2017 IEEE/ACS 14th International Conference on Computer Systems and Applications
A Privacy-Preserving Authentication Scheme in
an Edge-Fog Environment
Arij BEN AMOR Mohamed ABID
NOCCS Laboratory IResCoMath Unit
National Engineering School of National Engineering School of
Tunis, Gabes
University of Tunis EL Manar University of Gabes
Tunis, Tunisia Gabes, Tunisia
Email: arij.benamor@gmail.com Email: mohamed.abid@enig.rnu.tn
Abstract— In the three hierarchy architecture Edge-Fog-Cloud,
delivering services with low latency is needed from the cloud to
fog users with the intermediate of fog servers.
Private and secure communication scheme will be necessary
between fog users and dynamic fog servers. Fog servers are
dynamic in joining and leaving the fog. This dynamic change of
fogs must be transparent to the fog users. Our solution lies on the
introduction of a mutual authentication between Fog users at the
Edge of the network and the Fog servers at the Fog layer. We
propose a fog user-fog server anonymous mutual authentication
scheme in which fog user and fog server authenticate each other
and establish a session key without disclosing user’s real identity.
Our scheme is based on Pseudonym Based Cryptography PBC,
Elliptic Curve Discrete Logarithm Problem ECDLP and bilinear
pairing to establish the session key.
To evaluate the new solution, a security analysis and a formal
validation with AVISPA are presented.
Keywords—Fog-computing; mutual authentication; privacy;
PBC; ECC; pairing.
I. INTRODUCTION
Fog computing [1] as a new paradigm of computing, is
considered as an extension of the cloud to the edge of the
network. Fog computing environment is integrated in the
cloud in order to make client’s cloud-based applications like
computation, storage, and networking services closer to
client’s mobiles and devices using these applications. The
concept of Fog computing relies on the nodes’ configuration
and optimization of their performance. We remind that Edge
devices’ communication in the cloud may consume much
more time than what it makes in an environment where nodes
communicate directly.
The Fog which is an intermediate layer between the end
users (Edge of the Network) and the Cloud, is composed of
geo-distributed Fog servers deployed at the local areas of
mobile users, e.g, malls, bus terminals, parks, etc..
In the three hierarchy architecture Edge-Fog-Cloud as
shown in Figure 1, the cloud represents the central entity that
controls Fog servers localized at different locations. Since
geo-distributed Fog servers are focusing on the service to
deliver to mobile users localized in a specific location, they
2161-5330/17 $31.00 © 2017 IEEE 1225
DOI 10.1109/AICCSA.2017.57
Aref MEDDEB
NOCCS Laboratory
National Engineering School of
Sousse,
University of Sousse
Sousse, Tunisia
Email: aref.meddeb@infcom.rnu.tn
will be managed by the cloud. We recall that the main feature
of a cloud server is the management of content and
applications for the entire system.
Fog servers, the intermediate network component, ensure
the connection between cloud, peer fog servers and Fog
mobile users. The mobile users can within the Fog architecture
make a profit from the service delivered by Fog servers
without the need to search over cloud so they can enjoy high-
rate local connections.
Security issues need to be taken into account when
designing fog computing system especially in the Fog and
Edge layers.
Authentication is a primordial service that must be
included in order to avoid that a rogue Fog node/server
pretends to be legitimate. A fake Fog node or server will
represent a serious threat to mobile user data privacy.
In order to avoid the leakage of the user’s sensitive
personal information that enables the attacker to follow the
user’s current location, user’s anonymity should be adopted.
Moreover, anonymity makes more robust a fog user
authentication mechanism since an adversary would not be
able to track which fog user and fog server are interacting. The
simplest way to preserve anonymity during communication is
to mask entities real identity. Therefore, fog user and fog
server once anonymously authenticate each other a secure
session can be established in the Edge-Fog-Cloud architecture.
In the literature, a variety of authentication techniques
have been proposed for cloud environment and Mobile Cloud
Computing MCC. Most of traditional authentication schemes
are unsuitable for mobile devices, which incite the use of ECC
for its limited computing resources.
Elliptic Curve Cryptosystem (ECC) based remote
authentication scheme has been used for cloud Internet and
remote devices. For instance, Chen et al [5] proposed an ID-
based remote mutual authentication with key agreement
scheme for remote devices on ECC. He et al in [12] proposed
an efficient Privacy Aware Authentication PAA scheme for
the MCC services by using the bilinear pairing.
 Bilinear pairing cryptosystem and secure hardware like
