Cryptanalysis of an Anonymous Mutual Authentication Scheme in Mobile Networks Lei Yang 1 , Tsu-Yang Wu 1(B ) , Zhiyuan Lee 1 , Chien-Ming Chen 1 , King-Hang Wang 2 , Jeng-Shyang Pan 1 , Shu-Chuan Chu 1 , and Mu-En Wu 3 1 College of Computer Science and Engineering, Shandong University of Science and Technology, Qingdao 266590, China 1287327353@qq.com, wutsuyang@gmail.com, jlizhiyuan@163.com, chienming.taiwan@gmail.com, jspan@cc.kuas.edu.tw, scchu0803@gmail.com 2 Department of Computer Science and Engineering, Hong Kong University of Science and Technology, Clear Water Bay, Hong Kong kevinw@cse.ust.hk 3 Department of Information and Finance Management, National Taipei University of Technology, Taipei 10608, Taiwan, R.O.C. mnasia1@gmail.com Abstract. With the rapid development of mobile networks, secure com- munication technologies for mobile users are received much attentions from researchers. Recently, Chung et al. proposed an anonymous mutual authentication scheme for communication inter-devices in mobile net- works. Some previous literatures are shown that their scheme has some security weaknesses. In this paper, we also point out their scheme violates perfect forward secrecy and is insecure against a replay attack. 1 Introduction With the development of science and technology [15–17], mobile devices are widely used and applied to several environments. Mobile network environments are particularly important for applications of mobile devices, because they involve the security of user communications [19]. In the mobile network envi- ronment, a typical client-server architecture is shown in Fig. 1. In the process of user communication, users hope that their communication messages can be protected. In order to solve this problem, several mutual authentication scheme are proposed in [1–3, 9–11, 14]. In the mobile network environment, the trusted server responds to com- plete the anonymous authentication of both users [6, 7, 13], and after successful authentication, the session key can be established for communication. In 2015, Saravanan et al. [8] proposed an anonymous security authentication scheme for users of global mobile network roaming service [12]. In 2016, Chung et al. [4] proposed an authentication scheme with anonymity. In 2017, Feng et al. [5] pro- posed a smart card based authentication scheme in multi-server environments. c  Springer Nature Singapore Pte Ltd. 2020 J.-S. Pan et al. (Eds.): ICGEC 2019, AISC 1107, pp. 462–467, 2020. https://doi.org/10.1007/978-981-15-3308-2_50