Hash-Chain Fog/Edge: A Mode-Based Hash-Chain for Secured Mutual Authentication Protocol Using Zero-Knowledge Proofs in Fog/Edge
Abstract
:1. Introduction
1.1. Background Knowledge
1.2. Motivation
1.3. Contribution
- Solving the centralized identity key management problem for authentication: Identity key management is a crucial factor for the authentication system. Authenticating a particular device needs to be first verified by the centralized server. Therefore, all the devices/systems within the fog need to be dependent on the centralized server for authentication. However, the fog also needs to update itself to a centralized server for identity key management, which may face a single-point failure. The hash-chain fog/edge provides distributed identity key management with the help of a distributed database system (DDS). The DDS is a popular model for identity key management;
- Novel algorithm for mutual authentication within the fog/edge: Multiple devices/systems need to be uniquely authenticated based on transitions in the challenge–response model for the hash-chain flow. The proposed model is adaptable and capable of uniquely identifying and authenticating devices/systems by the dynamic challenge–response model. The selection of the transition matrix for the challenge model within the sub-branch of the PRN-based random number tree is performed for every device/system across multiple fogs using several ideas from interactive proof systems;
- Proving dynamic authentication by using zero-knowledge proofs (ZKPs): All the devices/systems within the multiple fogs need to solve the challenge–response model for authentication. The three basic properties of ZKP include completeness, in which the required operations need to be achieved within the specific conditions, soundness, where no cheating devices/systems can succeed in convincing an honest authenticating server, and zero-knowledge, in which the devices/system can never gain complete knowledge about the transition/working secret. These properties help us authenticate the devices/systems, as they possess the part of the knowledge to solve the challenge, which is then verified by the authenticating server;
- Usage of minimum infrastructure and less calculation on the IoT device: The use of minimum infrastructure for authentication within the fog/edge helps us eliminate the ticket-granting server (TGS) and the separate authentication server (AS), other than the fog server and service server.Thus, no new system need to be installed within this model, which is a virtual network of fog/edge computing. All the authentication is performed uniquely as we use a pseudo-random number generator (PRNG), which helps us make fewer calculations on resource-constrained IoT devices that are configured with low memory capacity and processing capability.
1.4. Applications
- Secure university: All universities within the country can be interconnected for authentication. Henceforth, university students can effectively use facilities within other universities when visiting. These facilities can help them utilize resources for scientific job processing including high-performance servers, CUDA graphics cards, fog/edge testbeds, etc. They can also take advantage of stored resources, research journals, patents, thesis reports, etc;
- Secure Industry 4.0: In Industry 4.0, all the devices can interconnect with each other and share statistics about sensors, manufacturing devices, demand supply operations, overload management, etc. Furthermore, securing them will help avoid malware attacks, protect their IPR/copyrights, and avoid personal/corporate data breaches, phishing, and ransomware;
- Secure government: In this newly coined term, all the government offices can interconnect securely and can improve security for national-level offices, e.g., National Health Insurance (NHI), which was shut down in a major attack, ransomware protection, protection from real estate, fake documents, employment, lottery, or government impersonation fraud, etc.;
- Secure country: In a secure country, WiFi access points can be secured further for IoT devices including traffic lights, temperature sensors, flood sensors, surveillance cameras, power stations, e.g., the U.K. power grid was brought down by attackers. Several infrastructure automation tasks including roads, railways, transport, watercraft ships, airways, communication systems, etc., can be performed.
1.5. Synopsis
2. Literature
- High amount of calculation on resource-constrained devices: As most of the protocols above use high-end mathematical models, for zero-knowledge proofs, they are found to be inefficient for IoT resource-constrained devices;
- Not suitable for authenticating a large number of devices: As the protocols have a high amount of calculation, as well as were not tested with IoT device experiments, they are not assured to have better performance in fog/edge computing;
- No details provided for protocol verification: A protocol is verified and found safe from various attacks when presented with protocol verification (logic of authentication [38]), which was found to be missing in most of the papers.
3. Materials and Methods
3.1. Initialization Phase
3.2. Registration Phase
3.3. Authentication Phase
- 1.
- Each client C before setting up an authentication first needs to confirm its identity with the authentication server AS by sending its identity and public key .
- 2.
- The authentication server then responds with the of the local dynamically selected fog server FS, only if the client C identity and public key are validated from the distributed blockchain.
- 3.
