Baiyi Huang,Xiuzhen Cheng,Yuan Cao,Le Zhang

DOI: https://doi.org/10.1109/sec.2018.00059

2018-01-01

Abstract:Fog computing is a new paradigm that extends cloud computing to the network edges. As data processing, communications, and control are performed more closely to the end-user devices in fog computing, chances for the attackers to gain unauthorized accesses to sensitive data have been greatly increased. In this paper, we propose a new resource-efficient physical unclonable function (PUF) based authentication scheme to protect the security and privacy of the confidential information in edge devices. Unlike other PUF based lightweight authentication schemes, our proposed method remarkably increases the machine learning attack time without requiring a server to store a large amount of challenge response pairs (CRPs). Besides, a new strong PUF with feedback loop is employed in our scheme to further resist the machine learning attacks that have demonstrated efficacy in compromising strong PUFs. Our proof-of-concept implementation shows that the proposed scheme is suitable for resource-constrained end-user devices in terms of memory, computation, and security.

Hanguang Luo,Tao Zou,Chunming Wu,Dan Li,Shunbin Li,Chu

DOI: https://doi.org/10.32604/cmc.2022.027118

2022-01-01

Abstract:In the emerging Industrial Internet of Things (IIoT), authentication problems have become an urgent issue for massive resource-constrained devices because traditional costly security mechanisms are not suitable for them. The security protocol designed for resource-constrained systems should not only be secure but also efficient in terms of usage of energy, storage, and processing. Although recently many lightweight schemes have been proposed, to the best of our knowledge, they are unable to address the problem of privacy preservation with the resistance of Denial of Service (DoS) attacks in a practical way. In this paper, we propose a lightweight authentication protocol based on the Physically Unclonable Function (PUF) to overcome the limitations of existing schemes. The protocol provides an ingenious authentication and synchronization mechanism to solve the contradictions amount forward secrecy, DoS attacks, and resource-constrained. The performance analysis and comparison show that the proposed scheme can better improve the authentication security and efficiency for resource-constrained systems in IIoT.

Thankaraja Raja Sree,R. Harish,T. Veni

DOI: https://doi.org/10.1002/cpe.8054

2024-03-02

Concurrency and Computation Practice and Experience

Abstract:Summary As opposed to cloud servers, fog servers, and fog users may be malicious, so developing a mutual identity‐preserving authentication mechanism between them is a crucial and difficult problem in fog computing. Such a technique must conceal the user's true identity from the adversary; otherwise, the adversary will be able to determine which fog user and fog server are in communication. This article suggests a secure and reliable anonymous mutual authentication system for use at the network's edge between fog users and fog servers. With the aid of the registration authority (RA) in our system, they can verify one another and decide on a new session key that will be used to encrypt messages throughout the session. Fog users don't need to re‐register with RA to wander freely over the network and authenticate to any fog server that is within their range. The proposed technique only needs a small number of symmetric encryption/decryption and one‐way hash functions, making it easy to implement for fog‐user devices with limited resources. The new scheme's performance is evaluated in comparison to the existing one, showing that it is more resilient to various types of assaults (such as known plaintext attacks, man‐in‐the‐middle attacks, session hijacking, etc.). The widely used Automated Validation of Internet Security Protocols and Applications tool is used to verify the proposed system. The outcomes demonstrate that our approach can safely withstand different attacks and accomplish the desired outcomes. Additionally, the proposed method is tested in real‐world scenarios with the NS3 simulator.

computer science, theory & methods, software engineering

Wenli Shang,Xudong Wen,Zhuo Chen,Wenze Xiong,Zhiwei Chang,Zhong Cao

DOI: https://doi.org/10.1631/fitee.2400497

IF: 2.526

2024-11-06

Frontiers of Information Technology & Electronic Engineering

Abstract:In edge control systems (ECSs), edge computing demands more local data processing power, while traditional industrial programmable logic controllers (PLCs) cannot meet this demand. Thus, edge intelligent controllers (EICs) have been developed, making their secure and reliable operation crucial. However, as EICs communicate sensitive information with resource-limited terminal devices (TDs), a low-cost, efficient authentication solution is urgently needed since it is challenging to implement traditional asymmetric cryptography on TDs. In this paper, we design a lightweight authentication scheme for ECSs using low-computational-cost hash functions and exclusive OR (XOR) operations; this scheme can achieve bidirectional anonymous authentication and key agreement between the EIC and TDs to protect the privacy of the devices. Through security analysis, we demonstrate that the authentication scheme can provide the necessary security features and resist major known attacks. Performance analysis and comparisons indicate that the proposed authentication scheme is effective and feasible for deployment in ECSs.