Smart Card Generator are used in [9] to strengthen the
authentication of users in Distributed Mobile Cloud
Computing.
Other works [4-6] include anonymity in the remote cloud
user-server authentication framework in which user and server
authenticate each other and establish a session key without
disclosing users’ original identity over the public channels.
These solutions consider the issue of the remote cloud user-
server mutual authentication and do not take into account the
intermediate layer (the Fog).
The preservation of user identity is essential in Edge-Fog
systems to prevent the disclosure of some personal sensitive
data of the fog user. However, Maged’s scheme in [10] which
presents a secure and efficient mutual authentication scheme
for the Edge-Fog-Cloud network architecture, does not protect
the user’s anonymity. In mutual authentication phase, the
identity of the fog user is openly transmitted over a public
channel.
In [3], where Jebri et al designed a secure generic model to
ensure anonymous communication between nodes in Internet
of Thing IoT and Wireless Sensor Network WSN. The
problem of identity disclosure is solved by the use of the
virtual ID using the Pseudonym Based Encryption (PBC)
mechanism.
In this paper, we propose an anonymous and efficient
communication scheme for the Edge-Fog-Cloud network
architecture.
Our solution lies on the introduction of fog user-fog server
anonymous mutual authentication scheme in which fog user at
the Edge and fog server at the Fog layer authenticate each
other and establish a session key without disclosing users’ real
identity. Moreover, a light weighted authentication is assured
whenever a fog user wants to move from a fog server to
another within the same Fog. The migration from one fog
server to another is done without the inclusion of the
Authentication server.
The remainder of the paper is organized as follows: section
II, we recall the cryptographic background used in our
algorithm.
In section III, we describe our proposed anonymous
authentication scheme. The reliability of our solution is proved
in Section IV through the security analysis and in section V
through the formal validation using AVISPA tool. In Section
VI, we finish our paper by a conclusion and a future work.
II. CRYPTOGRAPHY BACKGROUND
In this section, we present the different cryptographic
techniques that were used in this paper.
A. Elliptic Curve Cryptography (ECC)
Elliptical curve cryptography (ECC) [7] is a technique of
public-key encryption based on elliptic curve theory that
generates keys through the properties of the elliptic curve
equation.
1226
An elliptic curve E over a finite field Fp is defined by the
equation:
E : y2 ≡ x3 + ax+ b (mod p) (1)
The protection of ECC's private key is ensured by the
Elliptic Curve Discrete Logarithm Problem (ECDLP).
For a given point Q = x.P where x is a constant and P is a
point in the elliptic curve, it is hard to an attacker to retrieve x
even he/she knows the point P and Q.
B. Bilinear Pairings
Let G1 be an additive group and G2 a multiplicative group. G1
and G2 are two cyclic groups of prime order q.
Let P, Q ∈ G1 and a, b ∈ Ζq*, basic properties of bilinear map
are:
• Non-degeneracy: There exists P,Q ∈ G1 such that
e(P,Q) ≠1
• Bilinearity: e(P+Q,R)=e(P,R).e(P,Q) (2)
and
e(aP,bP)=e(P,P)ab (3)
• Computability: It is efficient to compute e(P,Q),
∀ P,Q ∈ G1.
C. Pseudonym Based Cryptography (PBC)
PBC was presented by D. Huang [2]. It is a technique based
on the Identity Based Encryption (IBE) [14] and used to
ensure the privacy of users’ real identities by the auto-
generation of a pseudonym and a pair of public / private key.
The IBE introduced a new component which is the Private
Key Generator (PKG) which has the role to generate the user's
private key based on their public identity.
D. Pseudo Random Number Generator (PRNG)
PRNG is a computational mechanism intended to produce a
series of numbers that lack pattern to predict future value.
III. PROPOSED AUTHENTICATION SCHEME IN FOG
COMPUTING
In this section, we present the new proposed solution and its
steps.
A. Network Model
In the Cloud layer, Cloud Service Provider (CSP) has a
special server among its cloud servers, which is called the
Registration Authority (RA) of the Cloud. RA is responsible of
registering Cloud users to the Cloud, and Fog users to the Fogs
managed by this particular Cloud.
A PKG server is integrated in this RA which registers the
different identities and keys of fog users and fog servers in its
database.
Several Fogs (locations) can exist under the authority of RA.
For each Fog (Fi), there are a set of servers (FSi ∈ {FS1, FS2,..,
FSn}). An FSi communicates with the Fog users FUi ∈{ FU1, 1) Initialization phase:
FU2,..FUn}.
• Initially the RA will dispose of public and private key
pair (Kpub, Kpriv) and a set of chosen public parameters as
shown in Table II.
Kpub and public parameters are known by all fog servers
and fog users within a specific fog F.

