RANDMS

RANDom number for Mobile Station (USIM storage)

Security
Introduced in Rel-8
RANDMS is a random challenge value stored within the USIM's non-volatile memory. It is used as an input for generating the shared secret key (K) during the USIM personalization phase and for deriving keys in certain legacy GSM authentication contexts.

Description

RANDMS is a specific type of RAND (Random number) parameter that is permanently stored within the non-volatile memory of a Universal Subscriber Identity Module (USIM) or SIM card. Unlike the dynamic RAND used in the standard online Authentication and Key Agreement (AKA) procedure which changes with every authentication, the RANDMS is a static value written into the USIM during its personalization phase at the manufacturing or operator provisioning stage. Its primary technical role is to serve as a seed or input parameter for cryptographic processes that occur locally on the card, specifically for the generation or derivation of the long-term secret key (K) and for use in GSM-specific algorithms.

The most critical function of RANDMS is in the generation of the subscriber-specific secret key (K). During USIM personalization, the operator uses the RANDMS along with other data (like the subscriber's IMSI) as input to a key generation function. The output of this function is the 128-bit secret key (K), which is then securely stored on the USIM. The same RANDMS and process are used by the operator's backend (AuC/HSS) to generate the identical key K for that subscriber. This ensures synchronization between the secret stored on the card and the secret stored in the network database. Furthermore, in operational use for GSM compatibility, when a UE camps on a GSM network (using the USIM in SIM mode), the USIM may use the stored RANDMS value in the execution of the GSM A3/A8 algorithms to generate the GSM-specific Signed Response (SRES) and cipher key (Kc), providing backward security compatibility.

Architecturally, RANDMS resides in a protected file (e.g., EF_KC) on the USIM. It is not transmitted over the air and is not part of the standard authentication vector exchanged between network nodes. Its use is confined to the internal cryptographic computations of the USIM. This makes it a foundational element for the card's security posture. The secrecy of the long-term key K is dependent on the randomness and confidentiality of the RANDMS used to create it. If the RANDMS generation process is flawed or predictable, it could weaken the security of the derived key K for all subscribers from that batch of USIMs.

Purpose & Motivation

RANDMS was introduced to fulfill a specific need in the USIM personalization and key management process. Early SIM cards had the secret key (Ki for GSM) injected directly, but as the architecture evolved with the USIM for 3G, a more structured method for deriving the key K from other parameters was standardized. The RANDMS provides this deterministic yet operator-controlled input. It solves the problem of securely generating a unique, strong secret key for each USIM in a reproducible manner by both the card issuer and the network operator's authentication center.

Its creation was motivated by the desire for enhanced key management security and flexibility during card manufacturing. Instead of requiring the highly sensitive master key K to be directly handled and loaded onto each card, the manufacturer can be given a batch of RANDMS values and a key generation algorithm. The actual secret key K is then computed on-card using the RANDMS. This can add a layer of security, as the master key derivation algorithm can be kept separate from the physical card personalization line. It also allows for the key K to be cryptographically tied to the specific RANDMS and other card identifiers.

Furthermore, RANDMS supports backward compatibility mechanisms. When a 3G/4G USIM is used in a 2G GSM network, the network may use a GSM authentication challenge (RAND_GSM). The USIM can use its stored RANDMS as part of the computation to generate the GSM-specific SRES and Kc, ensuring the single secret key K can support both the UMTS/LTE AKA and the legacy GSM authentication algorithms. This provides a seamless subscriber experience across different generations of radio technology.

Key Features

  • A static random number permanently stored in the USIM's non-volatile memory
  • Used as a seed parameter during USIM personalization to generate the long-term secret key (K)
  • Enables reproducible generation of key K by both the USIM and the operator's HSS/AuC
  • May be utilized in GSM algorithm computations when the USIM operates in SIM mode for 2G access
  • Resides in a protected file (e.g., EF_KC) on the USIM and is never transmitted over the air
  • Provides a foundation for key management security in the card personalization process

Evolution Across Releases

Rel-8 Initial

Formally specified as a stored parameter within the USIM application, detailing its role in key generation and GSM compatibility. This release standardized its storage in the EF_KC file and its use as an input for deriving GSM cipher key Kc_G when needed for CSG and hybrid mode operations, integrating legacy support into the USIM architecture.

TS 31.102

Defining Specifications

SpecificationTitle
TS 31.102 3GPP TR 31.102