engineering, electrical & electronic,computer science, information systems, software engineering

Mohammad Wazid,Ashok Kumar Das,Neeraj Kumar,Athanasios V. Vasilakos

DOI: https://doi.org/10.1016/j.future.2018.09.017

IF: 7.307

2019-02-01

Future Generation Computer Systems

Abstract:Fog computing (fog networking) is known as a decentralized computing infrastructure in which data, applications, compute as well as data storage are scattered in the most logical and efficient place among the data source (i.e., smart devices) and the cloud. It gives better services than cloud computing because it has better performance with reasonably low cost. Since the cloud computing has security and privacy issues, and fog computing is an extension of cloud computing, it is therefore obvious that fog computing will inherit those security and privacy issues from cloud computing. In this paper, we design a new secure key management and user authentication scheme for fog computing environment, called SAKA-FC. SAKA-FC is efficient as it only uses the lightweight operations, such as one-way cryptographic hash function and bitwise exclusive-OR (XOR), for the smart devices as they are resource-constrained in nature. SAKA-FC is shown to be secure with the help of the formal security analysis using the broadly accepted Real-Or-Random (ROR) model, the formal security verification using the widely-used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool and also the informal security analysis. In addition, SAKA-FC is implemented for practical demonstration using the widely-used NS2 simulator.

Mohamed Ali Shaaban,Almohammady S. Alsharkawy,Mohammad T. AbouKreisha,Mohammed Abdel Razek

DOI: https://doi.org/10.5121/ijcnc.2023.15404

2024-08-06

Abstract:The rapid growth of cloud computing and Internet of Things (IoT) applications faces several threats, such as latency, security, network failure, and performance. These issues are solved with the development of fog computing, which brings storage and computation closer to IoT-devices. However, there are several challenges faced by security designers, engineers, and researchers to secure this environment. To ensure the confidentiality of data that passes between the connected devices, digital signature protocols have been applied to the authentication of identities and messages. However, in the traditional method, a user's private key is directly stored on IoTs, so the private key may be disclosed under various malicious attacks. Furthermore, these methods require a lot of energy, which drains the resources of IoT-devices. A signature scheme based on the elliptic curve digital signature algorithm (ECDSA) is proposed in this paper to improve the security of the private key and the time taken for key-pair generation. ECDSA security is based on the intractability of the Elliptic Curve Discrete Logarithm Problem (ECDLP), which allows one to use much smaller groups. Smaller group sizes directly translate into shorter signatures, which is a crucial feature in settings where communication bandwidth is limited, or data transfer consumes a large amount of energy. The efficiency and effectiveness of ECDSA in the IoT environment are validated by experimental evaluation and comparison analysis. The results indicate that, in comparison to the two-party ECDSA and RSA, the proposed ECDSA decreases computation time by 65% and 87%, respectively. Additionally, as compared to two-party ECDSA and RSA, respectively, it reduces energy consumption by 77% and 82%.

Cryptography and Security

Xutong Jiang,Ruihan Dou,Qiang He,Xuyun Zhang,Wanchun Dou

DOI: https://doi.org/10.1002/spe.3206

2024-01-01

Abstract:Edge computing is regarded as an extension of cloud computing that brings computing and storage resources to the network edge. For some Industrial Internet of Things (IIoT) applications such as supply-chain supervision and collaboration, Internet of Vehicles, real-time video analysis and so forth, users should be authenticated before visiting the geographically distributed edge servers. Limited by the considerable latency between the cloud and edge servers, and the limited capacity of edge servers, it is infeasible to copy the authentication method from cloud servers when users are authenticated in edge servers. In view of this challenge, this paper proposes a novel token-based authentication scheme, named EdgeAuth, that enables fast edge user authentication through collaboration among cloud servers and edge servers. Under the EdgeAuth scheme, edge servers can rapidly verify the credentials of users who have been authenticated by the cloud server. EdgeAuth can also protect users from a series of authentication attacks, for example, the replay attack, DoS attack and man-in-the-middle attack. The results of experiments conducted on a simulated edge computing environment validate the usefulness of EdgeAuth through a comparison in latency and throughput against two baseline schemes.