- The client C then sends a “Hello” message to the local fog server FS with its public key encrypted by FS’s public key .
- 4.
- The fog server FS then considers the request for authentication from user C after decrypting the received “Hello” message by the FS’s private key . The FS then selects one of the branches and blocks randomly from the graph structure to start a ZKP process as the challenge. At first, the hash key is generated with the hash of . represents the current timestamp of the FS and is the selected random transition value from a block. presents the vertex in the graph selected by FS and as the corresponding transition value. A new session key is shared by the FS, for encryption of the current authentication messages. ttl specifies the validity time of the message and mode as 0 as the default, 1, and 2 for advanced ZKP operations/challenges.
- 5.
- User C then decrypts the message received from the FS by his/her private key and then searches for the vertex , such that it is reached by the transition from the graph structure. Once the user C reaches that vertex , he/she then transits to the next immediate vertex and presents the next transition value to the FS for the clue. In short, user C helps the FS reach the alternate vertex within the matrix. Furthermore, a new hash key is generated by the user by , where is the current timestamp of the user C for sending messages and is the clue to the FS for the next vertex. The encryption for the new message values is performed by the session key sent by the FS in the previous message. is used to send client C’s IP address to the FS.
- 6.
- Once the FS receives the response to a challenge protocol message from the C, then decryption is performed using the symmetric session key . The FS then checks for the vertex flow from the previous challenge given to the C and then reaches the new vertex provided as the clue by the transition . The FS can then calculate the next hash key by using , which is updated by the hash of with the current ts, and it checks for transition to reach the new vertex . The FS then embeds the new parameters in the final message with the new vertex and the final vertex of the corresponding matrix, so that the C can confirm the matching and . After completing a cycle in the matrix sub-graph, the FS authenticates C as the ZKP is solved and allows the C to use updated for further communication as the final key until the next authentication within the fog.
3.4. Communication Phase
3.5. Revocation Phase
4. Analysis of the Hardness of the Hash-Chain Fog/Edge Zero-Knowledge Protocol (ZKP)
5. Hash-Chain Fog/Edge Security
5.1. Active Attacks
5.1.1. Spoofing
- Severity Level 1:→ AS:AS ↛has no identity with in the blockchain. Therefore, the protocol terminates;
- Severity Level 2:In this case, → AS:AS → :↛ FS: (“Hello”)AS: encryption and packet format error. Therefore, the protocol terminates;
- Severity Level 3:In this case, → AS:.: cannot solve the ZKP challenge in the required time ttl for the default mode. Therefore, the protocol terminates.
5.1.2. Modification
- Severity Level 1:→ AS:AS → :→ FS: (“Hello” ): cannot use the modified values from other packets to solve the ZKP challenge in default mode. Therefore, the protocol terminates;
- Severity Level 2:After the first unsuccessful attempt, the FS will enter the ZKP challenge.Mode 1: → AS:AS → :→ FS: (“Hello” ).: cannot solve the ZKP challenge in mode 1. Therefore, the protocol terminates;
- Severity Level 3:After the second unsuccessful attempt, the FS will enter the ZKP challenge.Mode 2: → AS:AS → :→ FS: (“Hello” ).: cannot solve the ZKP challenge in mode 2. Therefore, the protocol terminates.
5.1.3. Sinkhole
- Severity Level 1:→ AS:AS → :→ FS: (“Hello” ).: here, the selective modification will not work because of the SHA-256 bit hash used in . Therefore, the protocol terminates;
- Severity Level 2:→ AS:AS → :→ FS: (“Hello” ).: the use of the hash-chain will be inconsistent with the defined flow. Therefore, the protocol terminates;
- Severity Level 3:→ AS:AS → :→ FS: (“Hello” ).: cannot forward selective modified SHA-256 bit hash used in in any other fog. Therefore, the protocol terminates.
5.2. Passive Attacks
5.2.1. Eavesdropping (Man-in-the-Middle)
- Severity Level 1:→ AS:AS → :↛ FS: (“Hello”): cannot apply the required encryption type and specified message format of AS. Therefore, the protocol terminates;
- Severity Level 2:→ AS:AS → :→ FS: (“Hello” ): cannot solve the ZKP challenge in the required time ttl of default mode. Therefore, the protocol terminates;
- Severity Level 3:After one unsuccessful attempt:Mode 1: → AS:AS → :→ FS: (“Hello” ): cannot solve the ZKP challenge in mode 1. Therefore, the protocol terminates.After the second unsuccessful attempt:Mode 2: → AS:AS → :→ FS: (“Hello” ): cannot solve the ZKP challenge in mode 2. Therefore, the protocol terminates.
