- Research
- Open access
- Published:
A multi-gateway authentication and key-agreement scheme on wireless sensor networks for IoT
EURASIP Journal on Information Security volume 2023, Article number: 2 (2023)
Abstract
The Internet of Things (IoT) is designed to let anything connect to the Internet, and the things can be people, computers, and things. On the IoT, the Wireless Sensor Network (WSN) plays an important role because it can be used in many applications such as smart home, intelligent transportation, and intelligent disaster prevention. Since the WSN transmits data in the wireless way, the security problem is a concerning issue in this field. On the WSN, an authentication and key-agreement scheme can let the sensors authenticate to each other and share a common key to encrypt the data. Thus, it can be used to solve the security problem of WSNs. In this paper, I propose a new multi-gateway authentication and key-agreement scheme on WSN for IoT. The proposed scheme adopts a new multi-gateway structure, and thus it allows users and sensors to join in different areas of WSN dynamically. According to the performance analysis, the execution time of the proposed scheme is only 24Th, where Th is the execution time of a one-way hash function. In conclusion, the proposed scheme is more efficient than the related works on the WSN for IoT applications.
1 Introduction
The Internet was initially designed to connect different computers, so that different computers could easily communicate and share data with each other. As time goes on, the Internet was developed to be the Internet of Things (IoT) in recent years [1,2,3,4]. The IoT is designed to connect different things, and the “thing” means anything that can be embedded in a chip or sensor to let it have networking or sensing capability. IoT lets anything connect to the Internet, and thus it accomplishes communications among people, computers, and things. There are many applications for the IoT. For example: smart homes, intelligent transportation systems, and smart grid systems. Basically, the IoT architecture can be divided into three layers: a perception layer, a network layer, and an application layer [5]. The three layers are briefly described as follows.
1.1 Perception layer
The perception layer uses devices and sensors that can detect, recognize, and communicate the collected surrounding information such as the temperature, humidity, and lights. And, current mobile communication devices use various kinds of sensors, the devices used in the perception layer can also include smart wearable devices which can collect human body information. Therefore, this layer can be seen as five sense organs in the human neural network.
1.2 Network layer
The network layer acts like a bridge between perception layer and application layer. It is responsible for transmitting the information collected from the physical objects through sensors. The transmission can be wired or wireless such as LoRa, ZigBee, or Bluetooth [5]. It also takes the responsibility for connecting the smart things, network devices and networks to each other. Therefore, this layer can be seen as the peripheral nerves in the neural network.
1.3 Application layer
The application layer focuses on how to apply the information collected from the perception and network layers. It defines all applications that use IoT technology or in which IoT has been deployed. The applications of IoT can be smart homes, intelligent transportation, smart grid, and smart healthcare, etc. It has the responsibility to provide the services for the different applications. Therefore, this layer can be seen as the brain in the neural network. And, the brain makes a response after organizing and interpreting the messages from the above layers.
According to the above descriptions, the Wireless Sensor Network (WSN) [6, 7] plays an important role in IoT applications. Basically, the WSN is a group of sensors deployed in different locations of an area. And, each sensor gathers data and sends it to a central location (such as a gateway or a base station) for data saving, viewing, or analyzing. However, the WSN transmits data using wireless ways (such as RFID, ZigBee, and Bluetooth) [8, 9], so the data can be easily gathered by attackers. To solve the security problem, many authentication and key-agreement schemes for the WSN have been proposed in recent years [10,11,12,13,14,15]. These schemes provide identity authentication among the sensors, users, and the gateway. In addition, the key agreement provides the encryption/decryption key used in the symmetric-key cryptosystem [16]. In these schemes, the sensors collect the surrounding data and transmit it to a gateway. Then, the gateway relays and analyzes the data between sensors and users. Besides, the gateway can be seen as a manager of the WSN, and it is responsible for the parameter settings and identity authentication for the sensors and users.
To accomplish the above goals, Amin and Biswas [17] proposed a secure light-weight scheme for user authentication and key agreement in multi-gateway WSN. In their scheme, the user accesses the data through a local gateway in the local WSN area. To access a foreign WSN in another area, the user can ask the local gateway to communicate with the foreign gateway to obtain the data. Amin and Biswas’s scheme is a multi-gateway structure, and it can allow the user to access the data through different WSNs. Therefore, Amin and Biswas’s scheme is suitable for IoT applications in a wide area such as smart cities. In 2021, Kwon et al. [18] proposed a secure and lightweight mutual authentication scheme for WSN. Kwon et al.’s scheme provides the mutual authentication and key agreement among the user, the gateway, and a sensor on WSN. Kwon et al. claimed that their scheme is securer and more efficient in comparison with the related schemes.
However, we find that the above two schemes have some problems in practice. In Amin and Biswas’s scheme, the gateway does not authenticate the sensor’s identity while a new sensor joins in the WSN. That is, an attacker can easily deploy a malicious sensor to gather the data in the WSN. This causes a serious security problem, while the data is confidential in some IoT applications. In addition, Amin and Biswas’s scheme has heavy computation and communication loads to accomplish the multi-gateway structure.
On the other hand, I also found that Kwon et al.’s scheme has the following disadvantages. First, the sensors have to register at the gateway before they are deployed in the WSN. And, the gateway needs to transmit the parameters to the sensors through a secure channel. According to the above description, the registration needs to be finished before the sensors are deployed. And, it cannot be done in the wireless network environment, which is not a secure channel. In some applications, the sensors need to be deployed in WSN dynamically. However, Kwon et al.’s scheme is not suitable for these applications because the registration has to be previously performed in a secure channel. Second, Kwon et al.’s scheme is a single gateway structure in WSN. Compared with Amin and Biswas’s scheme, it can be applied for a few applications. If we apply Kwon et al.’s scheme to the multi-gateway structure, then the user needs to register to a new gateway again while he wants to access to different WSNs. Therefore, Kwon et al.’s scheme is very inefficient for the multi-gateway scenario. Third, Kwon et al. did not design the steps for data transmissions on WSN after the mutual authentication and key agreement had been done. Therefore, their scheme is not a complete version of WSN.
To solve the above-mentioned problems of the related works, I propose a multi-gateway authentication and key-agreement scheme on WSN for IoT in this paper. The proposed scheme has the following advantages and novelties.
-
Low computation loads: Compared with related works [17,18,19,20], the proposed scheme has less computation and communication loads.
-
Flexibility: The proposed scheme allows users and sensors to join in different WSN’s dynamically. After registering at the system administer (a mainframe of WSN) once, users can access data through gateways from different WSNs without performing the registration again.
