Robust Multi-Gateway Authentication Scheme for Agriculture Wireless Sensor Network in Society 5.0 Smart Communities

: Recent Society 5.0 efforts by the Government of Japan are aimed at establishing a sustainable human-centered society by combining new technologies such as sensor networks, edge computing, Internet of Things (IoT) ecosystems, artiﬁcial intelligence (AI), big data, and robotics. Many research works have been carried out with an increasing emphasis on the fundamentals of wireless sensor networks (WSN) for different applications; namely precision agriculture, environment, medical care, security, and surveillance. In the same vein, almost all of the known authentication techniques rely on the single gateway node, which is unsuitable for the current sensor nodes that are broadly distributed in the real world. Despite technological advances, resource constraints and vulnerability to an attacker physically capturing some sensor nodes have remained an important and challenging research ﬁeld for developing wireless sensor network user authentication. This work proposes a new authentication scheme for agriculture professionals based on a multi-gateway communication model using a fuzzy extractor algorithm to support the Society 5.0 environment. The scheme provides a secure mutual authentication using the well-established formal method called BAN logic. The formal security veriﬁcation of the proposed scheme is validated with the AVISPA tool, a powerful validation method for network security applications. In addition, the security of the scheme was informally analyzed to demonstrate that the scheme is secure from different attacks, e.g., sensor capture, replay, and other network and physical attacks. Furthermore, the communication and computation costs of the proposed scheme are evaluated and show better performance than the existing authentication schemes.


Introduction
Society 5.0 has been launched by Japan for the perfect industrial structure and social system of the future. According to the Japan Cabinet Office (CAO), society 5.0 is "a human centred society that balances the economic development of a system by combining cyberspace and physical space to solve social problems" [1]. Figure 1 illustrates the evolution of societies from Society 1.0 to the new Society 5.0, in which everyone can live a safe and fulfilling life. Smart Food value chain of Society 5.0 with the National Organization for Agriculture and Food Research (NARO) addresses breeding, cultivation, harvesting, storage, processing, distribution, and consumption issues [2,3]. As a result, the process of establishing a "data-driven society", has begun, which now includes agriculture [4,5]. The ongoing evolution of information and communications technology (ICT) and digital technology of all kinds are the motivation behind Society 5.0 to offer individuals an enormous society of prospects for creativity, growth, unparalleled prosperity collaboration, and human to human, human to machine, and machine to device services [4,6]. By the end of 2025, the world market in smart agriculture is predicted to reach USD 15.3 billion compared to USD 5 billion in 2016, which is more than triple of the market size in just about ten years [7]. Smart agriculture in the agri-product exporting countries will become a critical IoT field [8]. At present, smart agriculture has been applied in IoT applications such as irrigation sensors [9], frost prediction of the event [10], farming of precision soil [11], identification of blind entity [12], smart farming [13], precision agriculture [14], so on. Terrestrial wireless sensor networks (TWSN) and wireless underground sensor networks (WUSN) are the two types of WSNs being utilized in agricultural fields. Wireless underground sensor networks [15] are planted inside the soil with higher frequencies being substantially reduced, while lower frequencies are allowed to permeate the soil [13,[16][17][18]. The overview and the architecture of WSN in the agriculture environment is illustrated in Figure 2. The agriculture applications may transfer or monitor sensitive data via a public channel; thus securing the transmission and authenticating of highly sensitive information. Several gateways should also be included in dealing with a distributed environment to avoid high computation costs in the entire network [19]. Additionally, different issues exist in IoT-based agriculture development, such as information security, privacy, data analysis, maintenance, mobility, and hardware [8,20,21]. The type of wireless communication (e.g., 4G, 5G, WiFi, 6LowPan, LoRa) used for connecting sensors distributed across a large area in the agriculture field may present a mobility challenge [22,23]. Implementing the IoT into the agriculture fields may allow the attacker to attack the agriculture systems; thus, the smart agriculture communication system needs to be secured [8]. Security concerns, such as eavesdropping, disruption, physical attack, and others, might compromise the data and structure of the network [24]. To address this, a data security architecture is constructed that protects data from sensors, wireless networks, and data processing applications through encryption, digital envelopes, digital signatures, and critical public key infrastructures (PKI) [25]. Generally, once the sensors and the gateway nodes are placed, they are stationary. In wireless environment, the cost of sending and receiving messages increases when the distance between the participants and the whole network increases. It is better to allow only the gateway nodes to communicate with the relatively far away users. However, a data flow with high speed may collide, and the performance of the WSN will be slowed down where there is only one gateway. More gateway nodes are needed when the sensors are distributed on a large scale. Thus, the costs of transmitting and receiving messages are much higher than the local computations at an entity in the network [26].
There have been many proposed authentication and key agreement (also known as the key establishment) schemes for WSNs in the literature. For instance, in [27] a lightweight authentication scheme (LAS) for IoT WSN users in a multi-gateway conception is proposed. Similarly, in [28] a three-factor mutual authentication protocol for multi-gateway IoT environments to solve the existing security weaknesses in two-factor authentication protocols is proposed. In 2014, a WSN with a lightweight authentication protocol was integrated with a fingerprint-based biological factor [29]. In [30], a new mechanism for user authentication and key agreement in heterogeneous ad hoc WSNs is proposed. In 2015, an authentication approach based on pseudo-identity temporal credentials in WSNs was devised [31]. In [32], a biometric-based user authentication solution for WSNs is suggested. In 2015, a new secure and more efficient authentication and key agreement scheme for agriculture monitoring using WSNs is proposed [33]. The work of [34] applied dark web technology to ensure the privacy of blockchain and servers. In 2017, work of [35] presented a confidentiality-preserving remote user authentication system for IoT users using WSN, which was more efficient than earlier comparable methods and could withstand all forms of security outbreaks. In [36], an authentication-based, smart-card, and password-based strategy for intelligent agriculture based on the use of fuzzy biometric extraction before providing users with required fields is developed. In [37], an elliptic curve-based user authentication mechanism based on symmetric cryptography (ECC) is presented. In [38], biometric-based authentication and key management services are discussed. In 2020, an Elliptic-Curve Diffie-Hellman authentication and key agreement approach for wireless sensor network (WSN) applications is suggested [39]. In [40], a new user authentication system based on signatures and the ECC in the IoT-enabled environment is presented. In [41], the WSN data protection, three-factor remote user authentication solution for increased security and efficient agricultural monitoring by ECC algorithm are also presented. Table 1, shows that Turkanovic et al. in [30] did not secure forward privacy [42]. Amin and Biswas [43] found that the scheme in [33] is required to concentrate on redundancy. Wu et al. [31] highlighted specific security weaknesses such as sensor capture attacks, and impersonation attacks in He et al. [32]. On the other hand, Khalid et al. [33] revealed that Wu et al.'s [35] system lacks appropriate online registration and password change phases for sensor nodes. Ali et al. [36] and Lee et al. [28] are found to be vulnerable to impersonations, robbed smart-cards, ephemeral secret leaking (ESL), privileged insider attacks, and a Denial-of-Service (DoS) attack. Sadukhan et al. [37] does not lacks anonymity, traceability, and dynamic node addition. Furthermore, Yuan et al.'s [29] was found to be vulnerable to offline password guessing, privileged insider attacks, and gate-way node impersonation attacks. In addition, it cannot provide query response protection. Moghadam et al. [39] and Haseeb et al. [44] are vulnerable to an insider attack, session key attack, and do not provide confidentiality. Vangala et al. [45] and Rangwani et al. [41] were subsequently broken by Ali et al. [36], who pointed out that the schemes are vulnerable to offline password guessing attack, identity guessing attack, and user tracking attack. Nevertheless, the analysis that identifies several attacks in the current authentication scheme has not been considered by the researchers (e.g., offline password/identity guessing attacks, sensor capture attacks, and impersonation attacks). In addition, the methods are vulnerable to inefficient authentication phases. In agriculture, wireless communication messages are transferred and received substantially at higher network entity computations than the local network entity computations. Therefore, transmission and reception expenses increase as network unit distance increases. As a result, the GWNs suffer high communication overhead, leading to slow shutdown or crash due to many users and sensors management in large-scale WSN. Several alternative architectures with single-gateway architecture for agriculture environment are proposed previously. These single-gateway systems have low fault tolerance, as the gateway acts as a single point of failure, thus making it vulnerable to external attacks. Therefore, an efficient multi-gateway authentication scheme for agriculture is needed to address these issues [7], because insecure communication between the smart devices, gateways, and users makes the IoT agriculture environment vulnerable to various potential attacks. Several Internet of Things (IoT) smart devices, e.g., sensor nodes, can be deployed to monitor the agricultural environment in smart farming. The drones can be further utilized to collect the data sensed by the IoT smart devices, and even sometimes, they can directly collect the information from the specific agriculture fields. However, inse-cure communication between the sensor nodes, gateways, and agriculture professionals makes the IoT agriculture environment vulnerable to various potential attacks, including replay, impersonation, man-in-the-middle, privileged-insider, and physical smart devices and drones capture attacks [46]. Apart from these, anonymity and mutual authentication properties to be highly maintained is essentially required. An adversary cannot trace the entities sending the data securely to the control room via a gateway. Therefore, to address the above issues, we propose a multi-gateway authentication scheme with the three factors being the identity, password, and personal biometrics for agriculture WSN. The proposed scheme relies mainly on the fuzzy extractor method. We have also provided the simulation of our scheme using AVISPA, a powerful validation tool for network security applications, and showed that our scheme is safe against popularly known attacks. Similarly, the BAN logic is utilized to prove the secure mutual authentication between entities.

