In a set of distributed wireless networks, such as globally distributed cellular systems, different networks could be administered by different operators. Mobile devices subscribed to one network may need to access networks administered by some other operators. An anonymous authentication protocol allows a roaming mobile device to anonymously authenticate itself to a visiting network in such a way that eavesdroppers in the visiting network and operators of other networks can only tell to which network the mobile device is subscribed but cannot tell the identity of the mobile device. The protocol is useful for protecting the privacy of the roaming mobile device. In this paper, we review two anonymous authentication protocols and point out some weaknesses and flaws of them. We show that these protocols are vulnerable to some practical attacks and the anonymity of a roaming mobile device could be compromised.
Duncan S. Wong