RANDMS

RANDom number for Mobile Station (USIM storage)

Security →
Introduced in Rel-8

RANDMS is a random challenge value stored in the USIM's non-volatile memory, used as an input for generating the shared secret key during USIM personalization and in legacy GSM authentication.

Category
Security
Introduced
Rel-8
Where
User Equipment › SIM/USIM
Specifications
1 specs
RANDMS Description Purpose Related Classification Detected Changes Specifications

Description

RANDMS is a specific type of RAND (Random number) parameter that is permanently stored within the non-volatile memory of a Universal Subscriber Identity Module (USIM) or SIM card. Unlike the dynamic RAND used in the standard online Authentication and Key Agreement (AKA) procedure which changes with every authentication, the RANDMS is a static value written into the USIM during its personalization phase at the manufacturing or operator provisioning stage. Its primary technical role is to serve as a seed or input parameter for cryptographic processes that occur locally on the card, specifically for the generation or derivation of the long-term secret key (K) and for use in GSM-specific algorithms.

The most critical function of RANDMS is in the generation of the subscriber-specific secret key (K). During USIM personalization, the operator uses the RANDMS along with other data (like the subscriber's IMSI) as input to a key generation function. The output of this function is the 128-bit secret key (K), which is then securely stored on the USIM. The same RANDMS and process are used by the operator's backend (AuC/HSS) to generate the identical key K for that subscriber. This ensures synchronization between the secret stored on the card and the secret stored in the network database. Furthermore, in operational use for GSM compatibility, when a UE camps on a GSM network (using the USIM in SIM mode), the USIM may use the stored RANDMS value in the execution of the GSM A3/A8 algorithms to generate the GSM-specific Signed Response (SRES) and cipher key (Kc), providing backward security compatibility.

Architecturally, RANDMS resides in a protected file (e.g., EF_KC) on the USIM. It is not transmitted over the air and is not part of the standard authentication vector exchanged between network nodes. Its use is confined to the internal cryptographic computations of the USIM. This makes it a foundational element for the card's security posture. The secrecy of the long-term key K is dependent on the randomness and confidentiality of the RANDMS used to create it. If the RANDMS generation process is flawed or predictable, it could weaken the security of the derived key K for all subscribers from that batch of USIMs.

Purpose & Motivation

RANDMS was introduced to fulfill a specific need in the USIM personalization and key management process. Early SIM cards had the secret key (Ki for GSM) injected directly, but as the architecture evolved with the USIM for 3G, a more structured method for deriving the key K from other parameters was standardized. The RANDMS provides this deterministic yet operator-controlled input. It solves the problem of securely generating a unique, strong secret key for each USIM in a reproducible manner by both the card issuer and the network operator's authentication center.

Its creation was motivated by the desire for enhanced key management security and flexibility during card manufacturing. Instead of requiring the highly sensitive master key K to be directly handled and loaded onto each card, the manufacturer can be given a batch of RANDMS values and a key generation algorithm. The actual secret key K is then computed on-card using the RANDMS. This can add a layer of security, as the master key derivation algorithm can be kept separate from the physical card personalization line. It also allows for the key K to be cryptographically tied to the specific RANDMS and other card identifiers.

Furthermore, RANDMS supports backward compatibility mechanisms. When a 3G/4G USIM is used in a 2G GSM network, the network may use a GSM authentication challenge (RAND_GSM). The USIM can use its stored RANDMS as part of the computation to generate the GSM-specific SRES and Kc, ensuring the single secret key K can support both the UMTS/LTE AKA and the legacy GSM authentication algorithms. This provides a seamless subscriber experience across different generations of radio technology.

Classification

Part ofRAND
Related approachesUSIM

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (29 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-8, normative work from Rel-15.

Rel-15 6 changes

In Release 15, updates were made to USIM management procedures for 5GS, including enhancements to the USIM Service Table for PDU session call control support and to the OPL configuration to support 3-byte TAC values when connected to NG-RAN. The release also introduced the ability to configure Mission Critical Services and Access Identity 2 via the USIM, while providing clarifications on data storage such as the presence of EFIMSConfigData.

