Untraceability in mobile networks

User mobility is a feature that raises many new security-related issues and concerns. One of them is the disclosure of a mobile user's real identity during the authentication process, or other procedures specific to mobile networks. Such disclosure allows an unauthorized third-party to track the mobile user's movements and current where- abouts. Depending on the context, access to any information related to a mobile user's location without his consent can be a serious violation of his privacy. This new issue might be seen as a conflicting requirement with respect to authentication: untraceability requires hiding the user's identity while authentication requires the user's identity to be revealed in order to be proved. What is needed is a single mechanism reconciling both authentication and privacy of a mobile user's identification. The basic solution to this problem is the use of aliases . Aliases insure untraceability by hiding the user's real identity aswell as his relationship with domain authorities. In this paper, we present a classification scheme to identify the various degrees of untraceability requirements. We then present an efficient method for the computation of aliases and apply it to a new set of inter-domain authentication protocols. We demonstrate that these protocols can be designed to meet various degrees of untraceability requirements. In designing these protocols, we try to avoid the drawbacks of authentication protocols in existing mobile network architectures such as CDPD and GSM.