described as follows.
Step 1:This step permits CS to fulfill the registration of edge users, edge devices and fog servers before they are deployed in fog computing network.
Step 2:When an edge user wants to access FS and asks a services from FS, U must send a login request to FS. Further, when an edge device D wants to interact with FS and sends gathered data to FS, D must send a login request to FS.
Step 3:For secure interaction, in this step, both the legitimacy of U /D and FS can be verified by CS.
Step 4:If U /D and FS are legal, CS and FS can perform this step to achieve mutual authentication and establish a session key between them.
Step 5:After the successful execution of this step, both U /D, FS and CS can agree on a session key for securing their subsequent communications.

B. THREAT MODEL
According to the system model shown in Fig. 3, edge users and edge devices can communicate with their corresponding fog server, and the fog server forwards the data to its back-end cloud server. In this situation, all communications take place over the public channels and there is always a possibility of security pitfalls during the communication session in fog computing environment. In threat model, this paper will adopt the widely- According to the definition of CK model, the mobile device of an U may be lost or stolen, the secret parameters stored in that device can be also extracted by using power analysis attack. Further, an adversary may physical capture some edge device D and obtain the stored credentials in D with the help of complicated power analysis attack. After that, the compromised data will be used to undermine the security of fog computing services such as session key exposure, impersonation attack, replay attack, privacy exposure attack and man-in-the-middle attack etc. Note that CS and FS are trusted entities and they will not be compromised by adversaries.

III. THE PROPOSED SCHEME
In this section, we propose a new lightweight anonymous authentication scheme for fog computing services. The proposed authentication scheme consists of the following seven phases: system initialization, fog server registration, edge user registration, edge device registration, authentication and key agreement of edge user, authentication and key agreement of edge device and biometric update of edge user. The details of the proposed scheme are described in the following subsections. The notations used in the proposed scheme are summarized below in Table 1.

A. SYSTEM INITIALIZATION
The cloud server CS generates a master secret key MK and three long-term secret keys K cf , K cu , and K cd and keeps them secret. CS further chooses a collision free one-way hash function h(·). We assume that CS is fully trusted and also maintains a database to record registered edge users, edge devices and fog servers.

B. FOG SERVER REGISTRATION
The fog server FS i picks a unique real identity ID i and registers itself with CS by sending identity ID i via a secure   Table 2. Finally, FS i stores TID i , B i and h(MK ||K cf ) in its memory. Registration process of FS i is summarized in Fig. 4.

C. EDGE USER REGISTRATION
The edge user EU j picks a unique real identity ID j and inputs his/her biometric BIO j into his/her smart device. EU j 's smart device generates a 160-bit random secret number n u and computes A j = h(ID j ||BIO j ||n u ). Then EU j 's smart device sends the registration request A j along with the identity ID i to CS through a secure channel. After receiving ID j and A j , CS generates a pseudonym TID j and computes B j = h(ID j ||MK ), , h(K cu )} to EU j through a secure channel and maintains pseudonym and verifier of EU j in a protected verifier table as depicted in Table 3. Finally, EU j 's smart device stores TID j , C j , D j , h(·), h(K cu ) and n u in its memory. Registration process of EU j is summarized in Fig. 5.

D. EDGE DEVICE REGISTRATION
The edge device ED k picks a unique real identity ID k and registers itself with CS by sending identity ID k via a secure channel. After receiving ID k , CS generates a pseudonym TID k and computes B k = h(ID k ||K cd ) and h(MK ||K cd ). CS then responses {TID k , ID i , B k , h(MK ||K cd )} to ED k via a secure channel and maintains pseudonym and verifier of ED k in a protected verifier table as depicted in Table 4. Note that each ED k will be deployed in the designated area and assigned a specific FS i to it, where ID i is the identity of designated FS i of ED k . Finally, ED k stores TID k , ID i , B k and h(MK ||K cd ) in its memory. Registration process of ED k is summarized in Fig. 6.