5.2.2. Monitoring
- Severity Level 1:→ AS:AS ↛AS: cannot recognize with in the blockchain. Therefore, the protocol terminates;
- Severity Level 2:→ AS:AS → :→ FS: (“Hello” )FS: cannot recognize the encryption type. Therefore, the protocol terminates;
- Severity Level 3:→ AS:AS → :→ FS: (“Hello” ): cannot solve the ZKP challenge in the required time ttl of default mode. Therefore, the protocol terminates.
5.3. Advance Attacks
5.3.1. Replay
- Severity Level 1:→ AS:AS → :↛ FS: (“Hello” )FS: replay of the same message at different times, may have a change of the FS and does not apply in different FS. Therefore, the protocol terminates;
- Severity Level 2:→ AS:AS → :→ FS: (“Hello” ): cannot solve the ZKP challenge in the required time ttl for the default mode. Therefore, the protocol terminates;
- Severity Level 3:→ AS:AS → :→ FS: (“Hello” ): cannot construct a new key by a valid hash-chain procedure. Therefore, the protocol terminates.
5.3.2. Location Disclosure
- Severity Level 1:→ AS:AS → :→ FS: (“Hello” ): cannot solve the ZKP challenge in the required time ttl for the default mode. Therefore, the protocol terminates;
- Severity Level 2:After first unsuccessful attempt, FS will enter in the ZKP challenge Mode 1.→ AS:AS → :→ FS: (“Hello” ): cannot solve the ZKP challenge in the required time ttl for Mode 1. Therefore, the protocol terminates;
- Severity Level 3:After the second unsuccessful attempt, the FS will enter the ZKP challenge Mode 2.→ AS:AS → :→ FS: (“Hello” )cannot solve the ZKP challenge in the required time ttl for Mode 2. Therefore, the protocol terminates.
5.3.3. Sybil
- Severity Level 1:→ AS:AS → :↛ FS: (“Hello” ): cannot encrypt by the required algorithm for sending a message to the FS. Therefore, the protocol terminates;
- Severity Level 2:→ AS:AS → :→ FS: (“Hello” ).: cannot solve the ZKP challenge in the required time ttl for the default mode. Therefore, the protocol terminates;
- Severity Level 3:Mode 1: → AS:AS → :→ FS: (“Hello” )Mode 2: → AS:AS → :→ FS: (“Hello” ).: cannot solve the above ZKP challenge in Mode 1 or 2. Therefore, the protocol terminates.
6. Protocol Verification Logic Analysis
6.1. Message Exchange
6.2. Idealized Protocol
6.3. Protocol Analysis
6.4. Final Beliefs
7. Results
7.1. System Configuration
7.2. Performance Analysis
8. Conclusions
Author Contributions
Funding
Informed Consent Statement
Acknowledgments
Conflicts of Interest
Notations
C | Client/edge user |
S/FS | Server/fog server |
AS | Authentication server |
Network IP address of x | |
ttl | Time to live/validity time of the message |
Timestamp of x | |
Public key of x | |
Private key of x | |
Transition value taken by x | |
Vertex taken by x | |
Random number of x | |
M | Message |
Identity of x | |
Encryption by x’s public key | |
Decryption by x’s private key | |
Session key from x to y | |
Authentication from x to y | |
Malicious user x | |
⊕ | XOR bitwise operator |
X → Y | X computes and sends to Y/transition operation |
Appendix A
Appendix A.1. Details of the Registration Phase
Appendix A.2. Description of the Attacks
Appendix A.3. Acronyms
References
- Chiang, M.; Zhang, T. Fog and IoT: An overview of research opportunities. IEEE Internet Things J. 2016, 3, 854–864. [Google Scholar] [CrossRef]
- Alshahrani, M.; Traore, I. Secure mutual authentication and automated access control for IoT smart home using cumulative keyed-hash chain. J. Inf. Secur. Appl. 2019, 45, 156–175. [Google Scholar] [CrossRef]
- Mukherjee, M.; Matam, R.; Shu, L.; Maglaras, L.; Ferrag, M.A.; Choudhury, N.; Kumar, V. Security and privacy in fog computing: Challenges. IEEE Access 2017, 5, 19293–19304. [Google Scholar] [CrossRef]
- Santos, A.A.; Nogueira, M.; Moura, J.M. A stochastic adaptive model to explore mobile botnet dynamics. IEEE Commun. Lett. 2016, 21, 753–756. [Google Scholar] [CrossRef]
- Steiner, J.G.; Neuman, B.C.; Schiller, J.I. Kerberos: An Authentication Service for Open Network Systems. In Usenix Winter; Citeseer, 1988; pp. 191–202. Available online: https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.112.9002&rep=rep1&type=pdf (accessed on 3 December 2021).
