An Efficient and Secure Authentication and Key Agreement Protocol for Multi-Device Scenarios in Fog Computing

The fog computing paradigm enables mobile users to seamlessly interact with crowds of nearby IoT devices for low-latency services. However, existing authentication and key agreement (AKA) protocols suffer from critical limitations in this mobile context. While existing AKA schemes are optimized for mobile edge environments, they incur substantial overhead in multi-device scenarios: they require repeated authentication for each device and generate distinct session keys per user-device pair, leading to high key management complexity at scale. Furthermore, traditional one-to-many protocols are unsuitable for distributed fog environments due to their reliance on trusted central nodes (e.g., gateways or servers) and incompatible communication models. To address these issues, this paper proposes an efficient and secure authentication protocol for fog computing that integrates elliptic curve cryptography with secret sharing. Our solution enables a user to authenticate an entire group of devices managed by a semi-trusted fog node (honest-but-curious) through a single protocol execution, effectively eliminating the authentication bottleneck caused by scaling devices. Formal security proof under the Real-Or-Random (ROR) model is provided, along with informal analysis, demonstrating the protocol ensures forward secrecy, user anonymity, and resistance to a comprehensive set of attacks, including ephemeral secret leakage, key compromise impersonation, and replay attacks. Performance analysis confirms the scheme maintains low communication and computational overhead while achieving comprehensive security.