E. AUTHENTICATION AND KEY AGREEMENT OF EDGE USER
In this phase, we assume that an edge user EU j wants to access the fog server FS i and asks a service from system. In order to  preserve privacy of data transmitted through pubic channels, the cloud server CS can help EU j and FS i to authenticate each other and establish a session key SK ij between them by performing following steps. The detailed steps of this phase are depicted in Fig. 7.
Step 1:EU j first inputs ID j and BIO j into his/her smart device. Then, smart device retrieves n u and h(K cu ) to compute A j = h(ID j ||BIO j ||n u ) and C j = h(ID j ||A j ||h(K cu )) and checks whether C j = C j , where C j is retrieved from its memory. If it is not true, the smart device rejects the request and terminates. Otherwise, it means EU j is a legal user and the smart device randomly selects a 128-bit random number r u and computes E j = D j ⊕ A j ⊕ r u and F j = h(h(K cu )||ID i ||r u )), where D j is retrieved from its memory. Finally, the smart devices retrieves the pseudonym TID j from its memory and sends the access request M u1 = {TID j , E j , F j } to FS i through a public channel.
. If T j = T j , EU j believes that CS and FS i are legal parties and stores the shared session key SK ij for future secure communication. Otherwise, EU j terminates the session.

F. AUTHENTICATION AND KEY AGREEMENT OF EDGE DEVICE
In this phase, we assume that an edge device ED k is deployed in designated environment and is ready to send the gathered data to its corresponding fog server FS i . In order to ensure the integrity of the sensitive data gathered from ED k , the cloud server CS can help ED k and FS i to authenticate each other and establish a session key SK ik between them by performing following steps. The detailed steps of this phase are depicted in Fig. 8.
Step 1:ED k first randomly selects a 128-bit random number r d and retrieves ID i , TID k , B k and h(MK ||K cd ) from its memory to compute E k = B k ⊕ r d and F k = h(h(MK ||K cd )||ID i ||r d )). Then ED k sends the access request M d1 = {TID k , E k , F k } to FS i through a public channel. Step If R k = R k , FS i believes that CS and ED k are legal parties and stores the shared session key SK ik for future secure communication. Otherwise, FS i terminates the session. Finally, FS i forwards M d4 to ED k .
Step 7:Upon receiving M d4 , ED k first inspects M d4 and uses original TID k and r d to compute . If T k = T k , ED k believes that CS and FS i are legal parties and stores the shared session key SK ik for future secure communication. Otherwise, ED k terminates the session.

G. BIOMETRIC UPDATE OF EDGE USER
In the proposed scheme, an edge user EU j can freely update his/her biometric BIO j with a new biometric BIO new j without interaction with cloud server CS. EU j first inputs the identity ID j and original BIO j into his/her smart device. Then, smart device retrieves n u and h(K cu ) to compute A j = h(ID j ||BIO j ||n u ) and C j = h(ID j ||A j ||h(K cu )) and checks whether C j = C j , where C j is retrieved from its memory.
If it is not true, the smart device denies the update request and terminates. Otherwise, the smart device asks EU j to input his/her new biometric BIO new j and computes A new Finally, the smart devices replaces original (C j , D j ) with new (C new j , D new j ) in its memory and ends this phase.

IV. SECURITY PROOF OF THE PROPOSED SCHEME A. BAN LOGIC PROOF
In this section, we use the BAN logic [4] to analyze the security of the session key between node A and node B. Some notations used in BAN logic analysis are described as follows: • A | ≡ X : A believes X or A would be entitled to believe X .
• A X : A sees X . Someone has sent a message containing X to A, who can read and repeat X . VOLUME 9, 2021 • A | ⇒ X : A has jurisdiction over X . A is an authority on X and should be trusted on this matter.
• A | ∼ X : A once said X . A at some time sent a message including X .
• < X > Y : This represents X combined with Y .
• (X ): The formula X is fresh, that is, X has not been sent in a message at any time before the current run of the protocol.
• A K ←→ B: A and B may use the shared key K to communicate.
The formula S is a secret known only to A and B and possibly to principals trusted by them. In the authentication and key agreement of the edge user phase of the proposed scheme, the main goal of the scheme is to analyze the session key establishment between the edge user EU and the fog server FS, with the help of the cloud server CS.
According to the authentication and key agreement of the edge user phase, BAN logic is used to produce an idealized form as follows: To analyze the proposed scheme, the following assumptions are made: According to these assumptions and rules of BAN logic, the main proof of the authentication and key agreement of the edge user phase is as follows: The fog server FS authenticates the edge user EU , with the help of the cloud server CS. According to M1 and the seeing rule, we could obtain: S1: FS According to A2 and the freshness rule, we could obtain: S2: FS | ≡ (< TID j , B j , r u > K cu , < H (SK ij , TID j , r u ) > r u ⊕r c ) According to S1, A4 and the message meaning rule, we could obtain: S3: FS | ≡ EU | ∼ (< TID j , B j , r u > K cu , < H (SK ij , TID j , r u ) > r u ⊕r c ) According to S2, S3, and the nonce verification rule, we could obtain: S4: FS | ≡ EU | ≡ (< TID j , B j , r u > K cu , < H (SK ij , TID j , r u ) > r u ⊕r c ) According to S4 and the belief rule, we could obtain:

FS
According to S5, A6 and the jurisdiction rule, we could obtain:

FS
According to S6 and the belief rule, we could obtain: S7: FS | ≡ EU | ≡ TID j According to S7, A8 and the jurisdiction rule, we could obtain: S8: FS | ≡ TID j The edge user EU authenticates the fog server FS, with the help of the cloud server CS. According to M2 and the seeing rule, we could obtain: According to A1 and the freshness rule, we could obtain: S10: EU | ≡ (< TID i , B i , r f > K cf , < H (SK ij , TID i , r f ) > r f ⊕r c ) According to S9, A3 and the message meaning rule, we could obtain: S11: According to S10, S11, and the nonce verification rule, we could obtain: S12: According to S12 and the belief rule, we could obtain:

FS
According to S13, A5 and the jurisdiction rule, we could obtain:

FS
According to S14 and the belief rule, we could obtain: S15: EU | ≡ FS | ≡ TID i According to S15, A7 and the jurisdiction rule, we could obtain: S16: EU | ≡ TID i According to S6, S8, S14 and S16, it can be proved the edge user EU and the fog server FS authenticate each other with the help of the cloud server CS. Moreover, it can also be proved that the proposed scheme can establish a session key SK ij between EU and FS with the help of CS. The authentication and key agreement of the edge user phase of the proposed scheme thus guarantee the security of the session key between EU and FS.
In the authentication and key agreement of the edge device phase of the proposed scheme, the main goal of the scheme is to analyze the session key establishment between the edge device ED and the fog server FS, with the help of the cloud server CS.
According to the authentication and key agreement of the edge device phase, BAN logic is used to produce an idealized form as follows: To analyze the proposed scheme, the following assumptions are made: According to these assumptions and rules of BAN logic, the main proof of the authentication and key agreement of the edge device phase is as follows: The fog server FS authenticates the edge device ED, with the help of the cloud server CS. According to M3 and the seeing rule, we could obtain: S17: FS According to A10 and the freshness rule, we could obtain: S18: FS | ≡ (< TID k , B k , r d > K cd , < H (SK ik , TID k , r d ) > r d ⊕r c ) According to S17, A10 and the message meaning rule, we could obtain: S19: According to S18, S19, and the nonce verification rule, we could obtain: S20: FS | ≡ ED | ≡ (< TID k , B k , r d > K cd , < H (SK ik , TID k , r d ) > r d ⊕r c ) According to S20 and the belief rule, we could obtain:

FS
According to S21, A14 and the jurisdiction rule, we could obtain:

FS
According to S22 and the belief rule, we could obtain: S23: FS | ≡ ED | ≡ TID k According to S23, A16 and the jurisdiction rule, we could obtain: S24: FS | ≡ TID k The edge device ED authenticates the fog server FS with the help of the cloud server CS. According to M4 and the seeing rule, we could obtain: According to A9 and the freshness rule, we could obtain: According to S25, A11 and the message meaning rule, we could obtain: According to S26, S27, and the nonce verification rule, we could obtain: According to S28 and the belief rule, we could obtain:

FS
According to S29, A13 and the jurisdiction rule, we could obtain:

FS
According to S30 and the belief rule, we could obtain: S31: ED | ≡ FS | ≡ TID i According to S31, A15 and the jurisdiction rule, we could obtain: S32: ED | ≡ TID i According to S22, S24, S30 and S32, it can be proved that, in the proposed scheme, the edge device ED and the fog server FS authenticate each other with the help of the cloud server CS. Moreover, it can also be proved that the proposed scheme can establish a session key SK ik between ED and FS with the help of CS. The authentication and key agreement of the edge device phase of the proposed scheme thus guarantee the security of the session key between ED and FS.
Scenario: A malicious attacker uses an illegal fog server to get the message from a legal edge user or a legal edge device. Analysis: The attacker will not succeed because the illegal fog server has not been registered to the cloud server and thus cannot establish a session key with a legal edge user or a legal edge device. We assume the following situation that a legal edge user generates the message F j = h(h(K cu )||ID i ||r u ), then sends the message with legal TID j to an illegal fog server. The illegal fog server has no information to calculate the message F j . Thus, the illegal fog server generates the message M u2 and sends these messages to the cloud server. The cloud server computes F j = h(h(K cu )||ID i ||r u ) and checks whether F j = F j . After that, the cloud server checks the correctness of the message M u2 . Since the illegal fog server has not been registered to the cloud server, the attacker cannot send the correct M u2 , the verification will fail and the cloud server will not give any response. In the same scenario, a legal edge device generates the message F k = h(h(MK ||K cd )||TID k ||r d ), then sends the message with legal TID k to an illegal fog server. The illegal fog server has no information to calculate the message F k . Thus, the illegal fog server generates the message M d2 and sends these messages to the cloud server. The cloud server computes F k = h(h(MK ||K cd )||TID k ||r d ) and checks whether F k = F k . After that, the cloud server checks the correctness of the message M d2 . Since the illegal fog server has not been registered to the cloud server, the attacker cannot send the correct M d2 , the verification will fail and the cloud server will not give any response. Therefore, the attack will fail when the malicious attacker uses an illegal fog server to get the message from a legal edge user or a legal edge device.

B. RESISTANCE TO IMPERSONATION ATTACK
If an attacker pretends to be a legal edge user or edge device and tries to communicate with the fog server and cloud server, this is an impersonation attack. In our proposed scheme, the cloud server will verify the legitimacy of the edge user or edge device, so the impersonation attack will not be achieved. Scenario: A malicious attacker pretends to be a legal edge user or edge device and tries to communicate with the fog server and cloud server. The purpose of the attacker is to establish a session key with the fog server. Analysis: The attacker pretends to be a legal edge user and generates the message F j = h(h(K cu )||ID i ||r u ), then sends the message with legal TID j to a legal fog server. The legal fog server has no information to check the correctness of the message F j . Thus, the legal fog server generates the message M u2 and sends these messages to the cloud server. The cloud server computes F j = h(h(K cu )||ID i ||r u ) and checks whether F j = F j . Since the attacker does not know the correct r u , the correct message F j cannot be generated. In the same scenario, the attacker pretends to be a legal edge device and generates the message F k = h(h(MK ||K cd )||TID k ||r d ), then sends the message with legal TID k to a legal fog server. The legal fog server has no information to check the correctness of the message F k . Thus, the legal fog server generates the message F k = h(h(MK ||K cd )||TID k ||r d ) and sends these messages to the cloud server. The cloud server computes and checks whether F k = F k . Since the attacker does not know the correct r d , the correct message F k cannot be generated. Thus, the attacker cannot establish a session key with the fog server, and the impersonation attack will not be achieved in the proposed scheme.

C. RESISTANCE TO MAN-IN-THE-MIDDLE ATTACK
When role A and role B want to communicate with each other, the attacker will try to intercept the transmission content of both parties, which is a man-in-the-middle attack. In our proposed scheme, the communication content of both parties is encrypted by the session key. If the attacker cannot know the session key, he/she will not be able to obtain the communication content. Therefore, the proposed scheme prevents man-in-the-middle attacks. Scenario: The attacker tries to intercept and obtain the plain text of the communication between the edge user and the fog server, or the plain text of the communication between the edge device and the fog server. Analysis:When the attacker tries to intercept and obtain the plain text of the communication between the edge user and the fog server, he/she will fail due to the transmitted message is encrypted by the session key SK ij . The attacker cannot know the random number r f of the legal fog server, he/she cannot calculate the correct session key ). The attacker also cannot know the random number r u of the legal edge user, he/she cannot calculate the correct session key SK ij = h(r f ⊕ r c ⊕ r u ) through r f ⊕r c = S j ⊕h(ID i ||TID new j ). In the same scenario, when the attacker tries to intercept and obtain the plain text of the communication between the edge device and the fog server, he/she will fail due to the transmitted message is encrypted by the session key SK ik . The attacker cannot know the random number r f of the legal fog server, he/she cannot calculate the correct session key ). The attacker also cannot know the random number r d of the legal edge device, he/she cannot calculate the correct session key SK ik = h(r f ⊕ r c ⊕ r d ) through r f ⊕ r c = S k ⊕ h(ID i ||TID new k ). Therefore, the attacker cannot achieve the purpose to obtain the plain text of the communication between the edge user and the fog server, or the plain text of the communication between the edge device and the fog server. Therefore, the proposed scheme prevents man-in-the-middle attacks.