  • USIM Service Table update for PDU session call control support TS 31.102CR0786
  • Allow configuration of MCS (Access Identity 2) via USIM. TS 31.102CR0794
  • Mission Critical Services configuration data update to USIM TS 31.102CR0808
  • Enhance USIM OPL configuration to support 3 bytes TAC when in NG-RAN. TS 31.102CR0818
  • Updates to USIM management procedures for 5GS TS 31.102CR0806
  • Clarification about presence of EFIMSConfigData in ISIM and USIM TS 31.102CR0833
Rel-16 10 changes

In Release 16, the RANDMS function was enhanced by introducing new USIM configuration capabilities for network lists and parameters. Specifically, new Elementary Files were defined to allow the USIM to store a "RLOS PLMN list," a "RLOS allowed MCC list," and a "Trusted non-3GPP access networks list." Additionally, Release 16 specified storage for a separate KSEAF for non-3GPP access and enabled URSP and PS Data Off list configurations on the USIM.

  • Support for USIM configuration of RLOS PLMN list TS 31.102CR0847
  • URSP storage in USIM TS 31.102CR0861
  • Specify storage for a potentially separate KSEAF for non-3gpp access on the USIM TS 31.102CR0864
  • USIM configuration of RLOS allowed MCC list TS 31.102CR0881
  • Support for Trusted non-3GPP access networks list by USIM TS 31.102CR0891
  • Dedicated AID for USIM Applications with non-IMSI based SUPI Types TS 31.102CR0897

+ 4 more changes

Rel-17 9 changes

In Release 17, RANDMS was enhanced to support the secure storage of security-related UE parameters by explicitly linking the availability of Service 123 to Service 133. This ensures that the SOR counter and UE parameter update counter, as part of the extended security parameters, are stored on the USIM in association with the K_AUSF also residing there, thereby improving security parameter management.

  • Introduce a USIM file to store pre-configured CAG information list TS 31.102CR0904
  • SOR-CMCI storage in USIM TS 31.102CR0917
  • Addition of USIM files for the indication of whether disaster roaming is enabled in the UE, disaster roaming wait range, disaster return wait range and applicability indicator for disaster roaming PLMNs list provided by VPLMN. TS 31.102CR0938
  • Adding eDRX parameters in the USIM for NG-RAN TS 31.102CR0943
  • 5G NSWO (Non-Seamless WLAN Offload) configuration support in the USIM compromised proposal. TS 31.102CR0946
  • Support of 'No E-UTRA Disabling In 5GS' in USIM TS 31.102CR0947

+ 3 more changes

Rel-18 3 changes

In Release 18, the primary enhancement for the RANDMS function was the introduction of extended storage for 5G security parameters on the USIM. Specifically, it mandated that Service n°133 be enabled whenever Service n°123 is enabled, ensuring that counters like the SOR counter and UE parameter update counter are stored on the USIM alongside the K~AUSF~. This change did not introduce new EFs for RANDMS itself but was part of broader updates that also added EFs for Access Control to GBA_U_APIs and IMS Data Channel configuration.

  • 5G Security Parameters extended storage on USIM (Mandating Service n°133 to be enabled when Service n°123 is enabled) Rel18. TS 31.102CR1014
  • Add EF of Access Control to GBA_U_APIs to the USIM TS 31.102CR1007
  • Add EF of IMS Data Channel configuration to the USIM TS 31.102CR1006
Rel-19 1 change

In Release 19, the enhancement for the RANDMS function introduced backward compatibility handling for USIMs that lack extended security parameter storage in the EF_5GAuthKeys file. This ensures interoperability by defining how the Mobile Equipment (ME) must operate when the USIM service for storing extended security parameters is not available. The change specifically manages the association and storage of security parameters like the SOR counter to maintain functionality with older USIMs.

  • Backward compatibility handling of USIM without extended security parameter storage in EF_5GAuthKeys - Rel19 TS 31.102CR1074

Explore further

Broader topics and technologies where RANDMS plays a role.

Topics
SON (Self-Organizing Networks)Authentication (5G-AKA, EAP)IMS & Voice (VoLTE, VoNR)Encryption & IntegrityMEC (Edge Computing)LTE / LTE-Advanced
Technologies
LTE

Defining Specifications

3GPP specifications that define or reference RANDMS, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 31.102 vj40 USIM Application Specification Rel-19