{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:41:10Z","timestamp":1772041270962,"version":"3.50.1"},"reference-count":41,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2021,2,18]],"date-time":"2021-02-18T00:00:00Z","timestamp":1613606400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>The development of the industrial Internet of Things (IIoT) promotes the integration of the cross-platform systems in fog computing, which enable users to obtain access to multiple application located in different geographical locations. Fog users at the network\u2019s edge communicate with many fog servers in different fogs and newly joined servers that they had never contacted before. This communication complexity brings enormous security challenges and potential vulnerability to malicious threats. The attacker may replace the edge device with a fake one and authenticate it as a legitimate device. Therefore, to prevent unauthorized users from accessing fog servers, we propose a new secure and lightweight multi-factor authentication scheme for cross-platform IoT systems (SELAMAT). The proposed scheme extends the Kerberos workflow and utilizes the AES-ECC algorithm for efficient encryption keys management and secure communication between the edge nodes and fog node servers to establish secure mutual authentication. The scheme was tested for its security analysis using the formal security verification under the widely accepted AVISPA tool. We proved our scheme using Burrows Abdi Needham\u2019s logic (BAN logic) to prove secure mutual authentication. The results show that the SELAMAT scheme provides better security, functionality, communication, and computation cost than the existing schemes.<\/jats:p>","DOI":"10.3390\/s21041428","type":"journal-article","created":{"date-parts":[[2021,2,18]],"date-time":"2021-02-18T21:59:58Z","timestamp":1613685598000},"page":"1428","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":33,"title":["SELAMAT: A New Secure and Lightweight Multi-Factor Authentication Scheme for Cross-Platform Industrial IoT Systems"],"prefix":"10.3390","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5760-1398","authenticated-orcid":false,"given":"Haqi","family":"Khalid","sequence":"first","affiliation":[{"name":"Department of Computer and Communication Systems Engineering, Faculty of Engineering, Universiti Putra Malaysia, Serdang 43400, Malaysia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shaiful Jahari","family":"Hashim","sequence":"additional","affiliation":[{"name":"Department of Computer and Communication Systems Engineering, Faculty of Engineering, Universiti Putra Malaysia, Serdang 43400, Malaysia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sharifah Mumtazah Syed","family":"Ahmad","sequence":"additional","affiliation":[{"name":"Department of Computer and Communication Systems Engineering, Faculty of Engineering, Universiti Putra Malaysia, Serdang 43400, Malaysia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1880-5643","authenticated-orcid":false,"given":"Fazirulhisyam","family":"Hashim","sequence":"additional","affiliation":[{"name":"Department of Computer and Communication Systems Engineering, Faculty of Engineering, Universiti Putra Malaysia, Serdang 43400, Malaysia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6063-3377","authenticated-orcid":false,"given":"Muhammad Akmal","family":"Chaudhary","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, College of Engineering and Information Technology, Ajman University, Ajman 346, United Arab Emirates"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2021,2,18]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"El-hajj, M., Fadlallah, A., Chamoun, M., and Serhrouchni, A. (2019). A survey of internet of things (IoT) Authentication schemes. Sensors, 19.","DOI":"10.3390\/s19051141"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Kwon, S., Jeong, J., and Shon, T. (2018). Toward security enhanced provisioning in industrial IoT systems. Sensors, 18.","DOI":"10.3390\/s18124372"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"395","DOI":"10.1016\/j.future.2017.11.022","article-title":"IoT security: Review, blockchain solutions, and open challenges","volume":"82","author":"Khan","year":"2018","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"601","DOI":"10.1109\/COMST.2017.2762345","article-title":"Securing fog computing for internet of things applications: Challenges and solutions","volume":"20","author":"Ni","year":"2017","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Choudhary, K., Gaba, G.S., Butun, I., and Kumar, P. (2020). MAKE-IT\u2014A Lightweight Mutual Authentication and Key Exchange Protocol for Industrial Internet of Things. Sensors, 20.","DOI":"10.3390\/s20185166"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1016\/j.jnca.2018.05.005","article-title":"BSeIn: A blockchain-based