Abstract
Authentication is an important security issue for multi-access edge computing (MEC). However, the existing authentication schemes have not achieved a good balance between privacy preserving, efficiency, and low computation overhead on the device side. To address this issue, we propose an efficiency-improved and conditional privacy-preserving authentication scheme suitable for resource-constrained MEC devices. Our core idea is integrating the merkle hash tree (MHT) into the anonymous authentication scheme constructed by the blockchain and key derivation function (KDF) to improve efficiency. The MHT not only reduces the on-chain storage overhead brought by the increasing pseudo-public keys of KDF, but also utilizes few hash functions to achieve lightweight <inline-formula><tex-math notation="LaTeX">${\bm {k}}$</tex-math><alternatives><mml:math><mml:mi mathvariant="bold">k</mml:mi></mml:math><inline-graphic xlink:href="gu-ieq1-3664212.gif"/></alternatives></inline-formula>-times authentications with the same edge server. Despite these advantages, managing pseudo-key pairs in the form of MHT leafs still brings efficiency and unlinkability problems. We construct the partially shuffled merkle hash tree to only shuffle leafs within the device group, and combine with the KDF to update MHTs in a public manner by synchronizing pseudo-key pairs. Consequently, the efficiency of key update can be ensured. Moreover, a time-bound key derivation function based on physically unclonable function and BIP-32 is developed to provide immediate and permanent device revocation. Only the remaining valid pseudo-public keys of the revoked device will be recorded on the blockchain, which reveals no linkable information and avoids frequently reconstructing all the MHTs. We prove the authentication security and discuss other security features. A proof-of-concept prototype was implemented to conduct experiments and comparative analysis for performance evaluation.