D. RESISTANCE TO REPLAY ATTACK
When role A sends a message to role B, the attacker intercepts the message and sends the same message to role B again later. Similarly, when role B sends a message to role A, the attacker intercepts the message and sends the same message to role A again later. In our proposed method, pseudo-identity and random number will be changed in every communication round, thus resisting replay attack.
Scenario:When the fog server sends a message to the cloud server, the attacker intercepts the message and sends the same message to the cloud server again later. Similarly, when the cloud server sends a message to the fog server, the attacker intercepts the message and sends the same message to the fog server again later. Analysis: When the fog server sends a message to the cloud server, the attacker intercepts the message and sends the same message to the cloud server again later. The message P j = h(h(MK ||K cf )||TID i ||r f ) or P k = h(h(MK ||K cf )||TID i ||r f ) sent by the fog server to the cloud server contains TID i , when the same content was previously sent, the TID i in the cloud server has been updated to TID new i = TID i ⊕ r f , the cloud server will directly discard this message, and the attacker will not be able to get any response. In the same scenario, when the cloud server sends a message to the fog server, the attacker intercepts the message and sends the same message to the fog server again later. The message i ) sent by the cloud server to the fog server contains TID new i , when the same content was previously sent, the TID i in the fog server has been updated to TID new i = TID i ⊕ r f , the fog server will directly discard this message, and the attacker will not be able to get any response. Therefore, the attacker cannot achieve the purpose by replay the same message from the fog server to the cloud server, or by replay the message from the cloud server and the fog server. The proposed scheme can resist replay attacks.

E. RESISTANCE TO PRIVACY EXPOSURE ATTACK
Another form of privacy attack involves attempting to obtain a person's physical location by tracing any personal device. If a terminal device continues to send the same parameters, then this device will be tracked by the attacker, causing privacy exposure. In our proposed architecture, the edge user uses a pseudonym TID j and the edge device uses a pseudonym TID k . The pseudonym TID j and TID k is changed for every communication round to avoid location tracking. Thus, location privacy is protected and avoided privacy exposure attacks.

F. RESISTANCE TO LOST/STOLEN SMART DEVICE ATTACK
The smart device lost/stolen is an inherent limitation of authentication protocol and we found that the best solution is to prohibit the guesstimate chance of the off-line password guessing attack. The sensitive parameters stored in edge user's smart device are {TID j , C j , D j , h(·), h(K cu ), n u } in our proposed scheme and we assume the attacker can extract all of them by using the power analysis attack. Therefore, knowing all the sensitive parameters, the attacker may try to derive user's identity ID j and biometric key BIO j in off-line manner. To derive the secret value of EU i , which is B j ⊕h(MK ||K cu ) = D j ⊕ h(ID j ||BIO j ||n u ), the attacker needs to know identity ID j and biometric key BIO j of EU j together. However, it is computationally infeasible for attacker to derive correct B j ⊕ h(MK ||K cu ) without the knowledge of ID j and BIO j and the proposed scheme is secure against lost/stolen smart device attacks.

G. RESISTANCE TO EDGE DEVICE PHYSICAL CAPTURE ATTACK
When physical capture attack on edge device is launched, the attacker may try to break into the system by using a compromised edge device. First of all, the attacker can extract the sensitive parameters {TID k , ID i , B k , h(MK ||K cd )} stored in the captured edge device ED k 's memory. Since the master secret key MK of CS and the long-term secret key K cd is embedded in secure one-way hash function, the attacker cannot derive the correct master secret key MK and long-term secret key K cd . In addition, the session key established between ED k , FS i and CS is SK ik = h(r d ⊕ r f ⊕ r c ). Since all random numbers selected by them are distinct for all the edge devices in the system, use of random numbers make all the session key SK ik are also distinct. As a result, compromise of ED k does not lead to compromise the session keys between other non-compromised edge devices and the same fog server FS i .