Security Requirements
The integration of WSN in low power agriculture for the internet and society 5.0 requires adequate security mechanisms, which can offer essential safety safeguards for WSN applications, equipment, and communications in agriculture. The conventional Internet connections require sufficient security to use end-to-end communications between lowpower farm WSN sensing devices and other external or internet companies. According to recent studies in [2,3,5,16,21,40,47,48] about the security of smart agriculture, the agriculture WSN authentication scheme must satisfy the security and functionality of agriculture WSN in Society 5.0. These security and functionality requirements are as following: • Network Attacks: The WSN authentication scheme for agriculture must resist several attacks, such as an offline password guess attack, the user impersonation attack, the node impersonation attack, the modification attack, the man-in-the-middle attack, and the replay attack.

Single-Gateway Model
Many researchers have utilized the single communication model to design a user authentication for WSN. The model, as shown in Figure 3, includes user, gateway, and sensor nodes. In the model, the user can access the desired sensor node after registering himself/herself into the GWN. However, the model user can only access the sensor nodes that are deployed within the local network. Furthermore, a user cannot access any sensor nodes that are deployed in the different agriculture fields, especially in large-scale environments. The user first sends an authentication message to the gateway; the gateway then sends the message to the deployed sensor. Later, the sensor node sends back the message to the gateway, and it forwards the message to the user whether the user was granted access or not.

Multi-Gateway Model
Amin and Biswas [43], and H. Guo [49] proposed a multi-gateway communication model, including users, gateway nodes (GWNs), and sensor nodes. Here, we divide gateway nodes into two categories: home gateway nodes (HGWN) and foreign gateway nodes (FGWN) according to the distance to other nodes-relatively close gateway nodes are called HGWNs, and the rest of them are called FGWNs. Sensors and gateway nodes are stationary after they are placed. The computing power of the gateway nodes is powerful, while sensors have low memory, low bandwidth, low battery power and limited computing power. Sensor nodes monitor and collect data, then send the sensed data to the nearest gateway node, i.e., HGWN. The HGWN forwards the received data to other FGWNs, users or sensors. For example, when a user wants to communicate with a sensor node, they need to authenticate each other.
As shown in Figure 4, if the user and the sensor belong to a home network managed by the same HGWN, the authentication process is as follows: Case 1; Firstly, the user sends a login message to HGWN. Second, HGWN authenticates the user and sends a message to the sensor node. Then, the sensor authenticates HGWN and returns messages to HGWN. After HGWN completes the authentication, it returns messages to the user. Finally, the user completes the authentication of HGWN and computes a session key with the sensor and HGWN. When a user wants to communicate with a sensor node in different networks, the detailed steps are shown in Figure 3. We describe the process as follows: Case 2; The user Ui sends a login message to its HGWN. The HGWN then broadcasts request messages to the sensor node that the user wants to request for a communication. After FGWN receives the broadcast messages, it checks whether the sensor node is in its database. If so, FGWN sends a message to HGWN. The HGWN returns reply messages to the user. Finally, the user and FGWN perform mutual authentication and negotiate the session key as shown in Figure 4.