-
Completeness: Unlike Kwon et al.’s scheme [18], the proposed scheme provides two additional algorithms for users to access the data from different areas of WSN based on multi-gateway environments. Therefore, the proposed scheme is more complete than Kwon et al.’s scheme for the WSN.
-
Power saving: Based upon the proposed performance analysis, the computation and communication costs of the proposed scheme are less than those of related works. Thus, the proposed scheme can save the sensor’s electricity, and it is energy-efficient for the WSN.
-
Multi-gateway structure: Unlike related works [17,18,19,20,21,22,23], the proposed scheme is designed by a multi-gateway structure. Thus, it can be applied to many large-area WSN applications for IoT such as smart cities or intelligent disaster prevention.
According to the above reasons, the proposed scheme is more efficient and practical than the related works for IoT applications.
2 Review of Kwon et al.’s scheme
In this section, I review Kwon et al.’s scheme [18] and point out its flaws. Their scheme is divided into five phases: the sensor node registration, user registration, login and authentication, password update, and sensor node addition phases. The notations are shown in Table 1.
2.1 Sensor node registration phase
In this phase, a sensor node Sj sends a registration request to the gateway GW, and the GW computes secret parameters and sends them to the sensor node in a secure channel. Then, Sj stores the parameters in its storage space. The steps of this phase are described as follows Fig. 1.
-
Step 1. Sj selects its identity SIDj and generates a random number Rj. Then, Sj sends SIDj and h(SIDj||Rj) to the GW through a secure channel.
-
Step 2. The GW computes KSj = h(h(SIDj||Rj)||kGWN) and stores SIDj and h(SIDj||Rj) in its database. Then, the GW sends KSj to the Sj.
-
Step 3. Finally, Sj stores KSj in its memory.
2.2 User registration phase
-
Step 1. Ui inputs IDi and PWi in the smart card. Then, Ui transmits IDi to the GW in a secure channel.
-
Step 2. GW generates two random numbers, x and Rg. Then, it computes HIDi = h(IDi||Rg) and PIDi = HIDi ⊕ h(x||kGWN). After that, GW stores PIDi and x in its database and sends {PIDi, HIDi, h(∙) } to Ui.
-
Step 3. Ui generates Ri to compute APWi = h(PWi||Ri), SRi = Ri ⊕ (IDi||PWi), SHIDi = HIDi ⊕ h(PWi||IDi||Ri), and Vi = h(APWi||IDi||Ri). Finally, Ui stores SRi, SHIDi, Vi, PIDi, and h(∙) in the smart card Fig. 2.
2.3 Login and authentication phase
-
Step 1. Ui inputs IDi and PWi into the smart card. Then, the smart card computes \({R}_1^{\ast }\) = SRi ⊕ h(IDi||PWi), \({APW}_i^{\ast }\) = h(PWi||Ri), and \({V}_i^{\ast }\) = h(\({APW}_i^{\ast }\) ||IDi|| \({R}_1^{\ast }\)). After that, the smart card checks if \({V}_i^{\ast }\) is equal to Vi. If they are equal, then the smart card generates a random nonce N1 and computes HIDi = SHIDi ⊕ h(PWi||IDi||Ri), Si = SIDj ⊕ h(PIDi||HIDi), M1 = N1 ⊕ h(HIDi||PIDi), and V1 = h(SIDj|| PIDi|| N1||HIDi). Finally, Ui sends {PIDi, Si, M1, V1}to GW.
-
Step 2. GW computes \({HID}_i^{\ast }\) = PIDi ⊕ h(x||kGWN), \({SID}_j^{\ast }\) = Si ⊕ h(PIDi|| \({HID}_i^{\ast }\)), \({N}_1^{\ast }\) = M1 ⊕ h(\({HID}_i^{\ast }\) ||PIDi), and \({V}_1^{\ast }\) = h(\({SID}_j^{\ast }\) ||PIDi|| \({N}_1^{\ast }\) || \({HID}_i^{\ast }\)). Then, GW checks if \({V}_1^{\ast }\) is equal to V1. If they are equal, then GW computes KSj = h(h(SIDj||Rj)||kGWN), M2 = h(N2||HIDi) ⊕ h(KSj||PIDi), M3 = N1 ⊕ h(h(N2||HIDi)||KSj), and V2 = h(PIDi||SIDj||h(N2||HIDi)||N1). At last, GW sends {PIDi, M2, M3, V2}to Sj.
-
Step 3. Sj computes h(N2||HIDi)* = M2 ⊕ h(KSj||PIDi), \({N}_1^{\ast }\) = M3 ⊕ h(h(N2||HIDi)* ||PIDi), and \({V}_2^{\ast }\) = h(PIDi||SIDj||h(N2||HIDi)|| \({N}_1^{\ast }\)). Then, Sj checks if \({V}_2^{\ast }\) is equal to V2. If they are equal, then Sj computes SK = h(h(N2||HIDi)||N3||N1), M4 = N3 ⊕ h(KSj||N2), and V3 = h(SK||N3||SIDj). Finally, Sj sends M4 and V3 to GW.
-
Step 4. GW computes \({N}_3^{\ast }\) = M4 ⊕ h(KSj||N2), SK* = h(h(N2||HIDi)|| \({N}_3^{\ast }\) ||N1), and \({V}_3^{\ast }\) = h(SK*|| \({N}_3^{\ast }\) ||SIDj). Then, GW checks if \({V}_3^{\ast }\) is equal to V3. If they are equal, then GW generates N2 and computes xnew = h(x||N2), \({PID}_i^{new}\) = HIDi ⊕ h(xnew||kGWN), Pi = \({PID}_i^{new}\oplus\) h(N1||HIDi), M5 = N2 ⊕ h(HIDi||SIDj|| N1), M6 = N3 ⊕ h(N2||HIDi|| \({PID}_i^{new}\)), and V4 = h(N2||N3|| \({PID}_i^{new}\) ||SK). Finally, the GW sends {Pi, M5, M6, V4}to Ui.
-
Step 5. Ui computes \({PID}_i^{new}\) = Pi ⊕ h(N1||HIDi), \({N}_2^{\ast }\) = M5 ⊕ h(HIDi||SIDj||N1), \({N}_3^{\ast }\) = M6 ⊕ h(\({N}_2^{\ast }\) ||HIDi|| \({PID}_i^{new}\)), SK* = h(h(\({N}_2^{\ast }\) ||HIDi)|| \({N}_3^{\ast }\) ||N1), and \({V}_4^{\ast }\) = h(\({N}_2^{\ast }\) || \({N}_3^{\ast }\) || \({PID}_i^{new}\) ||SK*). Then, Ui checks the equality if \({V}_4^{\ast }\) is equal to V4. If they are equal, then Ui replaces PIDi to \({PID}_i^{new}\) in the smart card. Otherwise, Ui considers the GW is invalid and denies the transactions Fig. 3.