H. RESISTANCE TO KNOWN SESSION KEY ATTACK
Assume that an attacker knows the session key for a particular session. The attacker may use the old compromised session key to obtain sensitive parameters and keys for subsequent communication sessions. As we know, the session keys SK ij and SK ik are hash values of participants' random numbers and it is computational difficulty of one-way hash function. The attacker cannot derive the new session keys from the old compromised session key without the knowledge of current random numbers. Therefore, the proposed scheme is resilient against known session key attacks.

I. PROVISION OF FORWARD AND BACKWARD SECRECY
Even if the session keys SK ij and SK ik between the sender and the receiver are compromised at any point by an attacker, the system still satisfies forward and backward secrecy. The attacker may use the session keys SK ij and SK ik for future communication or to obtain previous messages. However, in the proposed scheme, the session keys SK ij and SK ik are established by random numbers, and may only be used in the current round. The attacker cannot use the same session keys SK ij and SK ik for future communication or to obtain previous messages. Thus, the proposed scheme achieves forward and backward secrecy.

V. PERFORMANCE EVALUATION
In this section, we benchmark the performance of the proposed scheme with the related existing schemes [19], [27], [33], [34] to demonstrate that our authentication scheme for fog computing paradigm is more efficient than the compared scheme and hence can be workable for various IoT-driven applications and services. For convenience to evaluate the computation operations, we define some symbols (T bp , T fe , T ecm , T h ) and give the execution time of these cryptographic operations in Table 5. The execution time of a bitwise XOR operation is negligible and we omit this operation for performance evaluation. From Table 6, it is clear that our proposed scheme needs less computation time during authentication and key agreement phase as compared to related existing schemes and is feasible for resource-limited devices in fog computing environments.

VI. CONCLUSION
In recent years, fog-driven IoT applications become popular among researchers due to their vital features such as heterogeneity, low latency, real time interactions, data locality, location awareness, geographical distribution and support for mobility etc. We first discussed the critical issues of anonymous authentication and secure communication in fog computing environments. We then introduced a more lightweight and secure authentication scheme for ensuring privacy preserving and key agreement in fog computing services to erase the various security pitfalls found in existing authentication schemes. The security proof and performance evaluation demonstrate that the proposed authentication scheme indeed has more security features with better performance when compared with other recent existing schemes, which is more suitable for the practical service of network system based on the fog computing environment.
CHI-YAO WENG received the Ph.D. degree in computer science from the National Tsing Hua University, Hsinchu, Taiwan, in 2011. From 2011 to 2015, he was a Postdoctoral Researcher with the National Sun Yat-sen University and the National Tsing Hua University. From August 2015 to January 2019, he was an Assistant Professor, and is currently an Associate Professor with the Department of Computer Science, National Pingtung University, Pingtung, Taiwan. His research interests include information security, information hiding, image privacy, and multimedia security.
CHUN-TA LI (Member, IEEE) received the Ph.D. degree in computer science and engineering from the National Chung Hsing University, Taiwan, in 2008. He is currently a full-time Professor with the Department of Information Management, Tainan University of Technology. His research interests include information security, wireless sensor networks, mobile computing, and security protocols for the IoTs and ad hoc networks. He had published more than 100 international journal articles and international conference papers on the above research fields. He received the 2011 IJICIC Most Cited Paper Award from International Journal of Innovative Computing, Information and Control. He also served as a reviewer for many SCI-index journals.
CHIN-LING CHEN received the Ph.D. degree from the National Chung Hsing University, Taiwan, in 2005. From 1979 to 2005, he was a Senior Engineer with Chunghwa Telecom Company Ltd. He is currently a Distinguished Professor. He has published over 120 articles in SCI/SSCI international journals. His research interests include cryptography, network security, and electronic commerce. He also served as a reviewer for many SCI-index journals. YONG-YUAN DENG received the Ph.D. degree from the Institute of Information Management, Chaoyang University of Technology, Taichung, Taiwan, in 2016. Since 2017, he has been a Postdoctoral Researcher with the Institute of Information Engineering and Computer Science, Chaoyang University of Technology. His research interests include cryptography, sensor networks, mobile commerce, and radio frequency identification systems. VOLUME 9, 2021