A provably secure authenticated key agreement protocol for industrial sensor network system

The convergence of reliable and self-organizing characteristics of Wireless Sensor Networks (WSNs) and the IoT has increased the utilization of WSN in different scenarios such as healthcare, industrial units, battlefield monitoring and so forth, yet has also led to significant security risks in their deployment. So, several researchers are developing efficient authentication frameworks with various security and privacy characteristics for WSNs. Subsequently, we review and examine a recently proposed robust key management protocol for an industrial sensor network system. However, their work is incompetent to proffer expedient security and is susceptible to several security attacks. We demonstrate their vulnerabilities against man-in-the-middle attacks, privileged insider attacks, secret key leakage attacks, user, gateway, and sensor node impersonation attacks, and offline password-guessing attacks. We further highlight the design flaw of no session key agreement in Itoo et al. Therefore to alleviate the existing security issues, we devise an improved key agreement and mutual authentication framework. Our protocol outperforms Itoo et al.'s drawbacks, as demonstrated by the comprehensive security proof performed using the real-or-random (ROR) model and the formal verification accomplished using the Automated Validation of Internet Security Protocols (AVISPA) tool.