Sign in Subscribe

What does Signed Response (SRES) indicate in GSM authentication?

Last updated on 


In GSM (Global System for Mobile Communications) authentication, the Signed Response (SRES) is a crucial component of the authentication triplet. The authentication triplet consists of the International Mobile Subscriber Identity (IMSI), a Random Challenge (RAND), and the SRES. The SRES is generated as a result of processing the RAND and the Subscriber's Key (Ki), which is stored securely on the SIM card. The SRES is used to verify the authenticity of the mobile subscriber during the authentication process. Here's a detailed technical explanation of what the Signed Response (SRES) indicates in GSM authentication:

  1. Authentication Triplets:
    • The authentication process in GSM involves the use of triplets, which are sets of three values: IMSI, RAND, and SRES.
    • The triplets are generated and stored in both the Home Location Register (HLR) and the Authentication Center (AuC).
  2. Challenge-Response Mechanism:
    • The SRES is part of the challenge-response mechanism used to authenticate mobile subscribers.
    • During the authentication process, a Random Challenge (RAND) is sent to both the mobile station (MS) and the AuC.
  3. Subscriber's Key (Ki):
    • The Subscriber's Key (Ki) is a secret key stored on the SIM card. It is unique to each subscriber and is securely shared between the AuC and the SIM card during the personalization process.
  4. Key Generation Function (KGSN):
    • The Key Generation Function (KGSN) is a function that takes the RAND and the Ki as inputs and produces the Signed Response (SRES).
    • The KGSN is implemented both on the SIM card and in the AuC.
  5. Dynamic Key Generation:
    • The SRES is dynamically generated for each authentication attempt, adding a layer of security to the process.
    • The use of a dynamic key ensures that the same SRES value is not repeated, preventing replay attacks.
  6. SRES Format:
    • The SRES is typically a 32-bit value.
    • It represents the result of applying cryptographic algorithms to the RAND and the Ki, using the KGSN.
  7. Authentication Request:
    • The mobile station processes the RAND using the KGSN with the Ki from the SIM card to generate the SRES.
    • The SRES is then sent back to the network as part of the authentication response.
  8. Authentication Verification:
    • The network independently processes the received RAND using the KGSN with the stored Ki in the AuC to generate its own version of the SRES.
  9. Comparison:
    • The network compares the SRES received from the mobile station with the SRES it independently generated.
    • If the two values match, it indicates that the mobile station has the correct Ki, and the subscriber is authenticated.
  10. Authentication Failure:
    • If the SRES values do not match, it suggests that either the SIM card or the network has an incorrect Ki, and the authentication fails.
    • An authentication failure typically triggers actions like blocking the SIM card or notifying the network operator.
  11. Security of Communication:
    • The successful verification of the SRES ensures the security of communication between the mobile station and the network.
    • It allows the establishment of a secure session key (Kc), which is used for encrypting voice and data transmissions.
  12. Confidentiality Protection:
    • The SRES, along with the RAND, is used to generate the session key (Kc), providing confidentiality protection for communication over the air interface.
  13. Subscriber Identity Privacy:
    • The SRES contributes to subscriber identity privacy by ensuring that only devices possessing the correct Ki can generate the correct SRES.
    • This prevents unauthorized devices from impersonating the subscriber.

In summary, the Signed Response (SRES) in GSM authentication indicates the result of processing the Random Challenge (RAND) with the Subscriber's Key (Ki) using the Key Generation Function (KGSN). It is a dynamically generated value that, when compared with the independently generated SRES in the network, verifies the authenticity of the mobile subscriber during the authentication process. The SRES plays a crucial role in ensuring the security, privacy, and integrity of communication in GSM networks.