SKAFS: Symmetric Key Authentication Protocol With Forward Secrecy for Edge Computing

The IoT-edge-cloud paradigm enables resource-constrained IoT devices to offload their computation, thereby meeting the required quality-of-service for real-time applications. However, the deployment of IoT devices in public places, such as smart cities, exposes them to various security threats, including physical attacks. To address these security concerns, we propose a physical unclonable function (PUF)-based IoT-edge-cloud symmetric key authentication protocol with forward secrecy (SKAFS), which ensures the anonymity of transacting IoT devices, resilience to desynchronization-based denial-of-service attacks, and PUF modeling attacks. To evaluate the security of our protocol, we conduct a formal security analysis using the automated AVISPA tool. In addition, based on the indistinguishability property of the PUF, we formally prove that SKAFS is secure under the Canetti-Krawczyk-adversary model. Moreover, we implement the protocol using socket programming between a Raspberry Pi 1 as an IoT device, a Raspberry Pi 4 as an IoT gateway, and an 11th Gen Intel Core i7–11800H laptop as the cloud admin to simulate the message flow between the protocol entities in a real-time experiment and calculate its end-to-end latency. Finally, we compare SKAFS with other PUF-based protocols in terms of computation time, communication cost, and storage requirements.