Handover Authenticated Key Exchange for Multi-access Edge Computing

Authenticated Key Exchange (AKE) has been playing a significant role in ensuring communication security. However, in some Multi-access Edge Computing (MEC) scenarios where a moving end-node switchedly connects to a sequence of edge-nodes, it is costly in terms of time and computing resources to repeatedly run AKE protocols between the end-node and each edge-node. Moreover, the cloud needs to be involved to assist the authentication between them, which goes against MEC's purpose of bringing cloud services from cloud to closer to end-user. To address the above problems, this paper proposes a new type of AKE, named as Handover Authenticated Key Exchange (HAKE). In HAKE, an earlier AKE procedure handovers authentication materials and some parameters to its temporally next AKE procedure, thereby saving resources and reducing the participation of remote cloud. Following the framework of HAKE, we propose a concrete HAKE protocol based on Elliptic Curve Diffie–Hellman (ECDH) key exchange and ratcheted key exchange. Then we verify its security via Burrows-Abadi-Needham (BAN) logic and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. Finally, we evaluate and test its performance. The results show that the HAKE protocol achieves security goals and reduces communication and computation costs compared to similar protocols.