Awaneesh Kumar Yadav,An Braeken,Manoj Misra

DOI: https://doi.org/10.1007/s11227-023-05064-y

IF: 3.3

2023-02-24

The Journal of Supercomputing

Abstract:Fog and dew computing represent relatively new computing paradigms in the literature. The main idea is to offload the computation processes from the device to a more nearby fog or dew server, who further forwards it to the central server. In the case of dew computing, the dew server is considered to lose connection with the central server and should be able to function autonomously most of the time. In the literature, several public-key-based tripartite schemes, offering a full set of security features, have been proposed that can serve the purpose. However, due to the large difference in performance between symmetric and public key-based cryptographic algorithms, this paper proposes a symmetric key-based authentication and key agreement protocol, consisting of a long and a short authentication process, addressing both fog and dew computing scenarios. Moreover, we conduct the informal and formal (ROR logic, GNY logic, and Scyther tool) security analysis to ensure that the scheme satisfies the most important security features described in the literature, in addition to offering protection against a semi-trusted third party. Furthermore, we assess the performance of the long and the short authentication phases in terms of computational, communication, storage costs, and energy consumption, revealing that it is less expensive than its competitors. Additionally, we show that when compared to its competitors, the long and the short authentication phases have less overhead when unknown attacks occur. We also use the NS2 network simulator tool to execute a real-time implementation of the long and the short authentication phase to ensure that it is realistic in practical implementation.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Yi Chen,Ai-dong Xu,Hong Wen,Yi-xin Jiang,Teng-yue Zhang

DOI: https://doi.org/10.12783/dteees/icepe2019/28912

2019-01-01

Abstract:Because of heavy cost, using of the traditional Public Key Infrastructure (PKI) authentication schemes is limited for the energy-constrained intelligent devices such as the power edge computing system, in which lightweight secure authentication schemes are urgent needed. In this paper, we propose a lightweight mutual authentication scheme supported by the edge computing, which is a novel cross-layer secure authentication program with asymmetric resources. The novel scheme combines lightweight symmetric cipher and physical-layer Channel State Information (CSI) to provide two-way authentication between terminals and edge devices. Experimental results show that the proposed scheme can significantly reduce the access authentication latency compared with the traditional PKI authentication scheme.

Jianhua Li,Jiong Jin,Lingjuan Lyu,Dong Yuan,Yingying Yang,Longxiang Gao,Chao Shen

DOI: https://doi.org/10.48550/arXiv.2011.06325

2020-11-12

Abstract:Numerous resource-limited smart objects (SOs) such as sensors and actuators have been widely deployed in smart environments, opening new attack surfaces to intruders. The severe security flaw discourages the adoption of the Internet of things in smart living. In this paper, we leverage fog computing and microservice to push certificate authority (CA) functions to the proximity of data sources. Through which, we can minimize attack surfaces and authentication latency, and result in a fast and scalable scheme in authenticating a large volume of resource-limited devices. Then, we design lightweight protocols to implement the scheme, where both a high level of security and low computation workloads on SO (no bilinear pairing requirement on the client-side) is accomplished. Evaluations demonstrate the efficiency and effectiveness of our scheme in handling authentication and registration for a large number of nodes, meanwhile protecting them against various threats to smart living. Finally, we showcase the success of computing intelligence movement towards data sources in handling complicated services.

Cryptography and Security,Networking and Internet Architecture

Eric Gyamfi,James Adu Ansere,Lina Xu

DOI: https://doi.org/10.1109/fmec.2019.8795315

2019-01-01

Abstract:The Security of the Internet of Things (IoT) has gained great attention recently due to the increased cyber-threats in those systems. IoT technologies have many use cases and real-life applications and the IoT devices have been widely produced by industries. However, the security issue of IoT devices has not been fully resolved, leaving those devices exposing to cyber-threats. IoT end devices are normally resource constraint, which makes the implementation of traditional security solutions extremely hard if not impossible. The emergence of IoT-Edge computing technologies can grant the IoT devices the ability to overcome the local resource constraint problem. The current industrial revolution (Industry 4.0) requires IoT devices to be secured in its data transmission, and protected from network Intrusions. Since many IoT devices reply on the unsecured Internet as a means for data transmission, there is an urgent need to provide a public key cryptographic technique to protect the end-to-end transmission between those IoT devices. In this paper, based on the Elliptic Curve Cryptographic (ECC) technique, we have proposed a lightweight asymmetric security solution to enhance secured transmission of data through utilising the IoT-Edge computing architecture. We also have successfully embedded our lightweight cryptography on the edge, and the IoT device. The experimental results has shown that the proposed lightweight ECC security system can provide better practice when implemented in the IoT-Edge environment.

