Affiliation:
1. Srinivasa Ramanujan Department of Mathematics Central University of Himachal Pradesh Dharamshala India
2. Distinguished Professor at the King Abdullah II School of Information Technology The University of Jordan Amman Jordan
3. Jordan and School of Computer and Communication Engineering University of Science and Technology Beijing Beijing China
4. Department of Computational Intelligence, School of Computing SRM University Kattankulathur Tamil Nadu India
5. School of Engineering The Amity University Noida Uttar Pradesh India
Abstract
SummaryThe convergence of reliable and self‐organizing characteristics of Wireless Sensor Networks (WSNs) and the IoT has increased the utilization of WSN in different scenarios such as healthcare, industrial units, battlefield monitoring and so forth, yet has also led to significant security risks in their deployment. So, several researchers are developing efficient authentication frameworks with various security and privacy characteristics for WSNs. Subsequently, we review and examine a recently proposed robust key management protocol for an industrial sensor network system. However, their work is incompetent to proffer expedient security and is susceptible to several security attacks. We demonstrate their vulnerabilities against man‐in‐the‐middle attacks, privileged insider attacks, secret key leakage attacks, user, gateway, and sensor node impersonation attacks, and offline password‐guessing attacks. We further highlight the design flaw of no session key agreement in Itoo et al. Therefore to alleviate the existing security issues, we devise an improved key agreement and mutual authentication framework. Our protocol outperforms Itoo et al.'s drawbacks, as demonstrated by the comprehensive security proof performed using the real‐or‐random (ROR) model and the formal verification accomplished using the Automated Validation of Internet Security Protocols (AVISPA) tool.