TABLE II. System parameters

Parameters Description
E The elliptic curve
P Generic point of the elliptic curve
s secret master-key of RA
Kpub=s.P RA’s public-key
G1 A cyclic additive group
G2 A cyclic multiplicative group
e: G1*G1 G2 The pairing function
H1: {0,1}* G1 A map To Point hash function

• For each Fog server FSi within a Fog F under the

authority of RA, a key pair (Pfs, Sfs) are generated by RA
Fig. 1. EDGE-FOG-CLOUD Architecture as follow:
Public key Pfs=H1 (IDFS, IDF)
B. Proposed Solution Private key Sfs= s. Pfs
In our system, each fog user is known by its identity IDFU.
Fog user uses Pseudonym Based Encryption to calculate its Where IDFS is the identity (example hostname, serial
own virtual ID in order to achieve anonymity. The RA where number) of the Fog server FSi and the IDF is the identity
the PKG is implemented computes on its side only the user’s of the fog F where FSi is located.
private key which depends on its secret master key s.
FS’s key pair is sent using a secure channel to ensure
The notations used in our protocol are given in Table 1 confidentiality.

2) Registration phase:
TABLE I. NOTATIONS
Notation Meaning In the registration phase, a fog user FU with identity IDfu
RA Registration Authority (exp email @) subscribes to the Registration Authority RA.
F Fog/location
FS Fog Server
FU Fog User • Fog user FUi within a Fog F self-generates his/her
IDF Fog identity
IDFS Identity of Fog server
pseudonym VID and private/ public key pair using
IDFU Identity of Fog user publicly known parameters such as the elliptic curve E
(Kpub, Kpriv) Public/Private key pair of RA (a, b and prime number p) and P its Generic point.
(Pfs, Sfs) Public/Private key pair of FS
(Pfu, Sfu) Public /Private key pair of FU FU calculates his/her virtual ID (VID) related to his/her
VID Fog user virtual ID used as pseudonym Identity to ensure anonymous communication by
EKpub(x). public key encryption of x using key Kpub
EPfs(x) public key encryption of x using key Pfs choosing randomly two numbers rfu and k using PRNG
SignKpriv(x) Signing x using private key Kpriv mechanism and computes its keys:
SKFS-FU Session key between FS and FU
Kfu pre-shared key
W
Challenge value insuring authentication between Pseudonym VID = rfu.P
FS and FU
Public key Pfu= k.P
SV Set of VID of registered fog users within a fog F
n 1, n 2 nonce values Private key Sfu= rfu.Kpub (= rfu.s.P = s. VID)

During authentication, the user does not reveal his/her identity • FU finishes the subscription by sending IDfu, VID, Pfu
over the public channel to achieve anonymity. and a nonce n1 to RA encrypted with the RA’s public key
Kpub.
The protocol is composed of the following phases: EKpub(IDfu || VID ||Pfu || n1)

