SDN-Based Handover Authentication Scheme for Mobile Edge Computing in Cyber-Physical Systems

Mobile edge computing (MEC) in cyber-physical systems (CPSs) with massive resource-constrained edge computing node (ECN) faces new challenges in security provisioning. The traditional centralized security authentication schemes with low performance are no longer applied for MEC in CPS. Due to the mobility of ECN, it is extraordinarily practical for ECN to establish a security association with another AP once leaving the service area of its current AP. In this paper, we represent the related research and propose a novel and efficient softwaredefined networking (SDN)-based handover authentication scheme for MEC in CPS (SHAS). An authentication handover module (AHM) in the SDN controller is applied for key distribution and authentication management. Before ECN handovers, the AHM distributes a key to the current serving AP for ECN further handover. Whenever a handover happens, target AP requests the AHM for the one-time session key (OSK) to authenticate the ECN. The target AP and ECN can proceed with the 3-way handshake protocol by the OSK to achieve mutual authentication and secret key confidentiality. Using the logical derivation of Burrows, Abadi, and Needham and formal verification by automated validation of Internet security protocols and applications (AVISPAs), proposed SHAS scheme can get mutual authentication and secret key confidentiality with a strong anti-attack ability. The simulation results show that the SHAS scheme has the characteristics of lower computational delay and less communication resources. Finally, the practical demonstration of our scheme is done using the widely accepted NS-3 simulation.