The universal fog proxy: a third-party authentication solution for federated fog systems with multiple protocols

Abstract

Fog computing is suitable for latency constrained applications useful to end users and IoT devices in smart cities, factories, and homes. A federation among fogs is beneficial for subscribers and providers in terms of enhanced capability, capacity, coverage, and services. To realize such a federation, a third-party authentication mechanism among fog providers is required, so that a subscriber of a fog can access the services provided by the other fogs without having to create new accounts. In this article, we propose a transparent and standard-compliant universal fog proxy that provides third-party authentication among OpenID Connect (OIDC), 802.1x, and Protocol for Carrying Authentication for Network Access (PANA) without requiring a new protocol. The proxy consists of virtual counterparts of the entities involved in these protocols so that it provides transparency. For example, when a fog using OIDC receives an authentication request, the proxy relays and behaves as a virtual Identity Provider (vIdP) for the fog using OIDC and a virtual supplicant for the fog using 802.1x. We applied our solution to nine scenarios across OIDC, 802.1x, and PANA. Experimental results show that the proxy takes 4-52 percent of the total authentication time of 0.128-3.504s for nine scenarios, with a larger percentage in scenarios involving OIDC due to multiple re-directions among virtual components. The scenarios involving 802.1x take a considerably lon-ger time, though a low percentage (4-12 percent) by the proxy, as the spanning tree protocol in an 802.1x switch takes about one second to converge when adding a new device to the network.