Ajay Chaudhary,Sateesh K Peddoju,Vikas Chouhan

DOI: https://doi.org/10.1007/s10723-023-09672-z

2023-06-28

Journal of Grid Computing

Abstract:The Internet of Things (IoT) devices are used in almost every aspect of life to automate routine or critical tasks with great precision. The IoT nodes, users, edge nodes, cloud resources, and the connected network are critical components of IoT-Edge-Cloud integration. Any unauthorized access to these resources may halt or bring down the whole IoT infrastructure leading to a severe impact. Hence, authenticating and authorizing these components is essential. Thus, this paper proposes an authentication scheme to securely integrates users, IoT nodes, Edge node, and the cloud infrastructure. We also proposed a reliable cloud data storage and retrieval mechanism using an Erasure Coding strategy in order to store the data generated by IoT infrastructure. We validate the proposed authentication protocols using the well-known and widely used AVISPA simulator tool. The results demonstrate that the proposed authentication protocols are secure against a wide range of security attacks. Further, a comprehensive security analysis was carried out to demonstrate that our protocols are secure against possible attacks and include essential security features. The proposed scheme provides mutual authentication, accessibility, confidentiality, scalability, secure storage, and a secure communication mechanism in the integrated IoT-Edge-Cloud infrastructure with reliable cloud storage.

computer science, information systems, theory & methods

Vijay Karnatak,Amit Kumar Mishra,Neha Tripathi,Mohammad Wazid,Jaskaran Singh,Ashok Kumar Das

DOI: https://doi.org/10.1002/spy2.353

2023-11-03

Security and Privacy

Abstract:Fog computing is a distributed computing architecture, as opposed to depending entirely on centralized cloud servers, which brings the processing of data, functionality of an application, and its storage closer to the network's edge, where it can be closer to the data source or an end‐user device. Some of the potential applications of the fog computing‐based Internet of Things (IoT)‐enabled system are smart healthcare, smart agriculture, smart manufacturing, intelligent transportation system, and smart cities (i.e., in parking management, lighting control, traffic control, and security of civilians). The fog computing‐based IoT‐enabled system is vulnerable to various attacks. Therefore, one needs to deploy security mechanisms, like authentication, access control, key management, and malware detection, in order to secure its communication. In this article, we design a signature‐based access control and key management scheme for fog computing‐based IoT‐enabled big data applications (in short, SBAC‐FC). A detailed security analysis and performance comparison of the SBAC‐FC with other similar existing schemes reveal that the SBAC‐FC surpasses the existing schemes in terms of security and functionality characteristics, as well as complexity overheads.

Lu Zhou,Xiong Li,Kuo-Hui Yeh,Chunhua Su,Wayne Chiu

DOI: https://doi.org/10.1016/j.future.2018.08.038

IF: 7.307

2018-01-01

Future Generation Computer Systems

Abstract:Recently, authentication technologies integrated with the Internet of Things (IoT) and cloud computing have been promptly investigated for secure data retrieval and robust access control on large-scale IoT networks. However, it does not have a best practice for simultaneously deploying IoT and cloud computing with robust security. In this study, we present a novel authentication scheme for IoT-based architectures combined with cloud servers. To pursue the best efficiency, lightweight crypto-modules, such as one-way hash function and exclusive-or operation, are adopted in our authentication scheme. It not only removes the computation burden but also makes our proposed scheme suitable for resource-limited objects, such as sensors or IoT devices. Through the formal verification delivered by Proverif, the security robustness of the proposed authentication scheme is guaranteed. Furthermore, the performance evaluation presents the practicability of our proposed scheme in which a user-acceptable computation cost is achieved.

