Lightweight And Secure Authentication Scheme For Iot Network Based On Publish-Subscribe Fog Computing Model

The Internet of Things (IoT) has converged with Cloud computing to provide comprehensive services to users in different places. However, with the exponential growth of smart devices connected to the Internet, Cloud computing has severe challenges, especially for applications that require low-latency and real-time processing. Therefore, the Fog computing paradigm emerged that is more compatible with the IoT, in which events are processed near where they occurred for practical and quick response time. Authentication is an essential issue for fog computing security since fog gateways and IoT devices are subject to many attacks. The main problem to provide authentication between IoT devices is that they have limited resources and computational processing. On the one hand, certificate-based authentication algorithms are secure, but they are heavy for IoT devices. On the other hand, Pre-shared authentication algorithms such as PSK are suitable for low-resource devices, but are not widely used due to their low security. Therefore, this paper proposes to use the Elliptic Curve Diffie- Hellman Ephemeral (ECDHE) key exchange algorithm along with the Pre-Shared Key (PSK) as a lightweight and secure authentication scheme between the fog gateway and IoT device based on the Message Queuing Telemetry Transport (MQTT) publish-subscribe protocol in a distributed fog computing architecture. The proposed ECDHE-PSK authentication scheme uses Ephemeral Pre-shared key instead of heavy certificates that is very lightweight and also provides Perfect Forward Secrecy (PFS) feature to enhance security in comparison with the static PSK algorithm. To evaluate the resource consumption and security resistance of the proposed scheme it was implemented on the real test environment and then was compared with two state-of-the-art certificate-based authentication schemes and a static PSK-based scheme. The comprehensive performance and security evaluations showed that in the distributed publish-subscribe fog computing architecture the proposed ECDHE-PSK is almost as light as the PSK algorithm while has all security features of certificate-based algorithms.