SAKA: Scalable authentication and key agreement scheme with configurable key evolution in edge-fog-multicloud computing environments

Fog computing can efficiently address problems in centralized cloud computing in multi-cloud environments, such as network congestion, data loss, high latency, and excessive energy consumption. However, it poses additional challenges to authentication and key agreement schemes, especially regarding scalability, overhead, and security. To address these challenges, this paper proposes a scalable authentication and key agreement (SAKA) scheme with configurable key evolution tailored for fog computing in multi-cloud environments. The proposed SAKA scheme integrates a configurable key evolution mechanism with a sound synchronization feature and introduces timing constraints to address concurrency-induced key synchronization issues in multi-cloud environments. This approach allows for tailoring the adjustable key renewal period to specific application needs, thus balancing security and overhead. In addition, the SAKA scheme uses the elliptic curve Diffie–Hellman key exchange method with a pre-shared key to establish session keys between fog gateways and cloud applications. This approach eliminates the need for resource-intensive certificates and ensures perfect forward secrecy. Further, implementing the broadcast mechanism in the proposed SAKA scheme reduces computational and communication overhead in multi-cloud environments, thus enhancing scalability. The results of a comprehensive security analysis conducted using both formal and informal methods prove that the proposed SAKA scheme is secure. Finally, a comparison with existing schemes demonstrates that the SAKA scheme excels in security authentication for fog gateways in multi-cloud environments. The proposed SAKA scheme reduces computational overhead by 50% for single-entity authentication and by up to 67% for multi-entity scenarios.