In a recent paper (IEEE Trans. Wireless Commun.,
vol. 9, no. 11, 2010), Chang and Tsai presented a self-verified
mobile authentication scheme for large-scale wireless networks.
In this letter, we show that there is a serious security flaw in the
key delegation phase of the scheme: two colluding mobile users
can retrieve the long-term secret key of their home server without
performing any active attacks.We then present a suggestion to fix
the problem without losing any features (such as high efficiency
and scalability) of the original scheme.