Fuzzy Extractor
This section provides a brief explanation of fuzzy extractors to clarify the procedure of the algorithm. In a Fuzzy extractor, there are two main procedures: a reproduction procedure referred to as (Rep), and a generation procedure referred to as (Gen). The two procedures are described as follows: • Gen: the input of this procedure is the user biometric BIO i . Furthermore, the outputs are the key to the biometric σ i and the public parameter. Thus, the procedure function can be represented as Gen(BIO i ) = (σ i , τ i ) where τ i is the error tolerance threshold. • Rep: This procedure retrieves the biometric key σ i form corresponding auxiliary string τ i and the user biometric BIO i , where the function can be represented as Rep(BIO i , τ i ) = σ i . This provides the error tolerance threshold τ greater than the Hamming distance between the original input of BIO i and the retrieved biometric BIO i .
However, the polynomial-time running of the Gen and Rep procedures is efficiently robust to the fuzzy extractor algorithm. Furthermore, recovering σ i from the input of the biometric BIO i alongside the string of the auxiliary τ i by an attacker is difficult. Thus, the fuzzy extractor algorithm is highly secured.

Proposed Scheme
The following section proposes a new multi-gateway authentication scheme for agriculture wireless sensor networks, as shown in Figure 5. The proposed scheme uses the smart card, password, and personal biometrics as authentication factors. There are four phases involved in the proposed scheme (e.g., pre-deployment phase, agriculture/sensor registration phase, login phase, and authentication phase). In Table 2, the used notations in the proposed scheme are illustrated. As mentioned in the literature review, a unique property of biometrics enables its use in authentication protocols. Using biometric keys with low-entropy passwords makes it difficult to fake or exchange, including the inability to be lost or forgotten. As a result, guessing biometric keys becomes a complex problem. This study makes use of a robust fuzzy extractor. Finally, the WSN's sensor nodes, the GWNs, and the users are synchronized and use the timestamp to withstand the replay attack.
One-way hash function.

(Gen)
Generation procedure of fuzzy extractor.

(Rep)
Reproduction procedure of fuzzy extractor. Exclusive-OR.

Pre-Deployment Phase
The system parameters are selected in this phase, and it pre-loads information in deployed sensor nodes and gateways before being deployed in a target field. This phase is carried out in a stand-alone mode. The system administrator (SA) is responsible for and manages the pre-deployment phase. Each cluster has n sensor nodes that are deployed randomly or manually in the preceding stage with a target field; each cluster also contains (HGWN). In this work, we assume that every sensor node chooses the nearest HGWN. The SA, on the other hand, selects the system parameters in the following manner:

1.
Sensor node pre-deployment: • The SA randomly chooses a unique identity SN ID and master key SN MSK . For each deployed sensor node in the cluster (1 ≤ j ≤ m), then, SA calculates A j = h(SN ID SN MSK ) for each sensor node. It also generates a distinct master key SN MSK , with all the generated A j , which are distinct throughout the WSN. Now, the credentials (SN ID , A j ) are pre-loaded into the sensor node memory within its corresponding cluster priorly.

2.
Gateway Pre-deployment: • First, the gateway selects an identity GW ID , and GW MSK as gateway master key for the deployed GWNs in the cluster. In the proposed scheme, there are two different GWNs: HGWNs, those located in a specific cluster, and those located outside a cluster called FGWN. The SA then generates an identity HGW ID and HGW MSK as gateway master key. The same goes for the FGWN generating FGW ID and FGW MSK . • Later, the SA computes A HGW N = h(HGW ID SN ID HGW MSK ) ⊕ h(SN ID SN MSK ) for all n sensor nodes SN i within HGWN, for example. The SA finally pre-loads the information HGW ID , (SN ID , A HGW N ) ≤ j ≤ m,HGW MSK into the memory of the HGWN priorly to its deployment in the target field.

Registration Phase
After the pre-deployment phase of the sensor nodes in the targeted agriculture field, the sensors are transmitted to the registered legal professional via HGWN and FGWN. The sensors and agriculture professionals must be registered with SA to access the desired services. The following sections outline how to register a sensor node and an agriculture professional: • User/agriculture professional registration: Before participating in any communication during this phase, the user or agriculture professional must register with one of the GWNs. Assuming that the user chooses to register with HGWN, he or she must follow the steps outlined in Figure 6: -Agriculture Professional chooses U ID as an identity and U PW , which is the password, and a random number R to computes PID i = h(U ID R) and PWR i = h(U PW R). Then, the parameters PID i , PWR i are securely transmitted to the SA as a registration request.

-
The SA receives the message and generates an identity TID i , which is 160-bit to where t is the error tolerance threshold. Finally, it sends the message to the user Ui via a secure channel.

-
Now that the user U i receives the embedded smart-card from SA securely, the U i imprints their fingerprint U BIO at the sensor of a specific terminal and computes Gen(U BIO ) = (σ, τ), which σ is the key of the biometric data and σ is the parameter. Then, the U i computes . U i stores τ, T i and S i in the smart-card SC. The U i then replaces A th withA * th , and A t f with A * i f in the stored information of SC. The stored data will be as However, the pair (PID i , TID i ) are stored in the database of the corresponding HG-WNs to the Ui and also sores them into all FGWNs by the SA if the user desires to access services from any sensor node through the FGWNs. • Newly Joined Sensors: The newly joined sensor node must be registered with the SA for further communication services in this phase. The phase is performed after being deployed priorly in the pre-deployment phase. Figure 7 shows the steps of newly joined sensors. As we mentioned above, each sensor in the cluster has the information (SN ID , A j ) in its memory. Thus, to register the sensor node SNi into the SA, the sensor is required to apply the following steps: -Firstly, the sensor SN i chooses an identity (SN n ID ), and a random number r sn is generated for each sensor to compute N SN = h(SN n ID r sn ), and M SN = h(N SN r sn ). Then, the sensor sends N SN to the SA securely.
-Now, the SA receives the message and obtain a new sensor identity SN n ID and generate a master key SN n MSK for the newly joined sensor. Then, it calculates A n j = h(SN n ID SN n MSK ) and loads the (A n j , SN n ID ) into the sensor memory within its corresponding cluster.

