This article proposes a secure and energy efficient user authentication protocol, which can preserve the user anonymity for roaming service in the mobile network. Compared to other state of the art solutions, the proposed scheme has several considerable advantages. Firstly, no encryption/decryption, modular and exponential operations have been introduced in our design. Instead, it uses the low cost function such as HMAC and exclusive-OR operations to accomplish the goals of authentication and key agreement. This makes the protocol more suitable for battery-powered mobile devices. Secondly, the proposed scheme can resolve several existing security issues like forgery attack, known session key attack, etc., with the limited computation and communication overheads which are indeed essential for offering a secure and expeditious roaming services in mobile communication environment.