2.4 Password update phase
-
Step 1. If Ui wants to change the password, then Ui inputs IDi and PWi into the smart card. The smart card computes \({R}_i^{\ast }\) = SRi ⊕ h(IDi||PWi), \({APW}_i^{\ast }\) = h(PWi||Ri), and \({V}_i^{\ast }\) = h(APWi||IDi|| \({R}_i^{\ast }\)). Then, it checks the equality if \({V}_i^{\ast }\) is equal to Vi. If they are equal, then the smart card accepts the request of changing password.
-
Step 2. Ui inputs a new password \({PW}_i^{new}\) into the smart card. Then, the smart card selects a random number \({R}_i^{new}\) to compute \({APW}_i^{new}\) = h(\({PW}_i^{new}\) || \({R}_i^{new}\)), \(S{R}_i^{new}\) = \({R}_i^{new}\oplus\) h (IDi|| \({PW}_i^{new}\)), \({SHID}_i^{new}\) = HIDi ⊕ h(\({PW}_i^{new}\) ||IDi|| \({R}_i^{new}\)), and \({V}_i^{new}\) = h(\({APW}_i^{new}\) ||IDi|| \({R}_i^{new}\)). Finally, the smart card stores \(S{R}_i^{new}\), \({SHID}_i^{new}\), \({V}_i^{new}\), PIDi, and h(∙) in its memory.
2.5 Sensor node addition phase
-
Step 1. \({S}_j^{new}\) selects its identity \({SID}_j^{new}\) and a random number \({R}_j^{new}\). Then, \({S}_j^{new}\) computes h(\({SID}_j^{new}\) || \({R}_j^{new}\)) and sends { \({SID}_j^{new}\), h(\({SID}_j^{new}\) || \({R}_j^{new}\))} to GW through a secure channel.
-
Step 2. GW computes \({KS}_j^{new}\) = h(h(\({SID}_j^{new}\) || \({R}_j^{new}\))||kGWN) and stores { \({SID}_j^{new}\), h(\({SID}_j^{new}\) || \({R}_j^{new}\))} in its database. Then, the GW sends \({KS}_j^{new}\) to \({S}_j^{new}\) through a secure channel.
-
Step 3. Finally, \({S}_j^{new}\) stores \({KS}_j^{new}\) in its memory.
According to the above descriptions, I think Kwon et al.’s scheme has some disadvantages as follows. First, the sensor node registration phase and user registration phase in their scheme have to be performed in a secure channel. That is, the user and sensor registrations cannot be executed in wireless network environments. However, in some WSN applications, the sensors need to be deployed dynamically. Thus, Kwon et al.’s scheme is not suitable for the dynamic network topology. Second, Kwon et al.’s scheme is not a multi-gateway WSN scheme. Compared with related work [17], it can be applied to a few applications. Third, Kwon et al. did not design the steps for data transmissions after the mutual authentication and key agreement had been finished. Thus, Kwon et al.’s scheme is not a complete version. Finally, Kwon et al.’s scheme has many redundant computations. To authenticate the user, the gateway only needs to check if the user knows the correct PIDi = HIDi ⊕ h(x||kGWN), where kGWN is a long-term secret key of the gateway. However, to fulfill this purpose, the user side has to compute \({R}_1^{\ast }\) = SRi ⊕ h(IDi||PWi), \({APW}_i^{\ast }\) = h(PWi||Ri), \({V}_i^{\ast }\) = h(\({APW}_i^{\ast }\) ||IDi|| \({R}_1^{\ast }\)), HIDi = SHIDi ⊕ h(PWi||IDi||Ri), Si = SIDj ⊕ h(PIDi||HIDi), M1 = N1 ⊕ h(HIDi||PIDi), and V1 = h(SIDj|| PIDi|| N1||HIDi) in Step1 of Subsection 2.1. This is very inefficient and impractical while the user only needs to prove to the gateway that he knows the correct PIDi = HIDi ⊕ h(x||kGWN).
3 The proposed scheme
To solve the problems of the related works [17, 18], I propose a multi-gateway authentication and key-agreement scheme on WSNs for IOT in this section. The proposed multi-gateway structure is shown in Fig. 4. In the proposed structure, there are several clusters of sensors and gateways. The system administrator (SA) is responsible for setting and storing the system parameters for all participants in the proposed scheme. In addition, the SA can be seen as a mainframe or a base station that keeps the data collected by all sensors. In each cluster, the gateway (GW) is a manager of all sensors, and it collects all data gathered by the sensors. Then, the GW of each cluster sends the data collected from its area to the SA. Besides, the GW is also responsible for authenticating the validities of the user’s and sensor’s identities. And, the user can get the data collected by the sensors through the GW.
The proposed scheme can be divided into four phases: the system setting phase, sensor registration and authentication phase, user registration and authentication phase, and data access phase. Table 2 shows the parameters used in the proposed scheme.
3.1 System setting phase
In this phase, SA is responsible for setting the parameters of all users, sensors, and gateways. When a user wants to access the wireless sensor network (WSN), he must register with the SA. The steps are shown as follows.
-
Step 1. Before sensors are deployed, SA randomly selects a secret integer RSA and stores {IDHG, XHG, RSA} in the HG. Then, SA stores {\({ID}_{S_j},\kern0.5em {R}_{SA}\)} to each Sj.
-
Step 2. Ui sends a registration request to the SA. Then, SA sends { IDi, PWi, RSA } to Ui in a secure channel. Finally, Ui stores { IDi, PWi, RSA } into its mobile device or smart card.
3.2 Sensor registration and authentication phase
In this phase, the sensors are deployed in an area, and each sensor has to register at a home gateway (HG). Then, the HG and a sensor authenticate each other’s validities. Note that all steps of this phase can be performed by the HG and sensors automatically without human intervention. The Steps are shown as follows.
-
Step 1. Sj sends \({ID}_{S_j}\) to the HG. Then, HG computes \({A}_{S_j}=h\Big({ID}_{S_j}\)||XHG), \(\overline{A_{S_j}}=\) \({A}_{S_j}\oplus {R}_{SA}\), and \(\overset{\sim }{A_{S_j}}=h\Big({A}_{S_j}\)||RSA||T1), and it sends {\(\overline{A_{S_j}},\overset{\sim }{\ {A}_{S_j}},\kern0.5em {T}_1\)} to Sj.