Chintan Patel

DOI: https://doi.org/10.48550/arXiv.2207.10353

2022-07-21

Abstract:The Internet of Things (IoT) is giving a boost to a plethora of new opportunities for the robust and sustainable deployment of cyber physical systems. The cornerstone of any IoT system is the sensing devices. These sensing devices have considerable resource constraints, including insufficient battery capacity, CPU capability, and physical security. Because of such resource constraints, designing lightweight cryptographic protocols is an opportunity. Remote User Authentication ensures that two parties establish a secure and durable session key. This study presents a lightweight and safe authentication strategy for the user-gateway (U GW) IoT network model. The proposed system is designed leveraging Elliptic Curve Cryptography (ECC). We undertake a formal security analysis with both the Automated Validation of Internet Security Protocols (AVISPA) and Burrows Abadi Needham (BAN) logic tools and an information security assessment with the Delev Yao channel. We use publish subscribe based Message Queuing Telemetry Transport (MQTT) protocol for communication. Additionally, the performance analysis and comparison of security features show that the proposed scheme is resilient to well known cryptographic threats.

Cryptography and Security

Mayuresh Sunil Pardeshi,Ruey-Kai Sheu,Shyan-Ming Yuan

DOI: https://doi.org/10.3390/s22020607

2022-01-13

Abstract:Authentication is essential for the prevention of various types of attacks in fog/edge computing. Therefore, a novel mode-based hash chain for secure mutual authentication is necessary to address the Internet of Things (IoT) devices' vulnerability, as there have been several years of growing concerns regarding their security. Therefore, a novel model is designed that is stronger and effective against any kind of unauthorized attack, as IoT devices' vulnerability is on the rise due to the mass production of IoT devices (embedded processors, camera, sensors, etc.), which ignore the basic security requirements (passwords, secure communication), making them vulnerable and easily accessible. Furthermore, crackable passwords indicate that the security measures taken are insufficient. As per the recent studies, several applications regarding its requirements are the IoT distributed denial of service attack (IDDOS), micro-cloud, secure university, Secure Industry 4.0, secure government, secure country, etc. The problem statement is formulated as the "design and implementation of dynamically interconnecting fog servers and edge devices using the mode-based hash chain for secure mutual authentication protocol", which is stated to be an NP-complete problem. The hash-chain fog/edge implementation using timestamps, mode-based hash chaining, the zero-knowledge proof property, a distributed database/blockchain, and cryptography techniques can be utilized to establish the connection of smart devices in large numbers securely. The hash-chain fog/edge uses blockchain for identity management only, which is used to store the public keys in distributed ledger form, and all these keys are immutable. In addition, it has no overhead and is highly secure as it performs fewer calculations and requires minimum infrastructure. Therefore, we designed the hash-chain fog/edge (HCFE) protocol, which provides a novel mutual authentication scheme for effective session key agreement (using ZKP properties) with secure protocol communications. The experiment outcomes proved that the hash-chain fog/edge is more efficient at interconnecting various devices and competed favorably in the benchmark comparison.

Xiong Li,Tian Liu,Chaoyang Chen,Qingfeng Cheng,Xiaosong Zhang,Neeraj Kumar

DOI: https://doi.org/10.1109/jiot.2022.3165576

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:As an extension of cloud computing, edge computing has attracted the attention of academia and industry because of its characteristics of low latency, high bandwidth, and low energy consumption. However, due to limited terminal resources and insufficient security design, the edge computing environment still faces many challenges in terms of data security and privacy protection. Among them, how to effectively control access to outsourced data is one of the main issues. In this article, we propose a lightweight and verifiable ciphertext-policy attribute-based encryption (CP-ABE)-based multiauthority access control scheme for edge computing-assisted Internet of Things (IoT), which adopts the method of outsourcing decryption to mitigate the computational cost of data users with limited resources. In addition, our scheme realizes the feature of attribute revocation, and the design of the multiauthority mechanism enables our scheme to avoid the problem of key escrow. Therefore, our proposed scheme not only ensures data confidentiality but also can resist the collusion attack. Besides, our scheme is secure against the chosen plaintext attack in the random oracle model under the decision $q$ -BDHE assumption. Finally, we compared our scheme with some related work in performance, and the results demonstrate that our scheme is efficient in computation and communication. Because our scheme greatly mitigates the overhead of data users, it is very suitable for edge computing supported IoT applications with restricted computation resources.

