Towards a Provably Secure Authentication Protocol for Fog-Driven IoT-Based Systems

The emergence of fog-based Internet of Things (IoT) systems have played a significant role in enhancing the applicability of the IoT paradigm. In such systems, fog-nodes are proficient enough to retain, process and transmit the data coming from IoT devices. Nevertheless, as an extension of cloud computing, inheriting the security and privacy concerns of cloud computing is also inevitable in fog-based IoT systems. To deal with such challenges, a diverse range of security solutions are reported in the literature. However, most of them have several limitations (i.e., vulnerability to known security attacks and high computation overhead) that curtail their practical implementation applicability. Keeping these limitations in mind, this paper propose a privacy-preserving hash-based authenticated key agreement protocol using XOR and concatenation operations for fog-driven IoT systems. Using healthcare as a case study, the security of the novel protocol is evaluated by using informal and formal security analysis. In order to obtain the experimental results, the key cryptographic operations used at the user, fog node and cloud server-side are implemented on a mobile device, Arduino and cloud server, respectively. Findings from the performance evaluation results show that the proposed protocol has the least computation cost compared to several related competing protocols.