In fog computing paradigms, fog nodes are much closer to terminal devices and are able to extend the services to the edge of the network, mitigating the effects of high latency and constrained networking in Internet of things (IoTs). In the applications of fog computing, such as the intelligent transportation system (ITS) in vehicular ad-hoc networks (VANETs), healthcare system and mobile networks, terminal devices are often organized as groups and are usually deployed in environments with limited security protections. Previous studies about the group key establishment of fog computing architectures are with high communication costs and cannot verify the authenticity of each entity. Hence, in this paper, we propose a mutual authenticated group key establishment scheme for the fog computing architecture by using elliptic curve cryptography. Mutual authentication and secure key exchange will be accomplished in this scheme. After mutual authentication, the cloud server can offload the computation overheads to the fog nodes which will be responsible to authenticate the group of devices and distribute the established group session key, which is composed of private keys of each entity and some random and temporarily stored values. We prove that the established group session key is protected from the Canetti–Krawczyk (CK) adversary model. Finally, we evaluate the performance in terms of computational and communication costs. The proposed scheme is lightweight and efficient as compared with the previous study because it involves only elliptic curve operations and symmetric cryptographic operations.