A security protocol for wireless transmission is essential to defend sensitive information from malicious enemies by providing a variety of facilities such as privacy of the user's information, secure session key, associated authentication, and user-repeal facility when a person's authorizations are suddenly disclosed. Singh et al. proposed an improved user authentication and key agreement system for wireless sensor networks (WSNs). Authors are sure that their protocol is secure from various attacks. Here, we find several security pitfalls in their scheme, such as an offline password-guessing attack, failure to protect the session key, and a man-in-the-middle attack. To remove the identified pitfalls found in Singh et al.'s scheme, we design an enhanced authentication scheme for WSNs tailored for IoT. We prove the reliability of our proposed protocol using the real or random (RoR) model. We also evaluate the proposed scheme with the associated schemes and show its superior efficacy as compared to its counterparts.
Keywords: key agreement; smart card; user authentication; wireless sensor networks.