1227
In return, RA replies with a specific pre-shared key Kfu, which
will be encrypted with Pfu.
E Pfu(Kfu)
For each server FSi belonging to the FU’s Fog location, RA
sends VIDs of Fog users encrypted under the FS’s public key
and signed with RA’s private key Kpriv to ensure authenticity.
SV is a Set_of_VID which contains the associated Fog servers
within a Fog F. SV={VID , IDFS, IDF, kfu}.
SignKpriv(EPfs(SV))
Once receiving the SV, each server FSi decrypts it and stores
the VID for each fog user.
Fig. 2. Registration Phase
Whenever a new Fog server joins a Fog F, the RA launch
the initialization phase for this server and then sends the SV of
users belonging to the specific Fog. We note FUi is not aware
about this background step.
3) Authentication Phase:
The authentication phase starts when a registered fog user
in the Fog F wants to be authenticated by one of the F’s
servers FS.
Initially, FU does not know the identity of any server but just
requests a fog service.
The exchanged messages are illustrated in the figure 3.
1. FU broadcasts <Hello Fog, VID,n1> to the Fog F.
2. An in-range server FS ∈ F checks if the VID of the
Fog user is not rogue by verifying the list of VID sent
by the RA.
1228
In case of success verification, FS replies by sending
to FU the tuple <IDFS, IDF, VID,n1>
3. FU, after calculating Pfs, prepares a challenge (cfs,W)
and sends the tuple <cfs,n2> to the FS. W=cfs.Kfu.Pfs.
The adversary cannot retrieve the value W point of
the elliptic curve with the known cfs and Pfs due to the
hard solving of the ECDLP [7] problem.
4. FS calculates W’= cfs.Kfu.Pfs and sends W’ and
nonce n2 to FU.
FU compares the point W’ received from FS with his
W. If they are equal, the operation is successful else
the communication is refused.
Step 3 and step 4 represent the challenge phase where FU
authenticates FS.
Fig. 3. Authentication Phase
In [8], the authors consider the example of the
authentication for fragile connection between Fog and Cloud,
case of broken connection, when users would not be
successfully authenticated. Our solution is able to guarantee
the authentication of the user when there is no connection to
the cloud server due to the presence of the registred list of fog
users in each fog server.
a) Intra-Fog Authentication
In case of an intra-Fog authentication where a fog user
wants to move from one Fog server to another Fog server
within the same Fog, the authentication between FU and the
new FS will not need the intervention of the RA.
The mutual authentication between FU and FS2 will be
achieved with exchanging parameters as shown in Figure 4
FS2 after receiving the broadcasting message from FU, checks In both Inter-Fog and Intra-Fog authentication, fog users
if the VID exists in SV, aborts if the verification fails, else, achieve the mutual authentication without any extra-overheads
responds FU and alert FS1 to avoid duplication of VID. and without the need to re-register.

Then a new challenging phase will be done between FS2 and 4) Session key between Fog Users and Fog Servers
FU. The exchanged messages have the same elements like
messages 2, 3 and 4 of figure 3. Once authentication phase ends with success, FS and FU
can calculate, at the same time, the session key to use in
encrypting exchanged data.

Since they co-exist in the same Fog F, Fog user and Fog
server will use the same public parameters delivered from RA.
FS side SK = e (V ,S )
fs − fu ID fs
= e(r .P , s . H ( ID , ID ))
fu 1 fs f
srfu
= e(P , H ( ID , ID ))
1 fs f

FU side = e( S ,P )
SK fs − fu fu fs
= e(r .s . P , H ( ID , ID ))
fu 1 fs f
srfu
= e(P , H ( ID , ID ))
1 fs f

Fig. 4. Intra-Fog Authentication

b) Inter-Fog Authentication
The fog user in this case is moving from a Fog to another.
In this case, the mutual authentication is performed with the
intermediate of the RA.
As shown in figure 5, when FU wants to roam from FS1 to
FS2 situated in another fog, FS2 asks RA for the legitimacy of
FU. RA then checks the association of VID to F and informs
FS1 about the new association (new IDF, VID). If the checking
phase is successful, the lasting exchanged messages will have
the same elements like messages 2, 3 and 4 of figure 3.
Once the authentication phase ends with success and both
FS and FU calculate the session key, they can start the use of
SKFS-FU to encrypt and decrypt exchanged messages.
5) Updating the Leaked Pseudonym
Once a pseudonym is compromised or leaked, the fog user
can reconstruct his/her virtual id as follows:
• Generates a random number x using PRNG
mechanism and computes VID*=x.P.
• Sends identity updating request message
M = EKpub (IDfu || VID || VID*||n1’).
• Upon receiving the message from FU, RA will
decrypt the message, extract the new VID and resent
the updated list SV to concerned FSs.

IV. SECURITY ANALYSIS

In this section, we discuss the security analysis of the

proposed solution, then we compare its security performance
with some existing solutions.

