This paper proposes a new efficient authentication protocol for mobile networks. The user, service provider and key distribution center authenticate mutually in the proposed protocol. In addition, the user and service provider will generate a secret session key for communication in this protocol. We prove the proposed protocol by using BAN logic. In our protocol, the key distribution center of the networks does not need to maintain the secret key database of users by using the key derivation function. The proposed protocol is based on symmetric cryptosystem, challenge–response and hash chaining. It only needs four message exchange rounds for intra-domain initial phase and seven message exchange rounds for inter-domain initial phase. Our initial phase only takes 17% and our subsequent phase requires 26% communication cost of Chien and Jan's protocol. The proposed protocol is more efficient than the others. It is suitable to apply in the mobile networks.
Computer Standards and Interfaces 28(2), pp.241-252