- Liu, H.; Ning, H. Zero-knowledge authentication protocol based on alternative mode in RFID systems. IEEE Sens. J. 2011, 11, 3235–3245. [Google Scholar] [CrossRef]
- Casino, F.; Dasaklis, T.K.; Patsakis, C. A systematic literature review of blockchain-based applications: Current status, classification and open issues. Telemat. Inform. 2019, 36, 55–81. [Google Scholar] [CrossRef]
- Yaga, D.; Mell, P.; Roby, N.; Scarfone, K. NISTIR 8202 Blockchain Technology Overview. arXiv 2019, arXiv:1906.11078. [Google Scholar]
- Hong, C.H.; Varghese, B. Resource management in fog/edge computing: A survey on architectures, infrastructure, and algorithms. ACM Comput. Surv. (CSUR) 2019, 52, 1–37. [Google Scholar] [CrossRef] [Green Version]
- Deng, J.; Li, J. An Identity Authentication Solution Based on ECC for Mobile termina. In Proceedings of the 2015 International Symposium on Computers & Informatics, Beijing, China, 17–18 January 2015; Available online: https://www.researchgate.net/publication/301406359_An_identity_authentication_solution_based_on_ECC_for_mobile_terminal (accessed on 3 December 2021).
- Kelly, D.; Hammoudeh, M. Optimisation of the public key encryption infrastructure for the internet of things. In Proceedings of the 2nd International Conference on Future Networks and Distributed Systems, Amman, Jordan, 26–27 June 2018; pp. 1–5. [Google Scholar]
- Shivraj, V.; Rajan, M.; Singh, M.; Balamuralidhar, P. One time password authentication scheme based on elliptic curves for Internet of Things (IoT). In Proceedings of the 2015 5th National Symposium on Information Technology: Towards New Smart World (NSITNSW), Riyadh, Saudi Arabia, 17–19 February 2015; pp. 1–6. [Google Scholar]
- Ibrahim, M.H. Octopus: An Edge-fog Mutual Authentication Scheme. IJ Netw. Secur. 2016, 18, 1089–1101. [Google Scholar]
- Bansal, G.; Naren, N.; Chamola, V.; Sikdar, B.; Kumar, N.; Guizani, M. Lightweight mutual authentication protocol for V2G using physical unclonable function. IEEE Trans. Veh. Technol. 2020, 69, 7234–7246. [Google Scholar] [CrossRef]
- Binu, S.; Misbahuddin, M.; Paulose, J. A Signature-Based Mutual Authentication Protocol for Remote Health Monitoring. SN Comput. Sci. 2020, 1, 8. [Google Scholar] [CrossRef] [Green Version]
- Ferrag, M.A.; Maglaras, L.; Argyriou, A.; Kosmanos, D.; Janicke, H. Security for 4G and 5G cellular networks: A survey of existing authentication and privacy-preserving schemes. J. Netw. Comput. Appl. 2018, 101, 55–82. [Google Scholar] [CrossRef] [Green Version]
- Diffie, W.; Hellman, M. New directions in cryptography. IEEE Trans. Inf. Theory 1976, 22, 644–654. [Google Scholar] [CrossRef] [Green Version]
- Bruce, S. Applied Cryptography, 2nd ed.; John Wiley and Sons, Inc.: Hoboken, NJ, USA, 1996. [Google Scholar]
- Mao, W. Modern Cryptography: Theory and Practice; Prentice Hall PTR: Hoboken, NJ, USA, 2003. [Google Scholar]
- Saha, D.; Sur-Kolay, S. Secure public verification of IP marks in FPGA design through a zero-knowledge protocol. IEEE Trans. Very Large Scale Integr. (VLSI) Syst. 2011, 20, 1749–1757. [Google Scholar] [CrossRef]
- Zhu, Y.; Hu, H.; Ahn, G.J.; Yu, M. Cooperative provable data possession for integrity verification in multicloud storage. IEEE Trans. Parallel Distrib. Syst. 2012, 23, 2231–2244. [Google Scholar] [CrossRef] [Green Version]
- Bhargav-Spantzel, A.; Squicciarini, A.C.; Xue, R.; Bertino, E. Multifactor identity verification using aggregated proof of knowledge. IEEE Trans. Syst. Man Cybern. Part C (Appl. Rev.) 2010, 40, 372–383. [Google Scholar] [CrossRef]
