INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS Int. J. Commun. Syst. (2012) Published online in Wiley Online Library (wileyonlinelibrary.com). DOI: 10.1002/dac.1387 Strong roaming authentication technique for wireless and mobile networks Daojing He 1, * ,† , Chun Chen 1 , Sammy Chan 2 and Jiajun Bu 1 1 College of Computer Science, Zhejiang University, China 2 City University of Hong Kong, Hong Kong SAR, China SUMMARY When one considers the broad range of wirelessly connected mobile devices used today, it is clear that integrating such network-enabled devices into secure roaming over wireless networks is of essential impor- tance. Over the years, many authentication protocols have been suggested to address this issue. Among these protocols, the recently proposed privacy-preserving universal authentication protocol, Priauth, exceeds the security and efficiency of other authentication techniques. This paper studies the existing roaming authen- tication protocols and shows that they are not strong enough to provide secure roaming services in three aspects. Further, using Priauth as an example, we propose efficient remedies that fix the weaknesses. The experimental results show that the proposed approaches are feasible in practice. Copyright © 2012 John Wiley & Sons, Ltd. Received 5 August 2011 ; Revised 6 October 2011 ; Accepted 28 October 2011 KEY WORDS: authentication; security and privacy; roaming service; wireless and mobile networks 1. INTRODUCTION With the fast development of wireless technology, various wireless and mobile networks have been deployed and used in our daily life, including mobile telecommunication systems (e.g., Global Sys- tem for Mobile Communications, 3G), roadside-to-vehicle communication systems, wireless local area networks (e.g., 802.11) for local area, wireless metropolitan access network (e.g., WiMAX) for wide area, and satellite network for worldwide coverage. This trend shows that the world has been turning into a ubiquitous computing environment, where people can have ‘anywhere, anytime’ net- work access services using their mobile devices (e.g., vehicle, laptop PC, personal digital assistant, and wireless phone) without being limited by the geographical coverage of their own home net- works. To ensure persistent connectivity for users traveling from one network to another network, which is possibly of a different type, roaming services should be provided. Regardless of the types of networks involved, as shown in Figure 1, a typical roaming scenario involves three parties: a roaming user U , a visited foreign server F , and a home server H of which U is a subscriber. Normally, F and H have a roaming agreement, so that U can access its subscribed services through F when U is in a foreign network administered by F . Before U can access resources provided by F , an appropriate authentication process between U and F must be carried out. This process should be efficient enough to support resource-restricted mobile devices and demanding applications, such as multimedia content delivery [1], and be secure enough because mobile users and different network providers are involved as well. Obviously, without *Correspondence to: Daojing He, College of Computer Science, Zhejiang University, China. † E-mail: hedaojinghit@gmail.com Copyright © 2012 John Wiley & Sons, Ltd.