GSM Authentication

Most of us have been very familiar with a gagdet named Mobile Phone, or many of us called it Hand Phone (well of course you have to grab your phone with your hand, not with your feet), or Cellular Phone. Also most of us have been very familiar with the Cellular Services those provided using our Cell Phone such SMS, HSDPA, Video Call, etc.

But have we ever wonder, how our Cell Phone can be authenticated, and log-on to the cellular network, and your cellular operator Logo displayed ? Well authetication process in GSM Network follow several steps below :

Mobile Phone turned on, of course you have to turned it on first.

Mobile Service Switching Center (MSC) requests 5 tripples from the Home Location Register (HLR). HLR creates 5 tripples using A8 algorithm. These 5 tripples each contain a 128 bit Random Challenge (RAND), a 32 bit matching Signed Response (SRES), and a 64 bit chipering key used as Session Key (Kc).

HLR sends 5 tripples to MSC. MSC sends 5 tripples to the Base Transceiver Station (BTS). BTS sends RAND to the Mobile Phone.

Mobile Phone receives RAND from BTS and pass it to SIM Card using RUN GSM ALGORITHM command. As a calculation result, SIM Card return the SRES and Kc value. SRES Kc passed to the Mobile Phone. Kc will be kept for any future enchiphered communication. Subscriber Authentication Key (Ki) is used in this process. Ki used as one input parameter in A3 algorithm which authenticate Mobile Phone to the network, and for A8 algorithm calculation to generate the encryption key.

Mobile Phone sends SRES to BTS, and SRES forwarded to MSC. MSC receive SRES and verify it. This verification process provide authentication.

Terms

A3, authentication algorithm. Used for authenticating the subscriber.

A8, chiper key algorithm. Used to generate Kc.

A5, chiper algorithm. Used to enchipering/ dechipering data.

HLR, Home Location Register. An entity of GSM Network which handling database contain subscriber data that authorized to authentication to the network. HLRs are devided based on each area.

Ki, Subscriber Authentication Key, a 128 bit key stored inside SIM card. Used as one input parameter for authentication and chiper key algorithm.

MSC, Mobile Service Switching Center. An entity of GSM Network that responsible to handling voice call and SMS.

RAND, Random Challenge, a 128 bit value result from A8 algorithm calculation that provided by MSC

SRES, Signed Respond. A 32 bit value that provided by MSC as a result of A8 algorithm calculation.

References :
3GPP TS11.11 Digital Cellular Tellecommunication System ( Phase 2+ ) Specification of Subscriber Identity Module - Mobile Equipment Interface, version 8.14.0, release 1999.
www.gsm-security.net