- Lu, L.; Han, J.; Liu, Y.; Hu, L.; Huai, J.P.; Ni, L.; Ma, J. Pseudo trust: Zero-knowledge authentication in anonymous P2Ps. IEEE Trans. Parallel Distrib. Syst. 2008, 19, 1325–1337. [Google Scholar] [CrossRef] [Green Version]
- Lian, B.; Chen, G.; Ma, M.; Li, J. Periodic K-Times Anonymous Authentication With Efficient Revocation of Violator’s Credential. IEEE Trans. Inf. Forensics Secur. 2014, 10, 543–557. [Google Scholar] [CrossRef]
- Park, Y.H.; Seo, S.W. Fast and secure group key dissemination scheme for out-of-range V2I communication. IEEE Trans. Veh. Technol. 2015, 64, 5642–5652. [Google Scholar] [CrossRef]
- Kumari, A.; Jangirala, S.; Abbasi, M.Y.; Kumar, V.; Alam, M. ESEAP: ECC based secure and efficient mutual authentication protocol using smart card. J. Inf. Secur. Appl. 2020, 51, 102443. [Google Scholar] [CrossRef]
- G Lopes, A.P.; Gondim, P.R. Mutual Authentication Protocol for D2D Communications in a Cloud-Based E-Health System. Sensors 2020, 20, 2072. [Google Scholar] [CrossRef] [PubMed] [Green Version]
- Mbarek, B.; Ge, M.; Pitner, T. An Efficient Mutual Authentication Scheme for Internet of Things. Internet Things 2020, 9, 100160. [Google Scholar] [CrossRef]
- Wu, T.Y.; Lee, Z.; Obaidat, M.S.; Kumari, S.; Kumar, S.; Chen, C.M. An authenticated key exchange protocol for multi-server architecture in 5G networks. IEEE Access 2020, 8, 28096–28108. [Google Scholar] [CrossRef]
- Madhusudhan, R.; Shashidhara, R. Mobile user authentication protocol with privacy preserving for roaming service in GLOMONET. Peer-to-Peer Netw. Appl. 2020, 13, 82–103. [Google Scholar] [CrossRef]
- Beaman, B.S.; Kline, E.V.; Rakshit, S.K. Managing in-Flight Transfer of Parcels Using Blockchain Authentication. U.S. Patent 10,547,454, 2020. [Google Scholar]
- Shen, M.; Liu, H.; Zhu, L.; Xu, K.; Yu, H.; Du, X.; Guizani, M. Blockchain-assisted secure device authentication for cross-domain industrial IoT. IEEE J. Sel. Areas Commun. 2020, 38, 942–954. [Google Scholar] [CrossRef]
- Pande, B.; Garcia, S.; Vohra, V.; Tripathi, R.; Nakano, F. Blockchain-Incorporating Distributed Authentication System. U.S. Patent App. 16/124,732, March 12, 2020. [Google Scholar]
- Cui, Z.; Fei, X.; Zhang, S.; Cai, X.; Cao, Y.; Zhang, W.; Chen, J. A hybrid BlockChain-based identity authentication scheme for multi-WSN. IEEE Trans. Serv. Comput. 2020, 13, 241–251. [Google Scholar] [CrossRef]
- Nainar, N.K.; Pignataro, C.M.; Muscariello, L.; Compagno, A.; Carofiglio, G. Distributed Data Authentication and Validation using Blockchain. U.S. Patent App. 16/118,699, 31 August 2018. [Google Scholar]
- Mittal, S.; Yadav, D.; Gupta, A. Method and System for Utilizing Blockchain and Telecom Network for Two Factor Authentication and Enhancing Security. U.S. Patent App. 16/105,015, February 20, 2020. [Google Scholar]
- Vimadalal, H.R.; Pinto, R. Blockchain Identity Safe and Authentication System. U.S. Patent App. 16/042,764, January 23, 2020. [Google Scholar]
- Briais, S.; Nestmann, U. A formal semantics for protocol narrations. In International Symposium on Trustworthy Global Computing; Springer: Berlin/Heidelberg, Germany, 2005; pp. 163–181. [Google Scholar]
- Zheng, Z.; Xie, S.; Dai, H.; Chen, X.; Wang, H. An overview of blockchain technology: Architecture, consensus, and future trends. In Proceedings of the 2017 IEEE International Congress on Big Data (BigData Congress), Honolulu, HI, USA, 25–30 June 2017; pp. 557–564. [Google Scholar]
