TY - JOUR
T1 - The Universal Fog Proxy
T2 - A Third-party Authentication Solution for Federated Fog Systems with Multiple Protocols
AU - Ali, Asad
AU - Sahin, Ali Utkan
AU - Ozkasap, Oznur
AU - Lin, Ying Dar
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021/11/1
Y1 - 2021/11/1
N2 - Fog computing is suitable for latency constrained applications useful to end users and IoT devices in smart cities, factories, and homes. A federation among fogs is beneficial for subscribers and providers in terms of enhanced capability, capacity, coverage, and services. To realize such a federation, a third-party authentication mechanism among fog providers is required, so that a subscriber of a fog can access the services provided by the other fogs without having to create new accounts. In this article, we propose a transparent and standard-compliant universal fog proxy that provides third-party authentication among OpenID Connect (OIDC), 802.1x, and Protocol for Carrying Authentication for Network Access (PANA) without requiring a new protocol. The proxy consists of virtual counterparts of the entities involved in these protocols so that it provides transparency. For example, when a fog using OIDC receives an authentication request, the proxy relays and behaves as a virtual Identity Provider (vIdP) for the fog using OIDC and a virtual supplicant for the fog using 802.1x. We applied our solution to nine scenarios across OIDC, 802.1x, and PANA. Experimental results show that the proxy takes 4-52 percent of the total authentication time of 0.128-3.504s for nine scenarios, with a larger percentage in scenarios involving OIDC due to multiple re-directions among virtual components. The scenarios involving 802.1x take a considerably lon-ger time, though a low percentage (4-12 percent) by the proxy, as the spanning tree protocol in an 802.1x switch takes about one second to converge when adding a new device to the network.
AB - Fog computing is suitable for latency constrained applications useful to end users and IoT devices in smart cities, factories, and homes. A federation among fogs is beneficial for subscribers and providers in terms of enhanced capability, capacity, coverage, and services. To realize such a federation, a third-party authentication mechanism among fog providers is required, so that a subscriber of a fog can access the services provided by the other fogs without having to create new accounts. In this article, we propose a transparent and standard-compliant universal fog proxy that provides third-party authentication among OpenID Connect (OIDC), 802.1x, and Protocol for Carrying Authentication for Network Access (PANA) without requiring a new protocol. The proxy consists of virtual counterparts of the entities involved in these protocols so that it provides transparency. For example, when a fog using OIDC receives an authentication request, the proxy relays and behaves as a virtual Identity Provider (vIdP) for the fog using OIDC and a virtual supplicant for the fog using 802.1x. We applied our solution to nine scenarios across OIDC, 802.1x, and PANA. Experimental results show that the proxy takes 4-52 percent of the total authentication time of 0.128-3.504s for nine scenarios, with a larger percentage in scenarios involving OIDC due to multiple re-directions among virtual components. The scenarios involving 802.1x take a considerably lon-ger time, though a low percentage (4-12 percent) by the proxy, as the spanning tree protocol in an 802.1x switch takes about one second to converge when adding a new device to the network.
UR - http://www.scopus.com/inward/record.url?scp=85124119280&partnerID=8YFLogxK
U2 - 10.1109/MNET.111.2100168
DO - 10.1109/MNET.111.2100168
M3 - Article
AN - SCOPUS:85124119280
SN - 0890-8044
VL - 35
SP - 285
EP - 291
JO - IEEE Network
JF - IEEE Network
IS - 6
ER -