多接入边缘计算的交接认证密钥交换

IF 7.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications Pub Date : 2024-11-22 DOI:10.1016/j.jnca.2024.104071

Yuxin Xia , Jie Zhang , Ka Lok Man , Yuji Dong

{"title":"多接入边缘计算的交接认证密钥交换","authors":"Yuxin Xia , Jie Zhang , Ka Lok Man , Yuji Dong","doi":"10.1016/j.jnca.2024.104071","DOIUrl":null,"url":null,"abstract":"<div><div>Authenticated Key Exchange (AKE) has been playing a significant role in ensuring communication security. However, in some Multi-access Edge Computing (MEC) scenarios where a moving end-node switchedly connects to a sequence of edge-nodes, it is costly in terms of time and computing resources to repeatedly run AKE protocols between the end-node and each edge-node. Moreover, the cloud needs to be involved to assist the authentication between them, which goes against MEC’s purpose of bringing cloud services from cloud to closer to end-user. To address the above problems, this paper proposes a new type of AKE, named as Handover Authenticated Key Exchange (HAKE). In HAKE, an earlier AKE procedure handovers authentication materials and some parameters to its temporally next AKE procedure, thereby saving resources and reducing the participation of remote cloud. Following the framework of HAKE, we propose a concrete HAKE protocol based on Elliptic Curve Diffie–Hellman (ECDH) key exchange and ratcheted key exchange. Then we verify its security via Burrows-Abadi-Needham (BAN) logic and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. Finally, we evaluate and test its performance. The results show that the HAKE protocol achieves security goals and reduces communication and computation costs compared to similar protocols.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"234 ","pages":"Article 104071"},"PeriodicalIF":7.7000,"publicationDate":"2024-11-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Handover Authenticated Key Exchange for Multi-access Edge Computing\",\"authors\":\"Yuxin Xia , Jie Zhang , Ka Lok Man , Yuji Dong\",\"doi\":\"10.1016/j.jnca.2024.104071\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Authenticated Key Exchange (AKE) has been playing a significant role in ensuring communication security. However, in some Multi-access Edge Computing (MEC) scenarios where a moving end-node switchedly connects to a sequence of edge-nodes, it is costly in terms of time and computing resources to repeatedly run AKE protocols between the end-node and each edge-node. Moreover, the cloud needs to be involved to assist the authentication between them, which goes against MEC’s purpose of bringing cloud services from cloud to closer to end-user. To address the above problems, this paper proposes a new type of AKE, named as Handover Authenticated Key Exchange (HAKE). In HAKE, an earlier AKE procedure handovers authentication materials and some parameters to its temporally next AKE procedure, thereby saving resources and reducing the participation of remote cloud. Following the framework of HAKE, we propose a concrete HAKE protocol based on Elliptic Curve Diffie–Hellman (ECDH) key exchange and ratcheted key exchange. Then we verify its security via Burrows-Abadi-Needham (BAN) logic and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. Finally, we evaluate and test its performance. The results show that the HAKE protocol achieves security goals and reduces communication and computation costs compared to similar protocols.</div></div>\",\"PeriodicalId\":54784,\"journal\":{\"name\":\"Journal of Network and Computer Applications\",\"volume\":\"234 \",\"pages\":\"Article 104071\"},\"PeriodicalIF\":7.7000,\"publicationDate\":\"2024-11-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Network and Computer Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1084804524002480\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Network and Computer Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1084804524002480","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

验证密钥交换（AKE）在确保通信安全方面一直发挥着重要作用。然而，在某些多接入边缘计算（MEC）场景中，移动终端节点会切换连接到一系列边缘节点，在终端节点和每个边缘节点之间重复运行 AKE 协议会耗费大量时间和计算资源。此外，还需要云参与协助它们之间的身份验证，这与 MEC 将云服务从云端带到更接近终端用户的目的背道而驰。为解决上述问题，本文提出了一种新型 AKE，即 "切换认证密钥交换"（Handover Authenticated Key Exchange，HAKE）。在 HAKE 中，前一个 AKE 程序将认证材料和一些参数移交给其在时间上的下一个 AKE 程序，从而节省了资源并减少了远程云的参与。按照 HAKE 的框架，我们提出了一种基于椭圆曲线 Diffie-Hellman 密钥交换和梯度密钥交换的具体 HAKE 协议。然后，我们通过Burrows-Abadi-Needham（BAN）逻辑和互联网安全协议与应用自动验证（AVISPA）工具来验证其安全性。最后，我们对其性能进行了评估和测试。结果表明，与类似协议相比，HAKE 协议实现了安全目标，并降低了通信和计算成本。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Handover Authenticated Key Exchange for Multi-access Edge Computing

Authenticated Key Exchange (AKE) has been playing a significant role in ensuring communication security. However, in some Multi-access Edge Computing (MEC) scenarios where a moving end-node switchedly connects to a sequence of edge-nodes, it is costly in terms of time and computing resources to repeatedly run AKE protocols between the end-node and each edge-node. Moreover, the cloud needs to be involved to assist the authentication between them, which goes against MEC’s purpose of bringing cloud services from cloud to closer to end-user. To address the above problems, this paper proposes a new type of AKE, named as Handover Authenticated Key Exchange (HAKE). In HAKE, an earlier AKE procedure handovers authentication materials and some parameters to its temporally next AKE procedure, thereby saving resources and reducing the participation of remote cloud. Following the framework of HAKE, we propose a concrete HAKE protocol based on Elliptic Curve Diffie–Hellman (ECDH) key exchange and ratcheted key exchange. Then we verify its security via Burrows-Abadi-Needham (BAN) logic and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. Finally, we evaluate and test its performance. The results show that the HAKE protocol achieves security goals and reduces communication and computation costs compared to similar protocols.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Network and Computer Applications 工程技术-计算机：跨学科应用

CiteScore

21.50

自引率

3.40%

发文量

142

审稿时长

37 days

期刊介绍： The Journal of Network and Computer Applications welcomes research contributions, surveys, and notes in all areas relating to computer networks and applications thereof. Sample topics include new design techniques, interesting or novel applications, components or standards; computer networks with tools such as WWW; emerging standards for internet protocols; Wireless networks; Mobile Computing; emerging computing models such as cloud computing, grid computing; applications of networked systems for remote collaboration and telemedicine, etc. The journal is abstracted and indexed in Scopus, Engineering Index, Web of Science, Science Citation Index Expanded and INSPEC.