Login Phase
This phase enables the agriculture professional to authenticate to HGWNs using the smart-card SC. After inserting the smart-card into a specific card reader terminal, the SC transmits the login request message to the HGWNs by performing the following steps, which are shown in Figure 8: • Firstly, the agriculture user inserts their smart-card and inputs the username U ID , password U PW and imprints their biometric U BIO at the sensor. Then, the smartcard calculates using the error tolerance thresholds value τ, Otherwise, the SC authenticates the user and generates a random nonce N i and calculates a secret key

Authentication Phase
When the HGWN receives the login message, it checks to see if the SN ID is stored in the HGWN database. If SN ID is in the database, Case 1 will be down. Otherwise, it performs Case 2. Figures 9 and 10 depict distinct procedures individually for the two cases. Case 1: • The HGWN verifies the TS 1 by selecting a new timestamp TS 2 to check the fresh- where D SK i depicts the decryption of a symmetric key using the key SK i . After retrieving the information, HGWN verifies the timestamp |TS * 1 − TS 1 | ≤ T, where TS 1 is the message receiving time. If it holds, HGWN checks HGW * ID = HGW ID , and SN * ID = SN ID , and if these parameters are valid, it computes W does not hold, it terminates the session. Otherwise, it selects a random nonce N j to compute a shared secret key with the sensor node , and sends an authentication message M 2 = SN ID , CT j to the sensor node via a public channel. • The sensor node SN i receives the message and decrypts CT j = D A j [HGW ID , SN ID , PID i , N * i , N j , P i , TS 2 ] using the stored key A j = h(SN ID SN MSK ) stored in the memory to obtain the information. Later, SNi checks the freshness of the timestamp |TS 2 − TS * 2 | ≤, where TS * 2 is the message M 2 received time, if not fresh, terminates the session; otherwise, it computes P * i = h(PID i N j N i TS 2 ) and checksP * i = P i , if it does not hold, SN i terminates the session. After that, if it holds, it ensures that U i and SN i share the same session key and store it for the future communication.
Case 2: , then it extracts PID i corresponding to TID i and generates a nonce number N f , and computes , using the key A j to obtain information. Then, it checks the freshness of the timestamp |TS * 4 − TS 4 | ≤ T, and checks SN * ID = SN ID . If holds, The FGWN receives M 6 , it checks the freshness of the timestamp TS 5 , and computes ] to obtain information. After retrieving the data, it checks the freshness of the timestamps TS 6 . Furthermore, the sensor identity is SN ID . If it holds, U i generates a random nonce Nc u and computes D i = h(PID i N f Nc * f Nc u ), and also computes shared session key as SK U→SN

Proof of Authentication Using BAN Logic
This section applies the Burrows-Abadi-Needham logic (BAN) to the proposed scheme to conduct a formal analysis. The BAN logic [50,51] is used widely to ensure the security of the key agreement-based authentication protocol [24,29,44]. First, communication parties establish the protocol's accuracy: the user Ui and the sensor node Sn, which exchange a freshly formed session key after the execution of the protocol. We begin by illustrating the BAN logic with the following specific notations: • P| ≡ X: The principal P is convinced that the announcement X is valid. • P X: P examines X, which indicates that P has received a message containing X that can be read by P. • P| ∼ X: : P once stated X, which signifies that P| X as P once said it sometime. • P| ⇒ X: P commands X completely, believing X is trustworthy (Jurisdiction over X).
• #(X): Because the message X is new, no entity has previously sent a message containing X.
• P| ≡ Q SK ← → P: P and Q communicate via SK (shared key).
• P SK ← → Q : P and Q share SK as a secret. • < X > Y : In conjunction with the formula Y, the formula X is utilized. • (X): X is a hashed value in the formula. • (X, Y): After that, the X and Y formulae are concatenated and hashed. • (X, Y) k : Using the key k to hash the formulae X and Y.
In the light of forgoing explanation of specific notations, we present the following rules for formalizing the logical postulates of BAN logic: Message meaning rule: For shared secret keys (Rule 1): it believes k is shared with Q and sees X is encrypted under k. Nonce verification rule (Rule 2): If P believes X was recently expressed (freshness) and Q once said X, P believes that Q believes X. Jurisdiction rule (Rule 3): If P believes that Q has jurisdiction over X and Q believes that a file contains X, P believes X as well. Freshness rule (Rule 4): If one of the components in the formula is known to be fresh, the complete formula must be fresh. Belief rule (Rule 5): If P believes that Q believes in the message set (X, Y), then P also believes that Q believes in message X. Session key rule: For shared secret keys (Rule 6): If P believes the shared session key is fresh, P and Q are said to believe X. The session key k with Q is then believed by P. Hence, the proposed scheme should meet the following goals, according to the BAN logic's analytic procedures: Additionally, we demonstrate the robustness of the present scheme based on BAN logic rules by showing that Ui and SNj have the same shared SK session key to communicate securely while still accomplishing the required goals under initial assumptions. The following are the descriptions of the inside information: We might get the following based on message 1: S1 : HGW N HGW I D, SN ID , W i , N i , TS 1 .
We apply the message meaning rule to S1 and Assumption C1 to get: Then, we use the freshness conjunctenation rule and the nonce verification rule to get the final observations based on assumptions A2 and Step 2: When B1, S3, and the jurisdiction rule are applied, we get: We apply the session key rule to the assumptions A2 and S3 to get: The nonce verification rule and jurisdiction rule are applied to S5 and assumption A2 to obtain:

← → HGW N). (Goal 2)
We could obtain the following from message 2: If we apply the message meaning rule to C2, S7, we get: The freshness conjunctenation rule and nonce verification rule are applied to assumptions A3 and S8 to obtain: S9 : SNj| ≡ HGW N| ≡ N j .
We use the jurisdiction rule to get the following results from Step 9 and B2: S10 : SN j | ≡ N j S9 and A3 are combined with the session key rule to produce: S11 : SNj|HGW N(SK)SNj. (Goal 3) S11 and assumption A3 are applied to the nonce verification rule to achieve: We may get the following from message 3: We apply the message meaning rule to S13 and assumption C3 to get: The freshness conjunctenation rule and nonce verification rule are applied to assumptions A2 and S14 to obtain: S15 : HGW N| ≡ SN j | ≡ N j .
We apply the jurisdiction rule in S15 and B3 to obtain: S16 : HGW N| ≡ N j .
We apply the session key rule to the assumptions A2 and S15 to obtain: S17 : HGW N| ≡ (SNj

← → HGW N). (Goal 5)
We use the nonce verification rule to derive the following result from S17 and assumption A2: S18 : HGW N| ≡ SNj| ≡ SNj SK ← → HGW N. (Goal 6) We might get the following based on message 4: S19 : Ui HGW ID , SN ID , PID * i , N j , N j , TS 4 We apply the message meaning rule to S19 and assumption C4 to obtain: Applying the freshness concatenation and nonce verification rules to assumptions A1 and S20, we obtain: S21 : Ui| ≡ HGW N| ≡ N j .
We obtain jurisdiction by using the jurisdiction rule in line with B4 and S21: We use the session key rule-following A1 and S21 to achieve: We use the nonce verification rule to derive the following result from S23 and assumption A1: S24 : Ui| ≡ HGW N| ≡ (HGW N SK

← → Ui). (Goal 8)
According to message 5, we might be able to obtain: S25 and assumption C9 are subjected to the message meaning rule to obtain: From S26, we apply the nonce verification rule to get: We use the jurisdiction rule to get the following from S27 and B8: According to S27 and S28, the session key rule is applied, and we get:

← → FGW N). (Goal 9)
According to S29, we apply the nonce verification rule to get: We might be able to access this based on message 6: S31 : HGW N A th , HGW ID :< PID i , FGW ID > A t f , PID i .
Using the message meaning rule with S31 and Assumption C10, and we get at: We use the nonce verification rule to get the following observations from S32: We apply the jurisdiction rule to S33 and B9 to obtain: According to S33 and S34, the session key rule is applied, we get:

← → HGW N). (Goal 12)
We might be able to obtain this based on message 7: We apply the message meaning rule to S37 and assumption C5 to obtain: Applying the freshness conjuncatenation and nonce verification rules to assumptions A4 and S38, we obtain: S39 : Ui| ≡ HGW N| ≡ N j .
We apply the jurisdiction rule by B9 and S39 to get: We apply the session key rule-following A1, A4, and Step 40 to obtain: We apply the nonce verification rule to Step 41 and assumption A1 to get: We may obtain according to message 8: We use the message meaning rule from S43 and assumption C10: We apply the freshness conjuncatenation rule and the nonce verification rule from assumptions A4 and S44 to: S45 : FGW N| ≡ Ui| ≡ N * i From S45 and B5, we apply the rule of competence to obtain: The session key rule is applied according to A4 and S45 and 46; thus, we obtain:

← → FGW N). (Goal 14)
We may obtain according to message 9: We apply the message meaning rule according to C2, B5, and S49: We apply the freshness conjuncatenation rules and the nonce verification rule for assumptions A3 and S50: S51 : SNj| ≡ FGW N| ≡ N f , Nc * f . We use the rule of jurisdiction to obtain the following S51 and B6 results: From S52 and A3 and to obtain the key session rule:

← → SNj. (Goal 15)
From S52 and A3 and to obtain the key session rule: According to message 10, we could get: From S55 and assumption C7, we use the message meaning rule: We obtain by applying the freshness conjuncatenation and nonce verification rules to assumptions A4 and S56: We apply the jurisdiction rule-following S57 and B7 to obtain: We apply the session key rule to the assumptions A4 and S58 to obtain:

← → FGW N). (Goal 17)
We obtain by applying the nonce verification rule to S59 and assumption A4: According to message 11, we might be able to obtain: We apply the message meaning rule to Step 61 and assumption C8 to obtain: We obtain by applying the freshness conjuncatenation and nonce verification rules to the assumptions A1 and S62: S63 : Ui| ≡ FGW N| ≡ Nc * f . We apply the jurisdiction rule by A1 and S63 to get: We apply the session key rule by A1 and S63 and S64 to achieve: Applying the nonce verification rule to S65 and assumption A1, we obtain:

Formal Security Verification Using AVISPA Tool
This section demonstrates the proposed scheme's security validation using the AVISPA tool, a widely used and well-known security validation tool [52]. The security verification code was written using the AVISPA tool based on High-Level Protocol Specification Language (HLPSL). It is a role-oriented language composed of primary roles that define each participant system and composition roles representing scenarios connected to fundamental roles [53]. The intruder, who is always represented by "I" and explained using the Dolev-Yao model, also plays a special role. The intruder plays a critical part in implementing the protocol and interacts with several other functions in the system. Using the HLPSL2IF translator, the HLPSL protocol specification is transformed into an intermediate format (IF). After that, the intermediate format is examined using one of four different backends: CL-AtSe, OFMC, SATMC, or TA4SP. Each backend uses a variety of automated analytical tools to detect potential attacks against known models.