- Li, N.; Liu, D.; Nepal, S. Lightweight mutual authentication for IoT and its applications. IEEE Trans. Sustain. Comput. 2017, 2, 359–370. [Google Scholar] [CrossRef]
- Burrows, M.; Abadi, M.; Needham, R.M. A logic of authentication. Proc. R. Soc. Lond. A Math. Phys. Sci. 1989, 426, 233–271. [Google Scholar]
- Stallings, W. Cryptography and Network Security, 4/E; Pearson Education India: London, UK, 2006. [Google Scholar]
- Pardeshi, M.S.; Yuan, S.M. SMAP Fog/Edge: A Secure Mutual Authentication Protocol for Fog/Edge. IEEE Access 2019, 7, 101327–101335. [Google Scholar] [CrossRef]
- Basin, D.; Dreier, J.; Hirschi, L.; Radomirovic, S.; Sasse, R.; Stettler, V. A formal analysis of 5G authentication. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, ON, Canada, 15–19 October 2018; pp. 1383–1396. [Google Scholar]
- Amin, R.; Islam, S.H.; Gope, P.; Choo, K.K.R.; Tapas, N. Anonymity preserving and lightweight multimedical server authentication protocol for telecare medical information system. IEEE J. Biomed. Health Inform. 2018, 23, 1749–1759. [Google Scholar] [CrossRef]
- Luo, H.; Wen, G.; Su, J. Lightweight three factor scheme for real-time data access in wireless sensor networks. Wirel. Netw. 2018, 26, 955–970. [Google Scholar] [CrossRef]
- Kumari, S.; Khan, M.K.; Li, X. An improved remote user authentication scheme with key agreement. Comput. Electr. Eng. 2014, 40, 1997–2012. [Google Scholar] [CrossRef]
References | Mutual Authentication Scheme | Entity’s Involved in the Authentication Process | Cryptography (Enc/Dec) or Message Communication | Protocol Implementation Scenario |
---|---|---|---|---|
Vehicle-to-grid (V2G) [14] | Physical unclonable function (PUF)-based secure user key exchange authentication (SUKA) | Vehicle, aggregator, and grid server | A function designed to perform XOR, addition, scalar multiplication, and exponential computation | A vehicle smart grid ecosystem (V2G) |
Remote health monitoring [15] | A signature-based two-factor authentication protocol | The body sensors, personal devices (PDs), the medical server (MS), and the user (doctor/family) | A function using a secret key, a prime number, a generator of the cyclic group, a pseudo-random value, a hash function, an XOR operation, a concatenation operation, and nonce values | Remote health monitoring |
5G security [16] | A signature-based mutual authentication protocol for m-health systems, which supports D2D communication within the 3GPP infrastructure | A health center, a cloud server, patients with and without sensors, patients’ devices, doctors, 3GPP access technology, evolved node B (eNB), and the 3GPP evolved packet core (EPC), represented by the home subscriber server (HSS) | Symmetric key with a random number, bi-linear pairing, and a signature | Mobile health (m-health) and telecare medicine information systems (TMISs) |
Public key infrastructure (PKI)-IoT [11] | Enhanced elliptic-curve-cryptography (ECC)-based two-factor authentication framework | A user/smart card and server | Elliptic curve discrete logarithms problem (ECDLP) and elliptic curve computational Diffie–Hellman problem (ECCDHP) | Smart card authentication |
Hash-chain fog/edge | A novel mode-based hash-chain mutual authentication protocol | A cloud server, a university gateway server, a department server, and a user/device | Symmetric key with the lightweight encryption system (LES) | A fog/edge model for inter-university student authentication |
System Environment | Server, Workstation | AWS Cloud | Raspberry Pi (3B+) |
---|---|---|---|
System Hardware | Intel Core i5 @ 3.10 GHz | T2.micro @ 2.5 GHz | Arm v8 @ 1.4 GHz |
