An efficient authentication and key agreement scheme for multi-gateway wireless sensor networks in IoT deployment

Wireless sensor networks (WSNs) for Internet of Things (IoT) can be deployed in a wide range of industries such as agriculture and military. However, designing a secure and reliable authentication scheme for WSNs that can be deployed in IoT remains a research and operational challenge. For example, recently in 2016, Amin and Biswas showed that the Turcanović et al.'s scheme is vulnerable to smart card loss attack, user impersonation attack, etc. They then proposed a new authentication scheme for WSNs with multi-gateway. In this paper, we revisit the scheme of Amin and Biswas and reveal previously unknown vulnerabilities in the scheme (i.e. sensor capture attack, user forgery attack, gateway forgery attack, sensor forgery attack and off-line guessing attack). In addition, we demonstrate that the user in the scheme can be tracked due to the use of a constant pseudo-identity and previously established session keys can be calculated by the attacker. Rather than attempting to fix a broken scheme, we present a novel authentication scheme for multi-gateway based WSNs. We then demonstrate the security of the proposed scheme using Proverif, as well as evaluating the good performance of the scheme using NS-2 simulation.