Specifying Scheme Roles
This section shows our scheme employing HLPSL in two scenarios. The first scenario, as shown in Figures 11-14, carries out the basic functions of UI's, SA's, HWGN, and SNj sensor nodes during the user registration, log-in and authentication, and key agreement phases (Case 1). In the second scenario, we integrated user roles Ui, SA, HWGN, and sensor node SNj throughout the user registration, log-in and authentication phase, and key agreement phase (Case 2).
The details of the role of the initiator, the user Ui, are shown in Figure 11 for Case 1. The start signal is first received by Ui, which changes its state from 0 to 1. The variable status is used to keep track of the current state. Using the SND() function, Ui securely provides PIDi, PWRi to the SA during the registration phase of the user. The SCi smart card is received in Ui from the SA containing information (IDGWNh, Aih), (IDGWNf, Aif), TIDi, Gen (.), Rep(.), h (.) and t, changing the status from 1 to 2. Ui delivers the log-in request message M1 = IDSNj, TIDi, Ci to the HGWN across an open channel during the log-in phase. The secret declaration (X, id, A) states that the protocol identification of agent A is id. The information X is kept secret from agent A. For example, secret (IDi, PWRi, BIOi, sp1, Ui) implies that IDi, PWi, and secret number R are kept secret from Ui only, as determined by the protocol identifier sp1. Declaration witness (Ui, HGWN, ui hgwn ru, TS1') implies that Ui recently generated the HGWN timestamp TS1. During the authentication and key agreement phases, Ui gets the acknowledgment message M3 = hIDSNj, Gi, Hi, TS3i through a public channel from the sensor node SNj and updates its state from 2 to 3. Finally, Ui checks SNj's authenticity by comparing SNj's timestamp TS3 to the randomly generated nonce RNj generated by the declaration request (SNj, Ui, sn ui rk, RNj'). Notably, the type declaration channel (dy) reflects the communication channel using the Dolev-Yao threat model, implying that an intruder can view, intercept, or change messages sent via an insecure public channel. Sentence A denotes that the function is carried out by the agent identified by variable A. Similarly, Figure 12 shows the role of the home gateway role in HLPSL. The role starts by receiving the message (IDSNj.TIDi'.IDGWNh.IDSNj.H(H(IDi.R).TIDi'.RNi'). RNi'.TS1' _H(IDGWNh.H(IDi.R).MKGWNh)) from the user Ui using the operation Rcv (). The declaration secret (IDi, PWi, R, sp1, Ui ) indicates that the values IDi, PWi, R sent secularly to the user Ui using the protocol sp1. While the statement secret (IDGWNh, sp2, Ui, SA, HGWN) specifies the identity of the home gateway among the Ui and SA by the HGWN using protocol ID sp2. Furthermore, the indication secret (MKGWNh, sp3, SA, HGWN) shows that the master key is shared between the SA and the HGWN. While the identity of the foreign gateway is shared securely using the declaration secret (IDGWNf, sp4, Ui, SA, FGWN) amongst the Ui, and SA using the protocol ID sp4. The foreign gateway shares its master key with SA using the declaration secret (MKGWNf, sp5, SA, FGWN). Later, the home gateway sends the message (IDSNj.Fi') to the sensor using Snd(). The declaration witness (HGWN, SNj, hgwn_sn_rf, TS2') indicates that the HGWN freshly generates TS2' for the SNj. Furthermore, the HGWN is freshly generating random nonce RNi' for the sensor using the declaration witness (HGWN, SNj, hgwn_sn_tsf, RNk'). The HGWN accepts the legitimacy of the Ui by checking the freshness of the TS1 using the declaration request (Ui, HGWN, ui_hgwn_ru, TS1'), and also accepts the legitimacy of the user by checking RNi' through the indication request (Ui, HGWN, ui_hgwn_tsu, RNi'). In Figure 13, the role of the sensor node in HLPSL is illustrated. The role starts by receiving the message (IDSNj.IDGWNh.IDSNj.H(xor(H(IDi.K), RNi')). RNi' .RNk'.H(H(xor (H(IDi.K), RNi')). RNi'.RNk'.TS2').TS2'_H(IDSNj.MKSNj)) from the HGWN using the operation Rcv (). However, the role indicates the values IDi, PWi, R are shared securely to the user using the declarations secret (IDi, PWi, R, sp1, Ui). The declarations secret (IDGWNh, sp2, Ui, SA, HGWN), and secret (IDGWNf, sp4, Ui, SA, FGWN) specify that the identity of the home and foreign gateway is shared secretly among the Ui, and the SA. While the expressions secret (MKGWNh, sp3, SA, HGWN, and secret(MKGWNf, sp5, SA, FGWN) show that the master key of the home and foreign gateways is shared securely to the user Ui. Likewise, the user believes that the sensor freshly generates TS3', and RNj' for user. The user also acknowledges the HGWN's legality by confirming the TS2' timestamp using the declaration request (HGWN, SNj, hgwn sn rf, TS2'), and by validating the RNk's random nonce with the declaration request (HGWN, SNj, hgwn sn tsf, RNk'). The role of system administrator in HLPSL is shown in Figure 14 Figure 15 shows the session, goal, and environmental roles of the proposed scheme. All primary roles of the session, including user, sa, hgwn, and sensor, are instances with concrete arguments. The HLPSL specification continually defines the top-level role (envi-ronment). In addition, the proposed scheme has implemented five secrecy goals and three authentication goals: Secrecy Goals: secrecy_of sp1: Indicates that the IDi, PWRi, and BIOi are kept secret to the Ui. secrecy_of sp2: States that the IDGWNh is shared securely to the Ui, SA, and HGWN. secrecy_of sp3: This shows that the MKGWNh is kept secret to the SA and HGWN. secrecy_of sp4: Indicates that the IDGWNf is shared among Ui, SA, and FGWN. secrecy_of sp5: Indicates that the MKGWNf is kept secret to the SA and FGWN. Authentication Goals: authentication_on ui_hgwn_ru, ui_hgwn_tsu: It indicates that the user Ui generates TS1' and RNi; which are freshly generated and perform a strong authentication with HGWNbased validity of these values. authentication_on hgwn_sn_rf, hgwn_sn_tsf: It indicates that HGWN generates TS2' and RNK' freshly for the sensor and performs a strong authentication of the parameter's freshness. authentication_on sn_ui_rk, sn_ui_tsk: It shows that the sensor generates a fresh TS3' and RNj' for the user and performs a strong authentication based on the validity of the values.
1 Figure 15. The role session, environment, and goals in HLPSL.

Results and Discussion
In this section, we provide a comprehensive discussion on the security and functional results of the proposed scheme with the related user authentication schemes applied for agriculture WSNs, such as D. Rangwani et al. [41], Dhillon and Kalra [38], J. Lee et al. [28], and A.Vangala et al. [45]. We first provide the results of the AVISPA tool presented in the earlier Section 2.7. Then, a theoretical security analysis on the way of providing security protection against various attacks is discussed. Finally, it illustrates the functionality of the proposed scheme in terms of communication and computation costs against other exiting authentication schemes.

The AVISPA Results
In the OFMC and CL-AtSe back-ends, the SPAN tool simulated the proposed scheme for both cases (Case 1 and Case 2) using AVISPA tool. The following evaluations are carried out in our scheme in both cases: • Executability check on non-trivial HLPSL specifications: The proposed protocol model may not be completed due to modeling errors. As a result, the state unreachability of critical states in which an attack can occur, the AVISPA back-ends may not identify an attack, as mentioned in the protocol model. Consequently, an executability test is essential. Our initial HLPSL implementation shows that the executability test objectives in Figures 11-14 are met in both cases. • Replay attack check: The OFMC and CL-AtSe back-ends search for a passive intruder to determine whether authentic agents can execute the specified protocol. The simulation results shown in Figures 16 and 17 reveal that our scheme is secure against replay attacks in both cases. • Dolev-Yao model check: The AVISPA simulation, built on the OFMC and CLAtSe back-ends, detects man-in-the-middle and replay attacks. Figures 16 and 17 indicate indisputably that our scheme is secure when employed with these back-ends.

Security Features
This section details the proposed security analysis of security properties and resistance to various attacks against existing agriculture professional authentication schemes. It shows that the proposed scheme can resist a variety of security attacks and withstand multiple security features. Table 3 shows the comparison of the proposed scheme against other selected works in terms of security features. For example, it indicates that D. Rangwani et al. [41] and A.Vangala et al. [45] schemes are vulnerable to identity guessing, gateway, and sensor impersonation attacks. Furthermore, the A.Vangala et al. [45] scheme is vulnerable to sensor capture attack and does not guaranteed forward secrecy. However, the D. Rangwani et al. [41] and A.Vangala et al. [45] schemes have not considered the multigateway environment. Likewise, the work of Dhillon and Kalra [38] is vulnerable to insider attacks, user identity guessing attacks, session key attacks, sensor capture attacks, and offline guessing attacks. Furthermore, Dhillon and Kalra [38] did not consider security features such as forward secrecy, untraceability, and multi-gateway supports. Furthermore, work of J. Lee et al. [28] is vulnerable to insider attacks, gateway impersonation attacks, DoS attacks, and sensor capture attacks.  • Insider attack: The adversary gets the user's lost/stolen card and obtains the information (HGW I D, A * th ), (FGW ID , A * i f ), TID i , Gen(.), Rep(.), h(.), t, τ, T i , S i that is stored in the smart card. Even if the SA is trusted, information can be obtained PID i and PWR i by a malicious insider. Nevertheless, if the value T i = h(U I D)R is calculated with 1024-bit large secret number R; the attacker needs R to guess the user information U ID , and U PW , which only the user Ui knows about it. Additionally, the attacker must know the biometric key data, if he/she wants to derive R, which is computationally infeasible to guess when compared to low-entropy passwords. Since the attacker cannot correctly guess U ID , and U PW ,, therefore, the proposed scheme is secure against insider attacks.

