1. Introduction
Many economies in developing countries are dependent on agriculture as a source of income and contributions to gross domestic product (GDP)
[1]. However, the majority of the farming practices are based on experience and ad hoc insights of the farmers. Consequently, there is little control on the agricultural produce quantity and hence financial profits. Fortunately, precision agriculture (PA) and the Internet of Things (IoT) can be deployed to address these issues
[2][3]. As explained in
[4], PA is part of Agriculture 3.0 in which farm yields are regularly monitored. In addition, PA involves automation and the application of information technology (IT) to improve farm output. In Agriculture 4.0, also referred to as smart agriculture or smart farming, additional technologies such as drones, artificial intelligence (AI), blockchain, big data, wireless sensor networks (WSN), and robotics are incorporated in agriculture. In PA, a number of sensors are deployed, such as radiation, air humidity, optimal, soil moisture, and ground sensors. According to
[5], intelligent precision agriculture (IPA) encompasses the deployment of numerous IoT devices and drones to monitor agricultural surroundings. To boost productivity in the face of limited resources and protection from disasters, traditional agronomy needs to be replaced with smart agronomy
[6]. As discussed in
[7], there are fraud risks in the agricultural sector, especially concerning beverage and food packaging. Therefore, agricultural organizations require ideal certification of their products since these risks can impact negatively on the health of their consumers.
The smart devices deployed in PA and IPA exchange a massive number of messages. Therefore, insecure communication channels among IoT devices, unmanned aerial vehicles (UAVs), or drones can expose smart farming to diverse attacks
[5][8]. For instance, Wi-Fi de-authentication and denial of dervice (DoS) can be launched on Raspberry Pi-based smart farms
[9]. This can have serious consequences as the sensed data are normally processed to help determine the agricultural field status and facilitate decision-making, which may involve taking measures to maintain or enhance the farm status
[10]. These attacks can also target drones deployed to monitor field conditions such as irrigation, spraying of pesticides, pollination, and planting of seeds
[11]. On their part, WSNs offer monitoring, sensing, and a continuous supply of information regarding climatic conditions such as the chemical content of the soil, air humidity, temperature, light, water quality, and soil moisture. These parameters are then utilized to boost productivity, both qualitatively and quantitatively. According to
[12], WSNs facilitate monitoring, data collection, and control of agricultural systems and hence ensure efficiency, minimal packet losses and economic overheads, better network control, and increased scalability and flexibility. However, threats such as interference, masquerading, interception, and message alteration can compromise these networks and harm crop production and other monitored agricultural practices
[6]. The authors in
[13] pointed out that issues such as sufficient energy resource utilization and secure data transmission are yet to be solved in WSN. This is because of the usage of open wireless networks during data transfers
[14], which can potentially compromise the integrity, confidentiality, and authenticity of the exchanged data.
2. Enhancing Security of Precision Agriculture
Many schemes have been developed to enhance security in the smart farm environment. For example, a novel private blockchain-based authentication scheme is presented in
[5]. However, this protocol fails to protect against de-synchronization and session hijacking attacks. Similarly, blockchain-based schemes were developed in
[15][16][17][18][19]. Although blockchain offers traceability, integrity protection, and shareability in the agricultural environment, such as agri-food supply chains, it has high storage and computation overheads
[20]. Based on signatures, the authors of
[21] present a three-factor user authentication protocol. Unfortunately, this scheme cannot prevent attacks such as eavesdropping and session hijacking. On the other hand, an identity-based scheme was introduced in
[22]. Nevertheless, this technique is vulnerable to stolen smart cards, sensor node spoofing, impersonation, and stolen verifier attacks
[23]. In addition, it cannot provide backward key secrecy. To address these challenges, two protocols were developed in
[23]. Unfortunately, the authentication and password change phases of these schemes are inefficient
[24]. To offer privacy protection, a remote user authentication protocol was presented in
[6]. However, this scheme cannot withstand attacks such as eavesdropping, de-synchronization, and spoofing.
Based on a public-key-based cryptosystem, an authentication scheme was developed in
[25]. Although this approach protects against MitM and replay attacks, it cannot withstand privileged insider, user impersonation, and ephemeral secret leakage (ESL) attacks
[5]. In addition, it does not include biometric change and user device revocation phases. The signature-based privacy-preserving protocol in
[26] can address some of these issues. However, it is still susceptible to ESL attacks and cannot assure the untraceability and anonymity of the communicating parties
[5]. Similarly, the protocol in
[27] does not provide user and device anonymity since their internet protocol (IP) addresses incorporated in messages are exchanged publicly. In addition, it has high computation overheads due to the utilization of public key cryptography for its digital signatures and certificates
[28]. Moreover, it is prone to replay, physical device capture, MitM, user and device impersonation, and attacks. On its part, the scheme in
[29] cannot protect against user anonymity violation, user impersonation, and smart card loss attacks. Similarly, the protocol in
[30] is vulnerable to physical sensing device capture, untraceability violation, and smart card loss attacks
[5]. Using some bilinear pairing operations, authentication and key establishment protocols were introduced in
[31][32]. However, the utilization of pairing operations increased the computation costs of these protocols
[33]. Since the trusted authority in
[32] has access to user identity and password, it is susceptible to privileged insider attacks. In addition, it cannot withstand replay, disclosure of sensor data, offline password guessing, and stolen smart card and verifier attacks
[34]. As such, an improved elliptic curve cryptography (ECC)-based scheme was developed in
[34]. However, this protocol has an inefficient and delayed authentication phase. In addition, it is not robust against DoS and replay attacks
[35]. Although the protocol in
[36] addresses some of these issues, its bilinear pairing operations result in high computation costs
[37].
To offer security in a heterogeneous IoT environment, an authentication technique was presented in
[38]. Unfortunately, this protocol is vulnerable to physical device capture, privileged insider, and ESL attacks. In addition, it cannot preserve untraceability and anonymity
[5]. Similarly, a remote user authentication protocol was developed in
[39], which was shown to be lightweight. However, it failed to protect against ESL and privileged insider attacks. It also failed to support untraceability and anonymity
[5]. On its part, the scheme in
[39] was not resilient against privileged insider and sensor node capture attacks. It also failed to preserve forward key secrecy
[6]. The authors in
[40][41] designed identity-based signature protocols to protect message exchanges in mobile devices. However, identity-based schemes have key escrow problems
[42]. Based on ECC and symmetric key encryption, a security technique was presented in
[43]. Although it was shown to be robust against MitM and replay attacks, it was vulnerable to ESL, privileged insider, and user impersonation attacks. It also failed to incorporate device revocation, node addition, and password and user biometric change phases
[5]. Similarly, the biometric-based scheme in
[44] did not include device revocation, user passwords, and biometric update phases. It was also vulnerable to privileged insider, user impersonation, ESL, DoS, and stolen smart card attacks
[45]. On its part, the protocol in
[46] was susceptible to DoS attacks and could not offer forward key secrecy
[47]. Similarly, the scheme in
[48] did not support forward key secrecy and was prone to stolen verifier attacks
[49]. As such, an enhanced ECC-based protocol was introduced in
[49], while a privacy-preserving scheme was developed in
[50]. The scheme in
[50] was demonstrated to be resilient against eavesdropping, DoS, masquerade, privileged insider, and forgery attacks. It also supports secret key updates, traceability, and anonymity. However, it cannot withstand MitM attacks
[15].