User authentication procedures are essential for global mobility networks and enable a mobile user to communicate securely with other users. Chang et al. recently presented an efficient authentication scheme with user anonymity in roaming environments. The authentication scheme of Chang et al. used low-cost functions and was most suitable for battery-powered mobile environments. However, Youn et al. pointed out that their authentication scheme cannot ensure user anonymity and resist known session key and side channel attacks. This study will demonstrate that the scheme of Chang et al. cannot resist impersonation attacks and violates session key security. In addition, this study present a secure and efficient authentication scheme based on the scheme of Chang et al. The proposed scheme not only avoids the weaknesses of the authentication scheme of Chang et al. but also ensures data unlinkability and users untrackabilty. Copyright © 2013 John Wiley & Sons, Ltd.