The Internet is initially designed to connect different computers, so that different computers can easily communicate and share data with each other. As time goes on, the Internet is developed to be Internet of Things (IoT) in recent years [1–4]. The IoT is designed to connect different things, and the “thing” means anything can be embedded a chip or sensor to let it has networking or sensing capability. The IoT lets anything connect to the Internet, and thus it accomplishes the communications among people, computers, and things. There are many applications of the IoT. For example: the smart homes, intelligent transportations, and smart grids.
Basically, the IoT architecture can be divided into three layers: a perception layer, a network layer, and an application layer . The three layers are briefly described as follows.
The perception layer uses devices and sensors those can detect, recognize, and communicate the collected the surrounding information such as the temperature, humidity, lights. And, current mobile communication devices use various kinds of sensors, the devices used in the perception layer can also include smart wearable devices which can collect human body information. Therefore, this layer can be seen as five sense organs in a human neural network.
The network layer acts like a bridge between perception layer and application layer. It is responsible for transmitting the information collected from the physical objects through sensors. The transmission can be wired or wireless such as LoRa, ZigBee, or Bluetooth . It also takes the responsibility for connecting the smart things, network devices and networks to each other. Therefore, this layer can be seen as the peripheral nerves in the neural network.
The application layer focuses on how to apply the information collected from the perception and network layers. It defines all applications those use the IoT technology or in which IoT has deployed. The applications of IoT can be smart homes, intelligent transportations, smart grids, and smart healthcare, etc. It has the responsibility to provide the services to the different applications. Therefore, this layer can be seen as the brain in the neural network. And, the brain makes a response after organizing and interpreting the messages from the above layers.
According to the above descriptions, the Wireless Sensor Networks (WSN) [6, 7] plays an important role in IoT applications. Basically, the WSN is a group of sensors deployed in different locations of an area. And, each sensor gathers data and sends it to a central location (such as a gateway or a base station) for the data saving, viewing, or analyzing. However, the WSN transmits data using wireless way (such as RFID, ZigBee, and Bluetooth) [8, 9], so the data can be easily gathered by attackers. To solve the security problem, many authentication and key-agreement schemes for the WSN are proposed in recent years [10–15]. These schemes provide the identity authentication among the sensors, users, and the gateway. In addition, the key agreement provides the encryption/decryption key used in the symmetric-key cryptosystem . In these schemes, the sensors collect the surrounding data and transmit it to a gateway. Then, the gateway relays and analyzes the data between sensors and users. Besides, the gateway can be seen as a manager of the WSN, and it is responsible for the parameter settings and identity authentication for the sensors and users.
To accomplish the above goals, Amin and Biswas  proposed a secure light-weight scheme for user authentication and key agreement in multi-gateway WSN. In their scheme, the user accesses the data through a local gateway in the local WSN area. To access to a foreign WSN in another area, the user can ask the local gateway to communicate with the foreign gateway to get the data. Amin and Biswas’s scheme is a multi-gateway structure, and it can allow the user to access the data through different WSN. Therefore, Amin and Biswas’s scheme is suitable for IoT applications in a wide area such as smart city. In 2021, Kwon et al.  proposed a secure and lightweight mutual authentication scheme for WSN. Kwon et al.’s scheme provides the mutual authentication and key agreement among the user, the gateway, and a sensor on WSN. Kwon et al. claimed that their scheme is securer and more efficient in comparison with the related schemes.
However, we find that the above two schemes have some problems in practice. In Amin and Biswas’s scheme, the gateway does not authenticate the sensor’s identity while a new sensor joins into the WSN. That is, an attacker can easily deploy a malicious sensor to gather the data in the WSN. This causes a serious security problem while the data is confidential in some IoT applications. In addition, Amin and Biswas’s scheme has heavy computation and communication loads to accomplish the multi-gateway structure.
On the other hand, we also find that Kwon et al.’s scheme has the following disadvantages. First, the sensors have to register at the gateway before they are deployed in the WSN. And, the gateway needs to transmit the parameters to the sensors through a secure channel. According to the above description, the registration needs to be finished before the sensors are deployed. And, it cannot be performed in the wireless network environment which is not a secure channel. In some applications, the sensors need to be deployed in WSN dynamically. However, Kwon et al.’s scheme is not suitable for these applications because the registration has to be previously performed in a secure channel. Second, Kwon et al.’s scheme is a single gateway structure in WSN. Compared with Amin and Biswas’s scheme, it can be only applied to a few applications. If we apply Kwon et al.’s scheme to the multi-gateway structure, then the user needs to register to a new gateway again while he wants to access to different WSN. Therefore, Kwon et al.’s scheme is very inefficient for the multi-gateway scenario. Third, Kwon et al. did not design the steps of data transmissions for WSN after the mutual authentication and key agreement had been done. Therefore, their scheme is not a complete version for WSN.
To solve the above-mentioned problems of the related works, I propose a multi-gateway authentication and key-agreement scheme on WSN for IoT in this paper. Compared with the related works, the proposed scheme has less computation and communication loads. In addition, the proposed scheme allows users and sensors to join in the different WSN dynamically. After registering at the system administer (a mainframe of WSN) once, the users can access data through the gateways from different WSN without performing the registration again. Besides, unlike Kwon et al.’s scheme , the proposed scheme provides two additional algorithms for users to access the data from different areas of WSN based on multi-gateway environments. Therefore, the proposed scheme is more complete than Kwon et al.’s scheme for the WSN. Based upon the proposed performance analysis, the computation costs of the proposed scheme are less than those of related works [17–20]. Thus, the proposed scheme can save the sensor’s electricity, and it is energy-efficient for the WSN. According to the above reasons, the proposed scheme is more efficient and practical than the related works for IoT applications.