•
Agriculture professional identity-guessing attack: As mentioned above, the SA knows the user information U ID , and U PW during the registration phase and in case of the adversary with malicious insider attack, the SA knows about it while sending requests for registration. To obtain the identity of the user U ID from PID i = h(U ID R), the attacker is required to know R. Furthermore, if the attackers intercept the messages , and tries to calculate the message M 2 = SN ID , CT j to send to the SNi. If the sensor accepts the message, the attacker will impersonate the news as a legitimate gateway. However, this is not possible in our proposed scheme since the letter is attached with a fresh timestamp TS 2 and cannot pass the verification even if the adversary successfully generates a nonce N j . Further, the attacker needs to compute the CT j through the use of the secret key to encrypt additional parameters SK j = h(HGW ID SN ID HGW MSK ) = h(SN ID SN MSK ) that are shared between gateway and sensor. The SK j is unknown to the attacker with N j , and PID i to compute P i . As a result, even if the attacker successfully captures a sensor, he/she will be unable to impersonate a valid HGWN. As a result, the proposed scheme is resistant to a gateway impersonation attack. • IoT smart device impersonation attack: The adversary must construct a valid message to impersonate the sensor node SN and deceive the HGWN, say M 3 = SN ID , B i , Z i , TS 3 throughout the authentication phase, and make additional efforts to create a message M 3 via the public channel. The attacker needs PID i , and N j . As a result, the adversary cannot pose as a valid sensor node SN in the proposed system, preventing sensor node impersonation attacks. • Agriculture professional impersonation attack: To impersonate the user U i as a valid user, assume that the adversary eavesdrops on the message . Assume the attacker attempts to construct another valid log-in request message, compelling the adversary to authenticate to the HGWN. To accomplish this, the adversary must know PID * i , which is impossible without the secret R * . Assume the adversary gets the N i , and TS 1 , but cannot generate CT i = E SK i [HGW ID , SN ID , W i , N i , TS 1 ] because he/she does not have access to the shared User/HGWN Secret Key SK i . As a result, a user impersonation attack can be used against the proposed scheme. • Denial of service attack: Assume the attacker has the lost/stolen smart card of the user U i ; he/she cannot have the user information username U ID , password U PW and imprints of their biometric U BIO . Furthermore, the smart card compute σ * i = Rep(U BIO , τ) using the error tolerance thresholds value τ, After that, the smart card checks the validity of R * i = R i . Therefore, without having valid user information, the validation will fail. Similarly, the adversary cannot update the smart card's stored secret credentials without access to user information. As a result, the proposed scheme protects against denial of service attacks.
• Session Key attack: The shared session key is established during the authentication step by the user Ui and the sensor node SK U→SN = h(HGW ID SN ID PID i N j ), which includes PID i = h(U ID R), and random nonce N j . In both cases, these parameters are protected using a one-way hash function, which means that an attacker cannot obtain the session key without knowing the secret parameters of the session key. Therefore, the session key attack is resisted in the proposed scheme. • Offline guessing attack: Assume that the user password U PW is guessed by the adversary, he/she will not be able to generate a valid authentication request . Because the adversary does not have the PID i , and N j and cannot forge the user biometric U BIO . Even if the adversary generates N j , they still will not be able to compute CT j , because he/she does not know the secret key SK j . Therefore, the proposed scheme is resilient against offline guessing attacks. • Replay attack: Assume that the adversary intercepts the messages The adversary will be unable to replay the message, as each message contains timestamps and a random nonce, both of which are verified by the recipient before any message processing. Thus, the receiver can determine an older message by comparing the timestamp to the timestamp of the current system. As a result, the proposed scheme prevents replay attacks. • Man-in-the-middle attack: Assume that the adversary intercepts the messages , and tries to tamper with the content before passing it to the receiver so that the receiver will not be aware of the modified messages. In the proposed scheme, the messages are encrypted, , which involves random nonce, timestamp, and PID i . The receiver checks the condition of the timestamp and random nonce before any processing of the received message. Furthermore, the parameters are encrypted using the shared key SK j , which is computationally infeasible for the attacker to generate and obtain the parameters. If the attacker generates the secret key, he/she does not know PID * i = h(U ID R * ) because it is protected using a oneway hash function and involves a secret value R * . Therefore, the proposed scheme withstands a man-in-the-middle attack. • Smart card stolen attack: Assume that an attacker steals the user's smart-card SC and extracts the value TID i , σ, T i and S i . The attacker will not be able to compute T i = h(U ID σ) ⊕ R, S i = h(PID i PWR i σ) since they are computed using the biometric key data. Furthermore, the adversary cannot compute PID i = h(U ID R) because it is protected using a one-way hash function. Thus, without knowing the user information, the adversary cannot generate the login message. Therefore. the proposed scheme protects against smart card stolen attacks. • Sensor Capture attack: In a harsh environment, the attackers quickly capture the sensor nodes. If the attacker captures the node SN, he/she will extract the secret information (SN ID , A j ), where A j = h(SN ID SN MSK ) is computed using the SN MSK , which is a secret value not known to other participants. Therefore, identifying the sensor secured with the one-hash function cannot negatively affect the sensor node nor can it disrupt the authentication process between the agricultural professional and the sensor node. Therefore, the proposed scheme protects against sensor capture attacks. • Agriculture professional/sensor node untraceability: Assume that the attacker eavesdrops on the authentication messages from different sessions and checks whether the messages are the same. If they are the same, both messages are sent by identical identities, e.g., agriculture professional or sensor node. However, despite recording the authentication message and stealing M 1 = [SN ID , TID i , CT i ], M 2 = SN ID , CT j , M 3 = SN ID , B i , Z i , TS 3 , the adversary cannot trace the agriculture professional or the sensor node because these messages are comprised of the random nonces N * i , N j , and timestamps TS 1 , TS 4 , which are generated freshly in every session separately, leading to a new formation of the messages. Therefore, the user anonymity and sensor node cannot be traced. • User anonymity: The adversary in this attack tries to obtain the user information when the messages are transmitted via a public channel in their original form. The user sends the messages, say to the gateway, and the transmitted messages do not contain any identity of the agriculture professionals. Additionally, the messages are sent in encrypted form where CT i = E SK i [HGW ID , SN ID , W i , N i , TS 1 ] using the freshly generated shared secret key. The messages are further formed using an irreversible hash operation. Thus, each message that comes from the same user is different from one session to another. Therefore, the scheme guarantees user anonymity. • Forward secrecy: In the proposed scheme, the long-term key SK i is disclosed to the user only, and the session key is also kept securely. The secret key is computed , and it needs PID i , R * i , and σ * i only known to the user. If the adversary somehow reveals the secret key of both user and gateway, he/she also needs to know PID i , which is protected using a one-way hash function, and the random number R * i . The complexity of guessing the secret key and the random number chosen by the user or sensor node in polynomial time using any powerful computer is amazingly massive and almost impossible. As a result, the proposed scheme preserves forward secrecy.
where D SK i depicts the decryption of a symmetric key using the key SK i . After retrieving the information, HGWN verifies the timestamp |TS * 1 − TS 1 | ≤ T, where TS 1 is the message receiving time. If it holds, it checks HGW * ID = HGW ID , and SN * ID = SN ID , and if these parameters are valid, it computes W * * i = h(PID i TID i N * i ) based on the stored PID i , and TID i , then checks W * * i = W * i . If it does not hold, it terminates the session. The verification will fail here since the validation depends on the one-way hash function. Therefore, mutual authentication is provided in the proposed scheme among all the participants. • Multi-gateway supports: In the proposed scheme, multi-gateways (e.g., HGWN and FGWN) are registered with SA to enable agriculture professionals to authenticate to a sensor node with other fields. When the HGWN receives the login message, it checks if the HGWN database contains SN ID , and performs HGWN authentication (Case 1); otherwise, it performs FGWN authentication (Case 2). Therefore, the proposed scheme supports multi-gateway authentication.