secure mutual authentication with fine-grained access control system for industry 4.0","volume":"116","author":"Lin","year":"2018","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Lupascu, C., Lupascu, A., and Bica, I. (2020). DLT Based Authentication Framework for Industrial IoT Devices. Sensors, 20.","DOI":"10.3390\/s20092621"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Sari, A., Lekidis, A., and Butun, I. (2020). Industrial Networks and IIoT: Now and Future Trends. Industrial IoT, Springer.","DOI":"10.1007\/978-3-030-42500-5_1"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Iorga, M., Feldman, L., Barton, R., Martin, M.J., Goren, N.S., and Mahmoudi, C. (2018). Fog Computing Conceptual Model, NIST.","DOI":"10.6028\/NIST.SP.500-325"},{"key":"ref_10","unstructured":"Greenberg, A. (2020, December 26). How 30 Lines of Code Blew Up a 27-Ton Generator. WIRED Security. 2020. Available online: https:\/\/www.wired.com\/story\/how-30-lines-of-code-blew-up-27-ton-generator\/."},{"key":"ref_11","unstructured":"Evans, B. (2020, December 26). Firebase: Google Cloud\u2019s Evil Twin. SANS Blog, Security Boulevard. 2020. Available online: https:\/\/securityboulevard.com\/2020\/10\/firebase-google-clouds-evil-twin-excerpt\/."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"97267","DOI":"10.1109\/ACCESS.2020.2996264","article-title":"Security Enhancement on a Lightweight Authentication Scheme with Anonymity for Fog Computing Architecture","volume":"8","author":"Wang","year":"2020","journal-title":"IEEE Access"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"146","DOI":"10.1080\/19393555.2015.1078424","article-title":"An authentication and authorization solution for a multiplatform cloud environment","volume":"24","author":"Cigoj","year":"2015","journal-title":"Inf. Secur. J. Glob. Perspect."},{"key":"ref_14","first-page":"262","article-title":"Health 4.0 as an Application of Industry 4.0 in Healthcare Services and Management","volume":"2","author":"Monteiro","year":"2018","journal-title":"Med. Technol. J."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"134","DOI":"10.1007\/s11859-019-1378-6","article-title":"Scheme on cross-domain identity authentication based on group signature for cloud computing","volume":"24","author":"Yang","year":"2019","journal-title":"Wuhan Univ. J. Nat. Sci."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Wang, W., Hu, N., and Liu, X. (2018, January 18\u201321). BlockCAM: A blockchain-based cross-domain authentication model. Proceedings of the 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC), Guangzhou, China.","DOI":"10.1109\/DSC.2018.00143"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"3046","DOI":"10.1007\/s11227-018-2691-0","article-title":"ClaMPP: A cloud-based multi-party privacy preserving classification scheme for distributed applications","volume":"75","author":"Kaur","year":"2019","journal-title":"J. Supercomput."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"102481","DOI":"10.1016\/j.jnca.2019.102481","article-title":"A Comprehensive survey on attacks, security issues and blockchain solutions for IoT and IIoT","volume":"149","author":"Sengupta","year":"2020","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"2233","DOI":"10.1109\/TII.2014.2300753","article-title":"Internet of things in industries: A survey","volume":"10","author":"He","year":"2014","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_20","first-page":"1","article-title":"A secure authenticated and key exchange scheme for fog computing","volume":"4","author":"Chen","year":"2020","journal-title":"Enterp. Inf. Syst."},{"key":"ref_21","first-page":"34","article-title":"Biometric smartcard authentication for fog computing","volume":"10","author":"Munir","year":"2018","journal-title":"Int. J. Netw. Secur. Appl. (IJNSA)"},{"key":"ref_22","first-page":"443","article-title":"Mutual Authentication Security Scheme in Fog Computing","volume":"10","author":"Rahman","year":"2019","journal-title":"Int. J. Adv. Comput. Sci. Appl."},{"key":"ref_23","first-page":"1089","article-title":"Octopus: An Edge-fog Mutual Authentication Scheme","volume":"18","author":"Ibrahim","year":"2016","journal-title":"IJ Netw. Secur."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"764","DOI":"10.15866\/irecos.v10i7.6955","article-title":"Pre-authentication design for seamless and secure handover in mobile WiMAX","volume":"10","author":"Zmezm","year":"2015","journal-title":"Int. Rev. Comput. Softw. (IRECOS)"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Alezabi, K.A., Hashim, F., Hashim, S.J., and Ali, B.M. (2014, January 14\u201316). An efficient authentication and key agreement protocol for 4G (LTE) networks. Proceedings of the 2014 IEEE Region 10 Symposium, Kuala Lumpur, Malaysia.","DOI":"10.1109\/TENCONSpring.2014.6863085"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"475","DOI":"10.1016\/j.future.2018.09.017","article-title":"Design of secure key management and user authentication scheme for fog computing services","volume":"91","author":"Wazid","year":"2019","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"185","DOI":"10.1016\/j.sysarc.2018.12.005","article-title":"Authentication in cloud-driven IoT-based big data environment: Survey and outlook","volume":"97","author":"Wazid","year":"2019","journal-title":"J. Syst. Archit."