1) Mutual authentication and key establishment

FU is authenticated by FS through the SV list stored

Fig. 5. Inter-Fog authentication
securely in the FS side and FS is authenticated by FU through
the challeging phase. Mutual authentication between FU and
FS is achieved, because both are able to deduce the session
key skfs-fu which is used to encrypt/decrypt exchanged
messages.

1229
Mutual authentication between FU and FS is accomplished In Table III, we compare security performance of our solution
based on identities, pre-shared key Kfu and hard ECDLP. with other existing ones. We can see that our model meets the
required security needs in an Edge-Fog environment such as:
2) Fog user anonymity
• Confidential communication: encryption of the
In the proposed scheme, we choose to exchange the exchanged data between FS and FU with the
anonymous identity instead of the original identity of a fog established session key.
user. Since the pseudonym is generated with the PBC
technique, it is hard to an attacker to reveal the real identity of • User privacy: hiding the real identity of the user
the fog user. Only the RA knows the link between the real through the use of virtual identities (VID) in the
identity and the pseudonym of the Fog user. PBC scheme.
3) Forward and backward secrecy
• Mutual authentication: between FS and FU
through the challenge phase.
Forward and backward secrecy means that if public
parameters or exchanged parameters during authentication
phase are revealed at any time, it will not affect the preceding TABLE III. COMPARISON OF SECURITY PERFORMANCE
and subsequent session keys. In fact the pseudonym on which
depends the establishment of the session key is periodically user Mutual Key confidential
and randomly regenerated by FU. An adversary can not privacy authentication exchange communication
Maged - + + +
recover or decrypt historical sessions. [10]
Gomaa + - - +
4) Attack resistance et al[4]
Chen et - + + +
al[5]
Our scheme can resist against various types of attacks. Our + + + +
solution
Eavesdropping attack : for the eavesdropping, data
transmitted after the establishment of the connection between Mutual authentication in the Edge-Fog-Cloud architecture
a Fog user and a Fog server is encrypted with the session key has not been enough studied. One work that directly targets
skfs-fu. The attacker will not be able to acquire the content of this field is Maged’s one [10]. In his study, anonymity is not
data since he/she doesn't know skfs-fu. involved and the ID of user is openly transmitted over a public
channel.
Man in the middle MITM attack : Whenever an adversary
or a rogue fog server try a MITM attack by sniffing Table IV compares the computation requirement of our
exchanged messages between Fog user and Fog server and solution with Maged’ one in terms of cryptographic operations
collecting public parameters, he couldn’t guess the session key needed in each phase. We show that our solution requires less
because parameter s and Kfu are kept secret. Hence, neither computation ; we use just the pairing function and we do not
the challenge value nor the session key could be retrieved. need messages to establish the session key.

Replay attack : this kind of attack is not possible in our We note asym as asymmetric cryptography and sym as
scheme because nonce is sent with each message. symmetric cryptography .

TABLE IV. COMPARISON OF COMPUTATION REQUIREMENTS IN TERMS OF CRYPTOGRAPHIC OPERATIONS

Maged’s solution[10] Our solution

Initialization phase Registration pahse Authentication phase Initialization phase Registration phase Authentication phase
FU - - 1 hash - 1 asym encryption -
1 sym encryption 1 asym decryption
1 sym decryption
FS 1 sign verif 1 sign verification 1 sym encryption - 1 sign verif -
1 asym encryption 1 sym decryption 1 asym decryption
RA 1 sign gen 1 asym encryption - - 1 asym decryption -
1 hash 1 hash 1 sign
1 sign 2 asym encryption

