Abstract — Two novel mutual authentication and key exchange protocols with anonymity are proposed for different roaming scenarios in the global mobility network. The new features in the proposed protocols include identity anonymity and one-time session key renewal. Identity anonymity protects mobile users privacy in the roaming network environment. One-time session key progression frequently renews the session key for mobile users and reduces the risk of using a compromised session key to communicate with visited networks. It has demonstrated that the computation complexity of the proposed protocols is similar to the existing ones, while the security has been significantly improved. Index Terms — Authentication, key exchange, roaming service, anonymity, secret-splitting, self-certified. Fixed Internet nodes A’s home network, home agent (H) Internet B’s home network, home agent (H) Mobile terminal (M), B Foreign network2 (V)

In a set of distributed wireless networks, such as globally distributed cellular systems, different networks could be administered by different operators. Mobile devices subscribed to one network may need to access networks administered by some other operators. An anonymous authentication protocol allows a roaming mobile device to anonymously authenticate itself to a visiting network in such a way that eavesdroppers in the visiting network and operators of other networks can only tell to which network the mobile device is subscribed but cannot tell the identity of the mobile device. The protocol is useful for protecting the privacy of the roaming mobile device. In this paper, we review two anonymous authentication protocols and point out some weaknesses and flaws of them. We show that these protocols are vulnerable to some practical attacks and the anonymity of a roaming mobile device could be compromised. 1

Abstract: In a secure roaming scenario, a user U travels to a foreign network and communicates with a foreign server V securely so that no one other than U and V can obtain the messages exchanged between them. U may also want to travel anonymously so that no one including V can find out its identity or trace its whereabouts except its home server H. There have been many key establishment protocols proposed for secure roaming. A typical application of these protocols is the mobile roaming service which may be deployed to interconnected WLAN and 3G networks. Despite the importance of these protocols, most of the protocols are analyzed heuristically. They are lack of formal security treatment. In this paper, we propose a formal key exchange definition and formalize secure roaming under the Canetti-Krawczyk (CK) model. We also propose a formal model for capturing the notions of user anonymity and untraceability. By using the modular approach supported by the CK-model, we construct an efficient key exchange protocol for roaming and then extend it to support user anonymity and untraceability. The protocols are efficient and each of them requires only four message flows among the three parties U, H and V. For building our protocols, we construct a one-pass counter based MT-authenticator and show its security under the assumption of a conventional MAC secure against chosen message attack.