-
Step 2. Sj computes \(\overset{\acute{\mkern6mu}}{A_{S_j}}=\overline{A_{S_j}}\oplus {R}_{SA}\) and checks \(\overset{\sim }{A_{S_j}}=?h\Big(\overset{\acute{\mkern6mu}}{A_{S_j}}\) || RSA || T1) and if T1 is valid or not by examining ∆T. If \(\overset{\sim }{A_{S_j}}\) is equal to \(h\Big(\overset{\acute{\mkern6mu}}{A_{S_j}}\) || RSA || T1) and T1 is valid, then Sj ensures that the HG is a legal gateway and \(\overset{\acute{\mkern6mu}}{A_{S_j}}\) = \({A}_{S_j}\). After that, Sj selects RSj0 to compute \(\overline{B_{S_j}}=h\left({A}_{S_j}\right)\oplus {R}_{S_j0}\) and \(\kern0.5em \overset{\sim }{B_{S_j}}=h\Big({R}_{Sj0}\) || T2). Finally, Sj sends { \({ID}_{S_j},\kern0.5em \overline{B_{S_j}},\kern0.5em \overset{\sim }{B_{S_j}},\kern0.5em {T}_2\) } to the HG and stores \({A}_{S_j}\) in its storage space.
-
Step 3. HG computes \(\overset{\acute{\mkern6mu}}{R_{S_j0}}=h\left(h\right({ID}_{S_j}\) || XHG)) \(\oplus \overline{B_{S_j}}\) and checks \(\overset{\sim }{B_{S_j}}=?h\Big(\overset{\acute{\mkern6mu}}{R_{S_j0}}\) || T2) and if T2 is valid or not by examining ∆T. If \(\overset{\sim }{B_{S_j}}\) is equal to \(h\Big(\overset{\acute{\mkern6mu}}{R_{S_j0}}\) || T2) and T2 is valid, then HG ensures that Sj is a legal sensor and \(\overset{\acute{\mkern6mu}}{R_{S_j0}}\) = RSj0. Finally, the HG stores \({ID}_{S_j}\) in its registration list, which keeps the identities of all legal sensors Fig. 5.
3.3 User registration and authentication phase
In this phase, the user registers at HG to access the WSN. Then, the HG and the user mutually authenticate each other’s validities. The steps of this phase are listed as follows.
-
Step 1. Ui inputs IDi and PWi into the mobile device. If IDi and PWi are both correct, then the mobile device randomly chooses \({TID}_{U_i}\) and sends it to the HG. After that, HG computes \({A}_{U_i}=h\Big({TID}_{U_i}\)||XHG),\(\kern0.5em \overline{A_{U_i}}={A}_{U_i}\oplus {R}_{SA}\), and \(\overset{\sim }{A_{U_i}}=h\Big({A}_{U_i}\)||RSA||T3) and sends {\(\overline{A_{U_i}},\kern0.5em \overset{\sim }{A_{U_i}},\kern0.5em {T}_3\)} to Ui.
-
Step 2. Ui computes \(\overset{\acute{\mkern6mu}}{A_{U_i}}=\overline{A_{U_i}}\oplus {R}_{SA}\) and checks \(\overset{\sim }{A_{U_i}}=?h\Big(\overset{\acute{\mkern6mu}}{A_{U_i}}\) || RSA || T3). If \(\overset{\sim }{A_{U_i}}\) is equal to \(h\Big(\overset{\acute{\mkern6mu}}{A_{U_i}}\) || RSA || T3) and T3 is valid, then Ui ensures that HG is a legal gateway and \(\overset{\acute{\mkern6mu}}{A_{U_i}}\) = \({A}_{U_i}\). After that, Ui randomly chooses \({R}_{U_i0}\) to compute \(\overline{B_{U_i}}=h\left({A}_{U_i}\right)\oplus {R}_{U_i0}\) and \(\overset{\sim }{B_{U_i}}=h\Big({R}_{U_i0}\) || T4). Then, Ui sends { \({TID}_{U_i},\kern0.5em \overline{B_{U_i}},\kern0.5em \overset{\sim }{B_{U_i}},\kern0.5em {T}_4\) } to the HG. Finally, Ui stores \({A}_{U_i}\) in the mobile device.
-
Step 3. HG computes \(\overset{\acute{\mkern6mu}}{R_{U_i0}}=h\left(h\right({TID}_{U_i}\) || XHG)) \(\oplus \overline{B_{U_i}}\kern0.5em\) and checks \(\overset{\sim }{B_{U_i}}=?h\Big(\overset{\acute{\mkern6mu}}{R_{U_i0}}\) || T4). If \(\overset{\sim }{B_{U_i}}\) is equal to \(h\Big(\overset{\acute{\mkern6mu}}{R_{U_i0}}\) || T4) and T4 is valid, then HG ensures that Ui is a valid user and \(\overset{\acute{\mkern6mu}}{R_{U_i0}}\) = \({R}_{U_i0}\). Finally, HG stores \({TID}_{U_i}\) in the registration list of its database Fig. 6.
3.4 Data access phase
This phase can be divided into three subphases: the user requiring phase, local data access phase and the foreign data access phase. To access data from the WSN, the user sends the requiring message to the HG by performing the user requiring phase. Then, the HG authenticates the user and negotiates a session key between them. If the user wants to access the data from the local area, then the user and HG perform the local data access phase. Otherwise, they perform the foreign data access phase, and the user gets the data from a foreign gateway through the HG. The steps of this phase are listed as follows.
3.4.1 User requiring phase
-
Step 1. Ui inputs IDi and PWi in the mobile device. If IDi and PWi are both correct, then the mobile device randomly chooses \({R}_{U_i1}\) to compute \({C}_{U_i}=h\left({A}_{U_i}\right)\oplus {R}_{U_i1}\) and \(\overline{C_{U_i}}=h\Big({R}_{U_i1}\) || \({ID}_{S_j}\) || T5). Then, Ui sends { \({TID}_{U_i},\kern0.5em {ID}_{sj},\kern0.5em {C}_{U_i},\kern0.5em \overline{C_{U_i}},\kern0.5em {T}_5\) } to the HG.
-
Step 2. The HG computes \(\overset{\acute{\mkern6mu}}{R_{U_i1}}=h\left(h\right({TID}_{U_i}\)||XHG))\(\oplus {C}_{U_i}\) and checks \(\overline{C_{U_i}}=?h\Big(\overset{\acute{\mkern6mu}}{R_{U_i1}}\)||\({ID}_{S_j}\)||T5). If \(\overline{C_{U_i}}\) is equal to \(h\Big(\overset{\acute{\mkern6mu}}{R_{U_i1}}\)||\({ID}_{S_j}\)||T5) and T5 is valid, then the HG ensures that Ui is a legal user and \(\overset{\acute{\mkern6mu}}{R_{U_i1}}\) = \({R}_{U_i1}\).