Deepak Puthal,Laurence T. Yang,Schahram Dustdar,Zhenyu Wen,Song Jun,Aad van Moorsel,Rajiv Ranjan

DOI: https://doi.org/10.1145/3351882

2020-01-01

ACM Transactions on Cyber-Physical Systems

Abstract:The Internet of Things (IoT) is becoming a backbone of sensing infrastructure to several mission-critical applications such as smart health, disaster management, and smart cities. Due to resource-constrained sensing devices, IoT infrastructures use Edge datacenters (EDCs) for real-time data processing. EDCs can be either static or mobile in nature, and this article considers both of these scenarios. Generally, EDCs communicate with IoT devices in emergency scenarios to evaluate data in real-time. Protecting data communications from malicious activity becomes a key factor, as all the communication flows through insecure channels. In such infrastructures, it is a challenging task for EDCs to ensure the trustworthiness of the data for emergency evaluations. The current communication security pattern of “communication before authentication” leaves a “black hole” for intruders to become part of communication processes without authentication. To overcome this issue and to develop security infrastructures for IoT and distributed Edge datacenters, this article proposes a user-centric security solution. The proposed security solution shifts from a network-centric approach to a user-centric security approach by authenticating users and devices before communication is established. A trusted controller is initialized to authenticate and establishes the secure channel between the devices before they start communication between themselves. The centralized controller draws a perimeter for secure communications within the boundary. Theoretical analysis and experimental evaluation of the proposed security model show that it not only secures the communication infrastructure but also improves the overall network performance.

Chenyu Wang,Ding Wang,Yihe Duan,Xiaofeng Tao

DOI: https://doi.org/10.1109/TIFS.2023.3272772

2023-01-01

Abstract:Cloud-assisted Internet of Things (IoT) overcomes the resource-constrained nature of the traditional IoT and is developing rapidly in such fields as smart grids and intelligent transportation. In a cloud-assisted IoT system, users can remotely control the IoT devices and send specific instructions to them. If the users' identities are not verified, adversaries can pretend as legitimate users to send fake and malicious instructions to IoT devices, thereby compromising the security of the entire system. Thus, a sound authentication mechanism is indispensable to ensure security. At the same time, it should be noted that a gateway may connect to massive IoT devices with the exponential growth of interconnected devices in a cloud-assisted IoT system. The efficiency of authentication schemes is easily impacted by the computation capability of the gateway. Recently, several schemes have been designed for cloud-assisted IoT systems, but they have problems of one kind or another, making them not suitable for cloud-assisted IoT systems. In this paper, we take a typical scheme (proposed at IEEE TDSC 2020) as an example to identify the common weaknesses and challenges of designing a user authentication scheme for cloud-assisted IoT systems. In addition, we propose a new secure user authentication scheme with lightweight computation on gateways. The proposed scheme provides secure access between remote users and IoT devices with many ideal attributions, such as forward secrecy and multi-factor security. Meanwhile, the security of this scheme is proved under the random-oracle model, heuristic analysis, the ProVerif tool, and BAN logic. Compared with ten state-of-the-art schemes in security and performance, the proposed scheme achieves all the listed twelve security requirements with minimum computation and storage costs on gateways.

Fei Wang,Yongjun Xu,Liehuang Zhu,Xiaojiang Du,Mohsen Guizani

DOI: https://doi.org/10.1109/jiot.2018.2888636

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:Nowadays in many application scenarios of Internet of Things (IoT), low latency is achieved at the cost of computing-complexity which is beyond the capabilities of IoT devices. Offloading the computing intensive tasks to more powerful edge devices is expected to provide new generation computing-intensive and delay-sensitive services. In the three hierarchy architecture user/IoT-edge-cloud, private and secure mutual authentication are necessary between user, IoT device, and edge device. However, in the emerging computing paradigms, such as mobile transparent computing, edge computing, fog computing, and several threats, such as edge device compromise, privacy leaking, and denial of service (DoS) might crash the security of the system. Here, we propose a lightweight anonymous mutual authentication scheme for ${n}$ -times computing offloading (CO) in IoT. In our novel scheme, through a smartcard as token and an edge device as a security proxy, a user is able to subscribe or renew ${n}$ -times CO service and consume it securely in daily use. Moreover, both IoT and edge devices authenticate each other anonymously without leaking user’s sensitive information, which will preserve the privacy even when an edge device is comprised. Finally, our scheme is based on lightweight one-way hash function and MAC function, therefore the adversary is not able to perform a DoS attack. To evaluate the solution, a security analysis and a performance analysis are presented. Compared with similar schemes, our approach achieves all designed security features and achieves a $1.66\boldsymbol {\times }$ and $2.87\boldsymbol {\times }$ of computing speed on IoT and edge devices, respectably.