Wireless sensor networks (WSNs) play an important role in applications when information collection is needed. In 2014, Turkanović et al. applied the Internet of Things (IOT) notion to WSNs and proposed a user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks to have a remote user to securely negotiate a session key with a general sensor node by using a lightweight key agreement protocol. After analyzing their scheme, we find that their scheme suffers from four drawbacks. In this thesis, the found drawbacks will be shown in detail, and we aim to propose an improvement to overcome these security drawbacks.