Anonymity and Untraceability in Mobile Networks

User mobility is a feature that raises many new security-related issues and concerns. One of them is the disclosure of a mobile user's identity during the authentication process, or other procedures speciic to mobile networks. Such disclosure allows an unauthorized third-party to track the mobile user's movements and current whereabouts. Depending on the context, access to any information related to a mobile user's location or activity without his consent can be a serious violation of his privacy. This new issue might be seen as a connicting requirement with respect to authentication: anonymity requires hiding the user's identity while authentication requires the user's identity to be revealed in order to be proved. What is needed is a single mechanism reconciling both authentication and privacy of a mobile user's identity. The basic solution to this problem is the use of aliases. Aliases insure anonymity by hiding the user's identity as well as his relationship with domain authorities. In this paper, we present a classiication scheme to identify the diierent pieces of information which should be protected from legitimate network entities and unauthorized third parties. We then present an eecient method for the computation of aliases and apply it to a new set of inter-domain authen-tication protocols. We demonstrate that these protocols can be designed to meet various degrees of privacy requirements. In designing these protocols, we try to avoid the drawbacks of authentication protocols in existing mobile network architectures such as CDPD and GSM.