Computation Cost
In Table 4, this subsection compares the proposed scheme in terms of computation cost in the login and authentication phases with other related schemes, e.g., D. Rangwani et al. [41], Dhillon and Kalra [38], J. Lee et al. [28], and A.Vangala et al. [45]. In WSN, the sensor node has the most limited resources such as the user's smart card, sensor node, and GWN (base station). We used the hardware platform primarily on the previous studies to calculate execution time, including an Intel dual-core processor with a clock speed of 2.20 GHz, Ubuntu 12.04.1 LTS 32-bit Operating System, and 2 GB memory. The approximate execution time for various cryptographic operations by using the cryptography PBC library (version 0.5.12) is based on the GMP Library (version 5.0.5) reported in [41]. The execution time in ms is required for each primitive operation as noted in Table 4. During the login and authentication phase of the A.Vangala et al. [45] scheme, a user requires 13T h + 4T ecm + T eca + T f e = 15.473 ms, an IoT smart device (sensor node) requires 9T h + 4T ecm + T eca = 11.949 ms, and a gateway node requires 12T h + 6T ecm + 2T eca = 4.708 ms. In the Dhillon and Kalra [38] scheme, the user needs to perform 10T h + 1T E/D , and the sensor applies 6T h + 2T (E/D) . In the gateway side, 7T h , and 2T E/D are needed, so, the total computation cost in Dhillon and Kalra [38] is 20.382 ms.
In the D. Rangwani et al. [41] scheme, the user requires 4T H + 2T ecm , and the gateway nodes require 7T H + 1T ecm . Likewise, in the sensor side, the computation cost is 4T H + 1T ecm , thus, the total computation cost in the D. Rangwani et al. [41] scheme can be represented as 15T H + 4T ecm and the estimation time is 8.9730 ms. In the J. Lee et al. [28] scheme, the user needs to perform hash function operation 14T H and one-time fuzzy extractor operation 1T f e . At the sensor side, nine times hash operations 9T H are required. Likewise, five times hash operations 5T H are needed at the gateway side. Therefore, the total computation cost of the J. Lee et al. [28] scheme is 28T H + 1T f e ≡ 27.2743ms. The proposed scheme, on the other hand, has a total computational cost of 17T H + 1T f e + 4T E/D for Case 1, and 19T H + 1T f e + 5T E/D for Case 2. The user is not required to employ symmetric encryption/decryption (e.g., AES) because of the computational efficiency of both the fuzzy extractor operation and symmetric encryption/decryption (e.g., AES). The computational cost of a resource-constrained sensor node is 3T H + 1T E/D in Case 1, whereas it is 4T H + 1T E/D in Case 2. Both the hash function and symmetric encryption/decryption are very efficient, which makes the proposed scheme very efficient for resource-constrained sensor nodes in WSNs. Table 4 compares the computation costs required in different schemes during the "login and authentication phase. For instance, it shows that the A.Vangala et al. [45], Dhillon and Kalra [38], and D. Rangwani et al. [41] require the computation costs 32.13ms, 32.13ms, and 20.4885ms, respectively. According to the comparison, the proposed scheme has less computation cost when compared to the existing schemes. Furthermore, due to the utilization of the fuzzy extractor technique, it provides "superior security and more functionality features when compared with all authentication schemes".

Conclusions
As security breaches become more prevalent, new authentication techniques must incorporate agriculture professionals' biometrics to improve the system's security. To cater for this need, a robust multi-gateway authentication scheme for agriculture WSN is proposed in this paper. The proposed scheme exploits the advantages of the fuzzy extractor to design a secure authentication system. The study proposed a multi-gateway model to overcome single point failure that exists in a single gateway communication model. This paper pointed out that multi-gateway WSN can allow users to access data from multiple sensor areas (a typical IoT deployment). Furthermore, the study added a new joined phase to enable new sensors to join the agriculture field. The proposed scheme is resistant to various known attacks, including the sensor node capture attack, as proved by formal and informal security research. The proposed scheme is secure against replay and man-in-the-middle attacks, as demonstrated by the extensive formal security verification performed using the AVISPA tool. Furthermore, we demonstrated that our scheme is efficient and provides additional functionality as compared to previous schemes through performance results. In terms of performance, the proposed scheme is better suitable for IoT deployment, where devices deployed in agriculture are generally resource constrained. The future works of this research can be summarized as follows: First, this paper provides secure communication for a multi-gateway environment with efficient results. This solution can be extended to enable the environment with different communication methods used in the same area (e.g., Bluetooth, ZigBee, and WiFi) to guard against interference. Second, due to the efficiency of the proposed scheme, it can further be extended to provide secure user authentication to monitor the field progress. Third, we plan to extend the proposed scheme to protect against distributed denial of service attacks (DDoS) that mainly target sensor nodes.