-
Step 3. HG generates RHG1 to compute \({K}_{UH}=h\Big({TID}_{U_i}\)||\({R}_{U_i1}\)||RHG1), \({C}_{HG}=\left(h\right({TID}_{U_{i}}\)||XHG))⊕RHG1, and \(\overline{C_{HG}}=h\Big({R}_{HG1}\)||KUH||T6). Then, HG sends {\({C}_{HG},\kern0.75em \overline{C_{HG}},\kern0.5em {T}_6\)} to Ui.
-
Step 4. Ui computes \(\overset{\acute{\mkern6mu}}{R_{HG1}}=h\left({A}_{U_i}\right)\oplus {C}_{HG}\) and \(\overset{\acute{\mkern6mu}}{K_{UH}}=h\Big({TID}_{U_i}\)||\({R}_{U_i1}\)||\(\overset{\acute{\mkern6mu}}{R_{HG1}}\)) and checks \(\overline{C_{HG}}=?h\Big(\overset{\acute{\mkern6mu}}{R_{HG1}}\)||\(\overset{\acute{\mkern6mu}}{K_{UH}}\)||T6). If \(\overline{C_{HG}}\) is equal to \(h\Big(\overset{\acute{\mkern6mu}}{R_{HG1}}\)||\(\overset{\acute{\mkern6mu}}{K_{UH}}\)||T6) and T6 is valid, then Ui ensures that HG is a legal gateway and \(\overset{\acute{\mkern6mu}}{K_{UH}}\) = KUH.
-
Step 5. HG checks if IDsj is in the local area or not. If it is in the local area, then the HG performs the local data access phase in Subsection 3.4.2. Otherwise, the HG communicates with the FG and performs the foreign data access phase in Subsection 3.4.3 Fig. 7.
3.4.2 Local data access phase
-
Step1. HG computes \({F}_{HG}=h\left(h\right({ID}_{S_j}\)||XHG))⊕RHG1 and \(\overline{F_{HG}}=h\Big({R}_{HG1}\)||T7), then it sends {\({F}_{HG},\kern0.5em \overline{F_{HG}},{T}_7\)} to Sj.
-
Step 2. Sj computes \(\overset{\acute{\mkern6mu}}{R_{HG1}}=h\left({A}_{S_j}\right)\oplus {F}_{HG}\) and checks \(\kern0.5em \overline{F_{HG}}=?h\Big(\overset{\acute{\mkern6mu}}{R_{HG1}}\) || T7). If \(\overline{F_{HG}}\) is equal to \(h\Big(\overset{\acute{\mkern6mu}}{R_{HG1}}\) || T7) and T7 is valid, then Sj ensures that the HG is a legal gateway and \(\overset{\acute{\mkern6mu}}{R_{HG1}}={R}_{HG1}\). After that, Sj generates \({R}_{S_j1}\) to compute \({K}_{SH}=h\Big({ID}_{S_j}\) || \({R}_{S_j1}\) || RHG1), \({F}_{S_j}=h\left({A}_{S_j}\right)\oplus {R}_{S_j1}\), \(\overline{F_{S_j}}=h\Big({R}_{S_j1}\) || KSH || T8), and \({EDATA}_1={E}_{K_{SH}}(DATA)\). Finally, Sj sends { \({ID}_{S_j},\kern0.5em {F}_{S_j},\kern0.5em \overline{F_{S_j}},\kern0.5em {EDATA}_1,\kern0.5em {T}_8\) } to the HG.
-
Step 3. HG computes \(\overset{\acute{\mkern6mu}}{R_{S_j1}}=h\left(h\right({ID}_{S_j}\) || XHG)) ⊕Fsj and \(\overset{\acute{\mkern6mu}}{K_{SH}}=h\Big({ID}_{S_j}\) || \(\overset{\acute{\mkern6mu}}{R_{S_j1}}\) || RHG1) to check \(\overline{F_{S_j}}=?h\Big(\overset{\acute{\mkern6mu}}{R_{S_j1}}\) || \(\overset{\acute{\mkern6mu}}{K_{SH}}\) || T8). If \(\overline{F_{S_j}}\) is equal to \(h\Big(\overset{\acute{\mkern6mu}}{R_{S_j1}}\) || \(\overset{\acute{\mkern6mu}}{K_{SH}}\) || T8) and T8 is valid, then the HG ensures that Sj is a legal sensor and \(\overset{\acute{\mkern6mu}}{R_{S_j1}}\) = RSj1 and \(\overset{\acute{\mkern6mu}}{K_{SH}}\) = KSH. Note that KSH is a session key between Sj and the HG.
-
Step 4. To decrypt the collected data from Sj, the HG uses KSH to compute \(\kern0.5em DATA={D}_{K_{SH}}\left({EDATA}_1\right)\). After that, the HG uses the session key KUH negotiated by Subsection 3.4.1 to compute \({EDATA}_2={E}_{K_{UH}}\Big( DATA\)||T9). Finally, the HG sends {IDHG, EDATA2, T9} to Ui.
-
Step 5. Ui computes (DATA || \({T}_9\Big)={D}_{K_{UH}}\left({EDATA}_2\right)\) to get DATA and T9. And, Ui checks if T9 is valid or not by ∆T. If T9 is valid, then Ui accepts the data. Otherwise, Ui discards it Fig. 8.
3.4.3 Foreign data access phase
-
Step 1. HG generates RHF to compute FHF = h(IDHG || RSA) ⊕ RHF and \(\overline{F_{HF}}=h\Big({R}_{HF}\) || \({ID}_{S_j}\) || T7). Then, the HG sends { \({ID}_{HG},\kern0.5em {F}_{HF},\overline{F_{HF}},\kern0.5em {T}_7\) } to FG.
-
Step 2. After getting {\({ID}_{HG},\kern0.5em {F}_{HF},\overline{F_{HF}},\kern0.5em {T}_7\)}, FG computes \(\overset{\acute{\mkern6mu}}{R_{HF}}=h\left({ID}_{HG}\Big\Vert {R}_{SA}\right)\oplus {F}_{HF}\) and checks \(\overline{F_{HF}}=?h\Big(\overset{\acute{\mkern6mu}}{R_{HF}}\)||\({ID}_{S_j}\)||T7). If \(\overline{F_{HF}}\) is equal to \(h\Big(\overset{\acute{\mkern6mu}}{R_{HF}}\)||\({ID}_{S_j}\)||T7) and T7 is valid, then the FG ensures that HG is a legal gateway and \(\overset{\acute{\mkern6mu}}{R_{HF}}\) = RHF. After that, the FG generates RFH and RFG1 to compute KFH = h(RHF||RFH), \({F}_{FG}=h\left(h\right({ID}_{S_j}\)||XFG))⊕RFG1, and \(\overline{F_{FG}}=h\Big({R}_{FG1}\)||T8). Finally, the FG sends {\({F}_{FG},\kern0.5em \overline{F_{FG}},\kern0.5em {T}_8\)} to Sj.
