Authenticated Key Exchange (AKE) has been playing a significant role in ensuring communication security. However, in some Multi-access Edge Computing (MEC) scenarios where a moving end-node switchedly connects to a sequence of edge-nodes, it is costly in terms of time and computing resources to repeatedly run AKE protocols between the end-node and each edge-node. Moreover, the cloud needs to be involved to assist the authentication between them, which goes against MEC’s purpose of bringing cloud services from cloud to closer to end-user. To address the above problems, this paper proposes a new type of AKE, named as Handover Authenticated Key Exchange (HAKE). In HAKE, an earlier AKE procedure handovers authentication materials and some parameters to its temporally next AKE procedure, thereby saving resources and reducing the participation of remote cloud. Following the framework of HAKE, we propose a concrete HAKE protocol based on Elliptic Curve Diffie–Hellman (ECDH) key exchange and ratcheted key exchange. Then we verify its security via Burrows-Abadi-Needham (BAN) logic and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. Finally, we evaluate and test its performance. The results show that the HAKE protocol achieves security goals and reduces communication and computation costs compared to similar protocols.

中文翻译：

---

用于多接入边缘计算的移交身份验证密钥交换


经过身份验证的密钥交换 （AKE） 在确保通信安全方面一直发挥着重要作用。然而，在某些多接入边缘计算 （MEC） 场景中，移动的终端节点切换到一系列边缘节点，在终端节点和每个边缘节点之间重复运行 AKE 协议在时间和计算资源方面成本高昂。此外，需要参与云来协助它们之间的身份验证，这与 MEC 将云服务从云引入更接近最终用户的目标背道而驰。针对上述问题，本文提出了一种新型的 AKE，命名为 Handover Authenticated Key Exchange（HAKE）。在 HAKE 中，早期的 AKE 程序将认证材料和一些参数移交给其临时下一个 AKE 程序，从而节省资源并减少远程云的参与。遵循 HAKE 的框架，我们提出了一种基于椭圆曲线 Diffie-Hellman （ECDH） 密钥交换和棘轮密钥交换的具体 HAKE 协议。然后，我们通过 Burrows-Abadi-Needham （BAN） 逻辑和互联网安全协议和应用程序的自动验证 （AVISPA） 工具验证其安全性。最后，我们评估和测试其性能。结果表明，与同类协议相比，HAKE 协议实现了安全目标，降低了通信和计算成本。