Secure and efficient authentication protocol with user untraceability for global roaming services

In case of global roaming services, user authentication plays an important role in order to prevent any unauthorized user from accessing services. Preserving anonymity and unlinkability are also crucial to ensure user untraceability over public channel. However, achieving user authenticity and untraceability are not sufficient to guarantee a secure communication. Several active and passive attacks may breach the system security as the mode of communication is considered to be wireless. Hence, requiring a well-designed protocol to resist these vulnerabilities. In this article, we put forward a secure and efficient authentication protocol with user untraceability for global roaming services. The proposed protocol utilizes low-cost cryptographic primitives such as symmetric key encryption/decryption and one-way hash function. We use dynamic keys (rather than long-term keys) to ensure forward/backward secrecy of the session key. The use of dynamic pseudonym ensures user anonymity and unlinkability over public channel. In addition, there is no need to re-synchronize the peers in case of desynchronization attack. The security validation of the proposed protocol is done both formally and informally to ensure robustness of the protocol under various active and passive attacks. Finally, we compare our protocol with some recently proposed approaches in terms of various security and design parameters to ensure its efficiency for low-power applications of global roaming services.