User authentication in a global mobility network (GLOMONET) is an extremely important issue for wireless communication networks. User authentication allows mobile users to establish an authentication key shared with a foreign agent on a foreign network and with a global roaming service.
Numerous authentication approaches with anonymity have been proposed for GLOMONETs [1-5] to increase the privacy and security of communication. These schemes provide mobile users with global roaming services while keeping their identities anonymous. To increase security, many authentication schemes have used public key systems or exponential computations. However, due to hardware limitations, a mobile user has difficulty supporting heavy encryption and decryption in a roaming environment and thus, using exponential computations increases client overhead [6-10]. Therefore, schemes that only use low-cost functions, such as one-way hash functions and exclusive-OR operations, are likely to be relatively more suited to roaming environments.
Zhu and Ma  in 2004 developed a novel authentication scheme using a smart card. Lin and Lee  later identified the limitations of this scheme. Lee, Chang and Lin  in 2005 also proposed an improved scheme to overcome the weaknesses in the scheme developed by Zhu and Ma. Additionally, Lee, Hwang and Liao  in 2006 also identified security flaws in the scheme developed by Zhu and Ma and created an improved version. However, Chang et al.  in 2009 demonstrated that authentication scheme of Lee, Hwang and Liao cannot provide users with anonymity and suffered forgery attacks when the smart card of a mobile user was stolen by a malicious legal mobile user. Additionally, Chang et al. presented an efficient authentication scheme with anonymity as an alternative. Although the authentication scheme of Chang et al. used low-cost functions and attempted to achieve security goals, Youn et al.  in 2009 still pointed out that their authentication scheme cannot ensure user anonymity and resist known session key and side channel attacks.
This study discusses the limitations of the authentication scheme developed by Chang et al. . In their scheme, a malicious mobile user, who has obtained the identity of another legal user, can perform an impersonation attack and derive the session key between another mobile user and a foreign agent from transmitted messages. Additionally, a novel secure user authentication scheme that offers users anonymity and achieves data unlinkability and users untrackabilty is also developed. The proposed authentication scheme uses an adaptable and temporary identity for a mobile user to protect the actual identity of the mobile user, such that a malicious mobile user cannot derive the identity of another user, and thus, impersonation and eavesdropping attacks are eliminated. Therefore, the proposed authentication scheme is highly promising for battery-powered mobile devices in GLOMONETs and avoids the weaknesses in the scheme developed by Chang et al.