Skip to Main Content
In a recent paper (IEEE Trans. Wireless Commun., vol. 9, no. 11, 2010), Chang and Tsai presented a self-verified mobile authentication scheme for large-scale wireless networks. In this letter, we show that there is a serious security flaw in the key delegation phase of the scheme: two colluding mobile users can retrieve the long-term secret key of their home server without performing any active attacks. We then present a suggestion to fix the problem without losing any features (such as high efficiency and scalability) of the original scheme.