-
Step 3. Sj computes \(\overset{\acute{\mkern6mu}}{R_{FG1}}=h\left({A}_{S_j}\right)\oplus {F}_{FG}\) and checks \(\overline{F_{FG}}=?h\Big(\overset{\acute{\mkern6mu}}{R_{FG1}}\) || T8). If \(\overline{F_{FG}}\) is equal to \(h\Big(\overset{\acute{\mkern6mu}}{R_{FG1}}\) || T8) and T8 is valid, then Sj ensures that the FG is a legal gateway and \(\overset{\acute{\mkern6mu}}{R_{FG1}}\) = RFG1. After that, Sj generates RSj1 to compute \({K}_{SF}=h\Big({ID}_{S_j}\) || \({R}_{S_j1}\) || RFG1), \({F}_{S_j}=h\left({A}_{S_j}\right)\oplus {R}_{Sj1}\), \(\overline{F_{S_j}}=h\Big({R}_{S_j1}\) || KSF || T9), and \({EDATA}_1={E}_{K_{SF}}(DATA)\). Finally, Sj sends { \({ID}_{S_j},\kern0.5em {F}_{sj},\overline{F_{S_j}},\kern0.5em {EDATA}_1,{T}_9\Big\}\) to the FG.
-
Step 4. FG computes \(\overset{\acute{\mkern6mu}}{R_{S_j1}}=h\left(h\right({ID}_{S_j}\)||XFG))⊕Fsj and \(\overset{\acute{\mkern6mu}}{K_{SF}}=h\Big({ID}_{S_j}\)||\(\overset{\acute{\mkern6mu}}{R_{S_j1}}\)||RFG1) to check \({F}_{S_j}=?h\Big(\overset{\acute{\mkern6mu}}{R_{S_j1}}\)||\(\overset{\acute{\mkern6mu}}{K_{SF}}\)||T9). If \({F}_{S_j}\) is equal to \(h\Big(\overset{\acute{\mkern6mu}}{R_{S_j1}}\)||\(\overset{\acute{\mkern6mu}}{K_{SF}}\)||T9) and T9 is valid, then the FG ensures that Sj is a legal sensor and \(\overset{\acute{\mkern6mu}}{R_{S_j1}}\) = RSj1.
-
Step 5. FG computes \(DATA={D}_{K_{SF}}\left({EDATA}_1\right)\), \({EDATA}_2={E}_{K_{HF}}(DATA)\), FFH = h(IDHF || RSA) ⊕RFH, and \(\overline{F_{FH}}=h\Big({R}_{FH}\) || KHF || T10). Then, the FG sends { \({ID}_{FG},\kern0.5em {F}_{FH},\kern0.5em \overline{F_{FH},}\ {EDATA}_2,{T}_{10}\) } to the HG.
-
Step 6. HG computes \(\overset{\acute{\mkern6mu}}{R_{FH}}=h\Big({ID}_{HF}\)||RSA ⊕ FFH) and \(\overset{\acute{\mkern6mu}}{K_{HF}}=h\Big(\ {R}_{HF}\)||\(\overset{\acute{\mkern6mu}}{R_{FH}}\)) to check \(\overline{F_{FH}}=?h\Big(\overset{\acute{\mkern6mu}}{R_{FH}}\)||\(\overset{\acute{\mkern6mu}}{K_{HF}}\)||T10). If \(\overline{F_{FH}}\) is equal to \(h\Big(\overset{\acute{\mkern6mu}}{R_{FH}}\)||\(\overset{\acute{\mkern6mu}}{K_{HF}}\)||T10) and T10 is valid, then the HG ensures that the FG is a legal gateway and \(\overset{\acute{\mkern6mu}}{R_{FH}}\) = RFH and \(\overset{\acute{\mkern6mu}}{K_{HF}}\) = KHF. After that, the HG computes \(DATA={E}_{K_{HF}}\left({EDATA}_2\right)\) and \({EDATA}_3={E}_{K_{UH}}\Big( DATA\)||T11) to send {IDHG, EDATA3, T11} to Ui.
-
Step 7. Ui computes (DATA || \({T}_{11}\Big)={D}_{K_{UH}}\left({EDATA}_3\right)\) to get DATA and T11. And, Ui checks if T11 is valid or not by ∆T. If T11 is valid, then Ui accepts the data. Otherwise, Ui discards it Fig. 9.
Compared with related works [17, 18], the proposed scheme has the following advantages. First, the proposed scheme allows the user and the sensor to register and join dynamically with WSN without using a secure channel. Thus, the proposed scheme is more suitable for the dynamic network topology of IoT. Second, the proposed scheme is a multi-gateway structure, and thus it can be applied to various IoT applications. Third, unlike the related works [17, 18], the proposed scheme has local and foreign data access phases to show how to access data securely in the multi-gateway WSN. Thus, the proposed scheme is more completed and practical than related works. Fourth, the proposed scheme is only designed by the light-weight operations (XOR operation and one-way hash function). Therefore, the proposed scheme has low computation and communication loads.
4 Security and performance analyses
In this section, I perform some attacks on the proposed scheme to analyze its security. In addition, the performance analyses of the related works are also provided. The proposed attacks are shown as follows.
4.1 Outsider attack
Assuming that an outside attacker wants to get \({R}_{U_i1}\) and RHG1 to compute the session key \({K}_{UH}=h\Big({TID}_{U_i}\)||\({R}_{U_i1}\)||RHG1), and the outsider will wiretap the communications between the user and HG in Subsection 3.4.1 to obtain {\({TID}_{U_i},\kern0.5em {ID}_{sj},\kern0.5em {C}_{U_i},\kern0.5em \overline{C_{U_i}},\kern0.5em {T}_5\)} and {\({C}_{HG},\kern0.75em \overline{C_{HG}},\kern0.5em {T}_6\)}. To get \({R}_{U_i1}\), the attacker has to compute the equation \(\overset{\acute{\mkern6mu}}{R_{U_i1}}=h\left(h\right({TID}_{U_i}\)||XHG))\(\oplus {C}_{U_i}\). However, it is impossible because the attacker does not know \({A}_{U_i}=h\Big({TID}_{U_i}\)||XHG) which is a secret authentication information stored in the user’s devices. For the same reason, the attacker cannot obtain RHG1 from the equation \(\overset{\acute{\mkern6mu}}{R_{HG1}}=h\left({A}_{U_i}\right)\oplus {C}_{HG}\).
