Mobile Edge Computing (MEC) is a key technology for supporting low latency applications close to the end user. Users can access application servers in MEC instead of routing to the Internet by passing through a core cellular network. Few security challenges arise as the traffic does not traverse through the core network, and these can be solved by providing authentication services in the MEC. However, authentication and application mobility issues arise in the case of multiple MECs where a user is mobile and needs continuous service from application servers, without needing to establish a new session and providing authentication information repeatedly to every new MEC the user connects with. In this work, we propose two solutions, a TC3A (Token-based Cookie transfer & 3rd-party Authentication) and a TS3A (Token-based State transfer & 3rd-party Authentication) for resolution of authentication and application mobility issues while achieving low latency. We conducted experiments on a testbed that had MECs deployed in a real-time cellular network (emulated via OpenAirInterface) and performed user handover between two MECs. The experimental results show that TC3A and TS3A successfully re-authenticate the users, without provision of login credentials with target MEC, while reducing the latency by approximately 49.76-59.72% as compared to simple login method. The TC3A and TS3A also eliminate the need of keeping multiple accounts for applications at different MECs and most importantly provide application service continuity, through state transfer during cross-system handover, which is not provided by a simple login method. TC3A provides the application service continuity without any loss of session state, which is suitable for applications that cannot afford state loss, and TS3A provides the same while reducing the latency by 47.05-51.25% as compared to TC3A, which is suitable for applications that require low latency.