1230
 V. FORMAL VALIDATION
We evaluate the formal security analysis using the
Automatic Validation of Internet Protocols and
Application[15] (AVISPA).
The output shows in figure 6 that the protocol is safe (no
attacks were found) and that the security goals of our formal
validation are attained.
We correctly compiled On-the-Fly-Model-Checker (OFMC)
[17] model and validated the fog user-fog server secured
communication protocol.
We defined the security goals as an input to the automatic
formal proof of our protocol:
• Secrecy of the communication session between RA
and FS.
• Secrecy of the communication session between FS
and FU.
• Authentication of RA by the FS.
Even an intruder impersonates the FU to the FS, this should
not allow him to get the SKfs-fu and access to services.
Fig. 6. AVISPA validation
VI. CONCLUSION
New authentication mechanisms are needed to secure
the three hierarchy architecture Edge-Fog-Cloud. In this
paper, a new anonymous and secure authentication scheme
in fog-based cloud computing is presented. Our scheme
provides a mutual authentication between fog servers and
fog users with the possibility of roaming between fogs in an
anonymous and secure way. The security analysis and The
formal validation with AVISPA tool have shown that our
solution has improved security and privacy preservation
compared with some existing solutions.
1231
The next step is the implementation of a prototype for this
scheme. We will use the C programming language with the
Miracl [16] and PBC libraries.
References
[1] Stojmenovic, Ivan, and Sheng Wen. "The fog computing paradigm:
Scenarios and security issues." Computer Science and Information
Systems (FedCSIS), 2014 Federated Conference on. IEEE, 2014.
[2] Huang, Pseudonym-based cryptography for anonymous
communications in mobile ad hoc networks , Int. J. Security and
Networks, Vol. 2,N 3/4, 2007
[3] Jebri, Sarra, Abid Mohamed , and Bouallegue Ammar. "An efficient
scheme for anonymous communication in IoT." 2015 11th
International Conference on Information Assurance and Security
(IAS). IEEE, 2015.
[4] Gomaa, Ibrahim A., Abd-Elrahman, Emad , and Abid, Mohamed .
"Virtual Identity Approaches Evaluation for Anonymous
Communication in Cloud Environments." INTERNATIONAL
JOURNAL OF ADVANCED COMPUTER SCIENCE AND
APPLICATIONS 7.2 (2016): 367-376.
[5] Chen, Tien-Ho, Hsiu-lien Yeh, and Wei-Kuan Shih. "An advanced
ecc dynamic id-based remote mutual authentication scheme for cloud
computing." Multimedia and Ubiquitous Engineering (MUE), 2011
5th FTRA International Conference on. IEEE, 2011.
[6] Mishra, Raghavendra. "Anonymous remote user authentication and
key agreement for cloud computing." Proceedings of the Third
International Conference on Soft Computing for Problem Solving.
Springer India, 2014.
[7] IETF RFC 6090, February 2011, Fundamental Elliptic Curve
Cryptography Algorithms.
[8] Stojmenovic, Ivan, et al. "An overview of Fog computing and its
security issues." Concurrency and Computation: Practice and
Experience (2015).
[9] Tsai, Jia-Lun, and Nai-Wei Lo. "A privacy-aware authentication
scheme for distributed mobile cloud computing services." IEEE
systems journal 9.3 (2015): 805-815.
[10] Ibrahim, Maged. "Octopus: An Edge-Fog Mutual Authentication
Scheme."International Journal of Network Security (2016).
[11] Roman, Rodrigo, Javier Lopez, and Masahiro Mambo. "Mobile edge
computing, fog et al.: A survey and analysis of security threats and
challenges." Future Generation Computer Systems (2016).
[12] He, Debiao, et al. "Efficient Privacy-Aware Authentication Scheme
for Mobile Cloud Computing Services." IEEE Systems Journal
(2016).
[13] Yang, Xu, Xinyi Huang, and Joseph K. Liu. "Efficient handover
authentication with user anonymity and untraceability for Mobile
Cloud Computing." Future Generation Computer Systems 62 (2016):
190-195.
[14] D. Boneh and M. Franklin, Identity-Based Encryption from the Weil
Pairing, Advances in Cryptology-CRYPTO, Lecture Notes in
Computer Science vol. 2139, pp 213-229, 2001
[15] Armando, A. et al. (2005) ‘The AVISPA tool for the automated
validation of internet security protocols and applications’, in 17th
International Conference on Computer Aided Verification (CAV’05),
LNCS, Vol. 3576, pp.281–285
[16] CertiVox/MIRACL, https://github.com/CertiVox/MIRACL. accessed
20 April 2017
[17] D. Basin, S. Mdersheim ,L. Vigan. An On-the-Fly Model-Checker for
Security Protocol Analysis. In in proceedings of ESORICS 2003,
Lecture Notes in Computer Science, Volume 2808, pages 253270,
2003.