To provide secure roaming services for mobile users in Global Mobility Networks, many schemes have been proposed in recent years. However, most of them focus only on authentication and fail to satisfy many practical security requirements such as user anonymity and untraceability. To address this problem, we propose a privacy-preserving authentication scheme based on elliptic curve cryptography. The proposed scheme is provably secure under a formal model that satisfies all practical security requirements. Compared with existing authentication schemes, ours enjoys better performance in terms of computation cost and security. Perfect Forward Secrecy: An adversary cannot obtain the session keys established between an MU and an FA (HA) in advance, even if it has compromised MU's password or smart card.