Primary Memory | 16 GB | 1 GiB | 1 GB SDRAM |
Operating System | Ubuntu 16.04 | Amazon Linux 2 AMI | Ubuntu Server 19 |
System | Library |
---|---|
AWS Cloud/Workstation (Server) | Random, hashlib, datetime and numpy. |
Raspberry Pi | Random, hashlib, datetime, socket and JSON. |
Contiki Cooja Simulator | <stdio.h>, <stdlib.h>, <string.h>, “contiki.h”, “net/rime.h”, “lib/list.h”, “lib/memb.h”, “dev/button-sensor.h” and “dev/leds.h”. |
Session Key | Generation Time in s (100 Keys Each) |
---|---|
0.0080812 | |
0.00739694 | |
Updated | 0.00851083 |
Features | [14] | [26] | [27] | [15] | [28] | [29] | [30] | Hash-Chain |
---|---|---|---|---|---|---|---|---|
1. Mutual Authentication | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
2. Session Key | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
3. Zero-Knowledge Proofs | ✓ | |||||||
4. Cryptography (Enc/Dec) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
5. Message Integrity | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
6. Protocol Verification Logic | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||
7. Active Attacks | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
8. Passive Attacks | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||
9. Advance Attacks | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
10. Attack Severity Level’s | ✓ | ✓ |
Features | 5G-AKA | Hash-Chain |
---|---|---|
1. Secret Key Sharing | Shared SN and HN Key | Not Shared |
2. Challenge–Response | Key Hash, Random Number, and Identity | Zero-Knowledge Proof |
3. Authentication Process (AP) | Hash Comparison and Key Seed | Mode-Based Tree and Graph Transition |
4. Key Sharing | Repetition | Unique |
5. Cryptography | No | Yes |
6. Entities Involved in AP | SN, HN and Subscriber | Target Device, AS |
7. Channel Attacks | Sensitive S-SN to MITM by Passive/Active Attacks | Uses Time-Based Hash-Chain |
8. Management of Key Database | Uses Roaming for HN Proxy Connectivity | Blockchain Distributed Ledger |
9. Structure of System Model | Hash Function and Key Exchange | Novel Hash-Chain |
Protocols | Total Computational Cost | Time (s) |
---|---|---|
Amin et al. [45] | 26 /21 | 8.32/6.72 |
Luo et al. [46] | 26 | 8.32 |
Kumari et al. [47] | 18 | 5.76 |
Hash-Chain | 6 +8 +2 | 0.125 |
Protocol | Completion Time (ms) |
---|---|
RSA | 23,500 |
Hash-Chain Fog/Edge | 20,787 |
System | Completion Time (s) |
---|---|
WS (server) to Pi (client) | 0.0023081 |
Pi (server) to Pi (client) | 0.0073781 |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Pardeshi, M.S.; Sheu, R.-K.; Yuan, S.-M. Hash-Chain Fog/Edge: A Mode-Based Hash-Chain for Secured Mutual Authentication Protocol Using Zero-Knowledge Proofs in Fog/Edge. Sensors 2022, 22, 607. https://doi.org/10.3390/s22020607
Pardeshi MS, Sheu R-K, Yuan S-M. Hash-Chain Fog/Edge: A Mode-Based Hash-Chain for Secured Mutual Authentication Protocol Using Zero-Knowledge Proofs in Fog/Edge. Sensors. 2022; 22(2):607. https://doi.org/10.3390/s22020607
Chicago/Turabian StylePardeshi, Mayuresh Sunil, Ruey-Kai Sheu, and Shyan-Ming Yuan. 2022. "Hash-Chain Fog/Edge: A Mode-Based Hash-Chain for Secured Mutual Authentication Protocol Using Zero-Knowledge Proofs in Fog/Edge" Sensors 22, no. 2: 607. https://doi.org/10.3390/s22020607
APA StylePardeshi, M. S., Sheu, R. -K., & Yuan, S. -M. (2022). Hash-Chain Fog/Edge: A Mode-Based Hash-Chain for Secured Mutual Authentication Protocol Using Zero-Knowledge Proofs in Fog/Edge. Sensors, 22(2), 607. https://doi.org/10.3390/s22020607