RAAF-MEC: Reliable and anonymous authentication framework for IoT-enabled mobile edge computing environment

The Internet of Things (IoT) devices are becoming increasingly integral to daily life, with cloud computing platforms serving as essential hubs for managing and processing the vast data generated by distributed IoT devices and sensors. The advent of 6G-powered cloud services facilitates applications such as augmented reality, virtual reality, autonomous driving, and healthcare, all of which require rapid data processing. Mobile edge computing (MEC) extends cloud capabilities to the network’s edge, enabling large-scale, real-time data processing. However, this transition introduces security challenges due to the open nature of MEC infrastructures, which increases the risk of data breaches and privacy violations. To address these challenges, RAAF-MEC is proposed as an innovative authentication framework designed specifically for IoT-enabled MEC environments. The framework incorporates hash functions, PUF, ECC, and GIFT-COFB. GIFT-COFB, a lightweight encryption mechanism, and NIST finalist, ensures data authenticity and integrity. PUF technology, integrated on the MEC server side, dynamically derives secret keys, mitigating the risk of privileged insider attacks by eliminating the need to store keys in the MEC server’s database. This approach enhances security by preventing unauthorized access to sensitive key material. RAAF-MEC also supports single sign-on for seamless access across MEC servers. The effectiveness of RAAF-MEC has been validated through comprehensive formal and informal security assessments, as well as performance evaluations against existing authentication frameworks. Our results show that RAAF-MEC reduces computational costs by 27.3% to 52.12% and communication costs by 69.44% to 75%, while significantly enhancing security features.