Based upon the similar analysis, an attacker cannot get the session keys \({K}_{SH}=h\Big({ID}_{S_j}\) || \({R}_{S_j1}\) || RHG1), \({K}_{SF}=h\Big({ID}_{S_j}\) || \({R}_{S_j1}\) || RFG1), and KFH = h(RHF || RFH) because he does not know the secret authentication information \({A}_{U_i}\) and \({A}_{S_j}\). According to the above analysis, the outsider attack is infeasible for the proposed scheme.
4.2 Insider attack
Assuming that an inside attacker Ui (a malicious user) wants to get the secret key XHG of the home gateway (HG), and the insider will try to compute XHG from \({A}_{U_i}=h\Big({TID}_{U_i}\) || XHG) stored in his device. However, this attack is infeasible because XHG is protected by a secure one-way hash function h(∙). Computing XHG from \(h\Big({ID}_{S_j}\) || XHG) is impossible [16].
On the other hand, if an attacker has controlled a sensor Sj and obtained its authentication information \({A}_{S_j}=h\Big({ID}_{S_j}\) || XHG), then he tries to compute XHG from \(h\Big({ID}_{S_j}\) || XHG). However, this attack is also impossible because XHG is protected by the one-way hash function h(∙). According to the above analyses, the insider attack is infeasible for the proposed scheme.
4.3 Impersonating attack
Assuming that an attacker does not register at the SA and tries to impersonate a legal user Ui, and the attacker is going to execute the steps of Subsection 3.3 to register at the HG. Thus, the attacker intercepts { \(\overline{A_{U_i}},\kern0.5em \overset{\sim }{A_{U_i}},\kern0.5em {T}_3\) } in Step 1 of Subsection 3.3, and then he uses the fake authentication information \({A}_{U_i\_ fake}\) to compute \(\overline{B_{U_i}}=h\left({A}_{U_i\_ fake}\right)\oplus {R}_{U_i0}\) and \(\overset{\sim }{B_{U_i}}=h\Big({R}_{U_i0}\) || T4). After that, the attacker sends { \({TID}_{U_i},\kern0.5em \overline{B_{U_i}},\kern0.5em \overset{\sim }{B_{U_i}},\kern0.5em {T}_4\) } to the HG. After receiving \(\overline{B_{U_i}}\) and \(\overset{\sim }{B_{U_i}}\), the HG computes \(\overset{\acute{\mkern6mu}}{R_{U_i0}}=h\left(h\right({A}_{U_i}\))) \(\oplus \overline{B_{U_i}}\kern0.5em\) and checks \(\overset{\sim }{B_{U_i}}=?h\Big(\overset{\acute{\mkern6mu}}{R_{U_i0}}\) || T4), where \({A}_{U_i}=h\Big({TID}_{U_i}\) || XHG). However, the HG will find that \(\overset{\sim }{B_{U_i}}\) is not equal to \(h\Big(\overset{\acute{\mkern6mu}}{R_{U_i0}}\) || T4) because \({A}_{U_i\_ fake}\ne {A}_{U_i}\) and \(\overset{\acute{\mkern6mu}}{R_{U_i0}}\ne {R}_{U_i0}\). That is, the HG will know the attacker is not a legal user and deny his registration.
Similarly, impersonating a legal user in Subsection 3.4.1 is impossible because an attacker does not know the authentication information \({A}_{U_i}\). The HG can discover an attacker by checking \(\overline{C_{U_i}}=?h\Big(\overset{\acute{\mkern6mu}}{R_{U_i1}}\) || \({ID}_{S_j}\) || T5) in Step 2 of Subsection 3.4.1. According to the above analyses, the impersonating attack is infeasible for the proposed scheme.
4.4 Men-in-the-middle attack
Assuming that an attacker intercepts the communications between the sensor and the HG in Step 2 of Subsection 3.2, then he tries to alter { \(\overline{A_{S_j}},\overset{\sim }{\ {A}_{S_j}},\kern0.5em {T}_1\) } and resends the tampered message to the sensor. The attacker may compute \({\overline{A_{S_j}}}^{"}=\) \({A_{S_j}}^{"}\oplus {R_{SA}}^{"}\), and \(\overset{\sim }{A_{S_j}"}=h\Big({A_{S_j}}^{"}\) || RSA" || T1"), and then he sends { \({\overline{A_{S_j}}}^{"},{\overset{\sim }{\ {A}_{S_j}}}^{"},\kern0.5em {T_1}^{"}\) } to Sj. However, Sj will discover that { \({\overline{A_{S_j}}}^{"},{\overset{\sim }{\ {A}_{S_j}}}^{"},\kern0.5em {T_1}^{"}\) } is a fake message by computing \(\overset{\acute{\mkern6mu}}{A_{S_j}}={\overline{A_{S_j}}}^{"}\oplus {R}_{SA}\) and \({\overset{\sim }{A_{S_j}}}^{"}=?h\Big(\overset{\acute{\mkern6mu}}{A_{S_j}}\) || RSA || T1). Obviously, \({\overset{\sim }{A_{S_j}}}^{"}\) is not equal to \(h\Big(\overset{\acute{\mkern6mu}}{A_{S_j}}\) || RSA || T1) because \(\overset{\sim }{A_{S_j}"}=h\Big({A_{S_j}}^{"}\) || RSA" || T1") \(\ne h\Big(\overset{\acute{\mkern6mu}}{A_{S_j}}\) || RSA || T1). According to the above analysis, the proposed scheme can prevent from the men-in-the-middle attack.
4.5 Replay attack
Assuming that an attacker intercepts { \(\overline{A_{S_j}},\overset{\sim }{\ {A}_{S_j}},\kern0.5em {T}_1\) }, and then he resends it to Sj without any alteration in Subsection 3.2. However, the sensor will discover { \(\overline{A_{S_j}},\overset{\sim }{\ {A}_{S_j}},\kern0.5em {T}_1\) } is re-sent by an attacker because Sj must check if T1 is valid or not by examining ∆T. Definitely, the re-sending time will exceed the valid time interval ∆T, and thus the sensor can discover this attack. Based upon the similar analysis, an attacker cannot perform this kind of attack on the user registration and authentication phase and data access phase because the timestamps are used in the proposed scheme. According to the above analysis, the proposed scheme can prevent from the replay attack.
