Authentication Protocols for mobile network environment value-added services

The secure provision of mobile computing and telecommunication services is rapidly increasing in importance as both demand and applications for such services continue to grow. This paper is concerned with the design of public key based protocols suitable for application in upcoming third-generation mobile systems such as Universal Mobile Telecommunications Service. Candidate protocols are considered for the authentication of a mobile user to a value-added service provider with initialization of a mechanism enabling payment for the value-added service. A set of goals for such a protocol are identified, as are a number of generic attacks; these goals and attacks are then used to evaluate the suitability of seven candidate third-generation user-to-network authentication protocols. Many of these candidate protocols are shown to have highly undesirable features.