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"633","DOI":"10.1109\/TDSC.2016.2596286","article-title":"A provably-secure cross-domain handshake scheme with symptoms-matching for mobile healthcare social network","volume":"15","author":"He","year":"2016","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"71","DOI":"10.1016\/j.pmcj.2019.02.004","article-title":"User authentication in a tactile internet based remote surgery environment: Security issues, challenges, and future research directions","volume":"54","author":"Wazid","year":"2019","journal-title":"Pervasive Mob. Comput."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"142","DOI":"10.1016\/j.ins.2020.02.007","article-title":"A new secret handshake scheme with multi-symptom intersection for mobile healthcare social networks","volume":"520","author":"Wen","year":"2020","journal-title":"Inf. Sci."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"4737","DOI":"10.1007\/s11276-018-1759-3","article-title":"Authenticated key agreement scheme for fog-driven IoT healthcare system","volume":"25","author":"Jia","year":"2019","journal-title":"Wirel. Netw."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s13673-020-00227-9","article-title":"An anonymous authenticated key-agreement scheme for multi-server infrastructure","volume":"10","author":"Akram","year":"2020","journal-title":"Hum. Centric Comput. Inf. Sci."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Tan, H., Xuan, S., and Chung, I. (2020). HCDA: Efficient Pairing-Free Homographic Key Management for Dynamic Cross-Domain Authentication in VANETs. Symmetry, 12.","DOI":"10.3390\/sym12061003"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Ven\u010dkauskas, A., Morkevicius, N., Jukavi\u010dius, V., Dama\u0161evi\u010dius, R., Toldinas, J., and Grigali\u016bnas, \u0160. (2019). An edge-fog secure self-authenticable data transfer protocol. Sensors, 19.","DOI":"10.3390\/s19163612"},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"145256","DOI":"10.1109\/ACCESS.2020.3014622","article-title":"SafeCity: Toward Safe and Secured Data Management Design for IoT-Enabled Smart City Planning","volume":"8","author":"Zhang","year":"2020","journal-title":"IEEE Access"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Katsikas, S., and Gkioulos, V. (2020). Security, Privacy, and Trustworthiness of Sensor Networks and Internet of Things. Sensors, 20.","DOI":"10.3390\/s20143846"},{"key":"ref_37","first-page":"279","article-title":"Hybrid Cryptographic Apprach For Internet of Hybrid Applications: A Review","volume":"19","author":"Mohamed","year":"2020","journal-title":"J. Inf. Commun. Technol."},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Ganesh, A.R., Manikandan, P.N., Sethu, S.P., Sundararajan, R., and Pargunarajan, K. (2011, January 3\u20135). An improved AES-ECC hybrid encryption scheme for secure communication in cooperative diversity based Wireless Sensor Networks. Proceedings of the 2011 International Conference on Recent Trends in Information Technology (ICRTIT), Tamil Nadu, India.","DOI":"10.1109\/ICRTIT.2011.5972351"},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"61","DOI":"10.1016\/j.entcs.2005.11.052","article-title":"Automated security protocol analysis with the AVISPA tool","volume":"155","year":"2006","journal-title":"Electron. Notes Theor. Comput. Sci."},{"key":"ref_40","unstructured":"Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., Mantovani, J., M\u00f6dersheim, S., and Vigneron, L. (2006, September 26). The High Level Protocol Specification Language. Available online: http:\/\/avispa-project.org\/delivs\/2.1\/d2-1.pdf."},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Jia, X., Hu, N., Su, S., Yin, S., Zhao, Y., Cheng, X., and Zhang, C. (2020). IRBA: An Identity-Based Cross-Domain Authentication Scheme for the Internet of Things. Electronics, 9.","DOI":"10.3390\/electronics9040634"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/4\/1428\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T05:25:46Z","timestamp":1760160346000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/4\/1428"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,2,18]]},"references-count":41,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2021,2]]}},"alternative-id":["s21041428"],"URL":"https:\/\/doi.org\/10.3390\/s21041428","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,2,18]]}}}