E2ESec (End-To-End Security): Multi-level lightweight anonymous authentication protocol for fog computing
摘要
The increasingly complex and interconnected Fog-IoT architecture necessitates the design of authentication protocols that minimize network overhead while ensuring secure communication. Existing state-of-the-art protocols remain vulnerable to several critical threats, including secret key disclosure, user impersonation, and ephemeral secret leakage. To address these issues, this paper proposes E2ESec, a novel end-to-end lightweight anonymous authentication protocol with integrated key agreement, enabling secure communication between IoT devices and fog users, as well as between fog users and fog servers. The protocol employs a four-layer hierarchical architecture, comprising IoT devices, fog users, fog servers, and a registration authority, thereby reducing the computational burden on fog users and enhancing overall response time. Lightweight cryptographic primitives—such as the PICO cipher, hash functions, HMAC, bitwise XOR, and concatenation—are utilized to ensure low computational and communication overhead. Formal security analysis is conducted using the Scyther tool and the Real-or-Random (RoR) model, demonstrating the protocol’s resistance to various attacks, including replay, man-in-the-middle, and impersonation attacks. Quantitative analysis shows that E2ESec achieves computation times of 21.16 ms on a PC and 22.67 ms on a Raspberry Pi, reflecting an approximate 18–22% improvement over existing authentication protocols. The corresponding energy consumption values are 228.58 W·ms and 244.836 W·ms, with a storage requirement of only 2744 bits, demonstrating around 20% optimization in resource utilization. NS-3.36.1 simulation results further show that E2ESec maintains a packet delivery ratio (PDR) between 89% and 99%, achieves a throughput of 1373 kbps at 10 s, and maintains an end-to-end delay of 0.01 s at 9.11 s outperforming existing schemes in both efficiency and reliability. The proposed protocol is thus well-suited for resource-constrained fog computing environments where both lightweight operation and high security are essential.