Enhanced secure anonymous authentication scheme for roaming service in global mobility networks

User authentication scheme is an important issue for providing secure roaming service to users of mobile devices. In 2008, Wu, Lee and Tsaur proposed an enhanced anonymous authentication for roaming environment. In this paper, we show weaknesses of Wu–Lee–Tsaur’s schemes such as failing to achieve anonymity and perfect forward secrecy, and disclosing of legitimate user’s password. Therefore, we propose a new enhanced scheme that uses Elliptic Curve Diffie–Hellman (ECDH) to overcome these weaknesses and improve performance. We also demonstrate that our scheme not only overcomes these weaknesses but also provides mutual authentication and resistance to a man‐in‐the‐middle attack. Compared with previous schemes that use public key cryptosystem with certificates, our scheme is more efficient. Moreover, our scheme does not use timestamps, so it is not required to synchronize the time.