4.6 Performance analysis
The performance analyses of the related works [17,18,19,20] and the proposed scheme are shown in Table 3. Note that the proposed scheme and [17] are multi-gateway structures for WSN and the others are not. In addition, only the proposed scheme provides the data access phase after mutual authentication and key agreement have been done. Under the same benchmark, the performance analysis of the data access phase of the proposed scheme is eliminated. In Table 3, Th, Tecm, and Tsym are the execution time of the one-way hash function, point multiplication of the elliptic curve cryptosystem [16], and symmetric encryption/decryption, respectively. According to [18], the execution time of Th, Tecm, and Tsym are about 0.00032, 0.0171, and 0.0056 seconds, respectively. That is, Tecm > Tsym > Th. Moreover, the measurement does not consider the execution time of XOR operation because its computation cost is negligible. According to Table 3, the proposed scheme is more efficient than related works.
5 Conclusions
In this paper, I proposed a multi-gateway authentication and key-agreement scheme on wireless sensor networks for IoT. Unlike related works, the proposed scheme allows the user and the sensor to register at different gateways dynamically, and thus the user and the sensor can securely join in different areas of wireless sensor networks. In addition, the proposed multi-gateway structure can be applied to more IoT applications in comparison with single-gateway related works. According to the proposed performance analysis, the computation costs of the proposed scheme are much less than those of the related works. In conclusion, the proposed scheme is more efficient and practical than related works for IoT applications.
Availability of data and materials
Data sharing is not applicable to this article as no datasets were generated or analyzed during the current study.
References
A. Zanella, N. Bui, A. Castellani, L. Vangelista, M. Zorzi, Internet of things for smart cities. IEEE Internet Things J. 1(1), 22–32 (2014)
F. Wortmann, K. Flüchter, Internet of things: Technology and value added. Bus. Inf. Syst. Eng. 57(3), 221–224 (2015)
M.S. Farash, M. Turkanović, S. Kumari, M. Hölbl, An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the internet of things environment. Ad Hoc Netw. 36(1), 152–176 (2016)
O. Bello, S. Zeadally, Intelligent device-to-device communication in the internet of things. IEEE Syst. J. 10(3), 1172–1182 (2016)
A. Osseiran, O. Elloumi, J.S. Song, J.F. Monserrat, Internet of things. IEEE Communications Standards Magazine 1(2), 84 (2017)
R. Watro, D. Kong, S. Cuti, C. Gardiner, C. Lynn, P. Kruus, TinyPK: Securing sensor networks with public key technology. SASN 4, 59–64 (2004)
S. Lee, J. Lee, H. Sin, S. Yoo, S. Lee, J. Lee, Y. Lee, S. Kim, An energy-efficient distributed unequal clustering protocol for wireless sensor networks. World Acad. Sci. Eng. Technol. 48, 12–23 (2008)
B. Vaidya, J. Silva and J. Rodrigues, “Robust dynamic user authentication scheme for wireless sensor networks”, Proceedings of the 5th ACM symposium on QoS and security for wireless and mobile networks, pp. 88-91, 2009
R. Song, Advanced smart card based password authentication protocol. Comput. Standards Interfaces 32, 321–325 (2010)
A. Das, P. Sharma, S. Chatterjee, J. Sing, A dynamic password based user authentication scheme for hierarchical wireless sensor networks. J. Netw. Comput. Appl. 35, 1646–1656 (2012)
D. Sun, J. Li, Z. Feng, Z. Cao, G. Xu, On the security and improvement of a two-factor user authentication scheme in wireless sensor networks. Pers. Ubiquit. Comput. 17, 895–905 (2013)
K. Xue, C. Ma, P. Hong, R. Ding, A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. J. Netw. Comput. Appl. 36, 316–323 (2013)
M. Turkanovic, B. Brumen, M. Hölbl, A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the internet of things notion. Ad Hoc Netw. 20, 96–112 (2014)
R. Amin, G. Biswas, Design and analysis of bilinear pairing based mutual authentication and key agreement protocol usable in multi-server environment. Wireless Personal Commutations 84, 1–24 (2015)
R. Amin, G. Biswas, A novel user authentication and key agreement protocol for accessing multi-medical server usable in TMIS. J. Med. Syst. 39 (2015 [Online].). https://doi.org/10.1007/s10916-015-0217-3
B. Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition, Wiley, New York, 1996
R. Amin, G. Biswas, A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks. Ad Hoc Netw. 36(1), 58–80 (2016)
D.K. Kwon, S.J. Yu, J.Y. Lee, S.H. Son, Y.H. Park, WSN-SLAP: Secure and lightweight mutual authentication protocol for wireless sensor networks. Sensors 21(3), 936–958 (2021)
F. Wu, L. Xu, S. Kumari, X. Li, A privacy-preserving and provable user authentication scheme for wireless sensor networks based on internet of things security. J. Ambient. Intell. Humaniz. Comput. 8, 101–116 (2017)
M.F. Moghadam, M. Nikooghadam, M.A.B.A. Jabban, M. Alishahi, L. Mortazavi, A. Mohajerzadeh, An efficient authentication and key agreement scheme based on ECDH for wireless sensor network. IEEE Access 8, 73182–73192 (2020)
C. Stergiou, K.E. Psannis, B.B. Gupta, Y. Ishibashi, Security, Privacy & Efficiency of sustainable cloud computing for big data & IoT. Sustainable Computing: Informatics and Systems 19, 174–184 (2018)
V. Adat, B.B. Gupta, Security in internet of things: Issues, challenges, taxonomy, and architecture. Telecommun. Syst. 47, 423–441 (2018)
A. Tewari, B. Gupta, Secure timestamp-based mutual authentication protocol for IoT devices using RFID tags. Int. J. Semant. Web Inf. Syst. 16(3), 20–34 (2020)
Acknowledgements
No acknowledgement.
Funding
No funds, grants, or other support was received.
Author information
Authors and Affiliations
Contributions
All works are completed by Jen-Ho Yang. The author(s) read and approved the final manuscript.
Author’s information
Jen-Ho Yang, associate professor, Department of Digital Multimedia Design, Kainan University, Taiwan.
Corresponding author
Ethics declarations
Competing interests
The authors indicate no potential conflicts of interest.
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Yang, JH. A multi-gateway authentication and key-agreement scheme on wireless sensor networks for IoT. EURASIP J. on Info. Security 2023, 2 (2023). https://doi.org/10.1186/s13635-023-00138-z
Received:
Accepted:
Published:
DOI: https://doi.org/10.1186/s13635-023-00138-z