Authentication Response

Description

The Authentication Response (RES) is a core element in the 3GPP security architecture, specifically within the authentication and key agreement procedures. It is a cryptographically generated value that serves as proof of identity from the user side. In the 3G AKA procedure, the RES is produced by the Universal Subscriber Identity Module (USIM) card within the User Equipment (UE). The network side, specifically the serving network's Visitor Location Register (VLR) or Mobility Management Entity (MME)/Authentication Server Function (AUSF) in later generations, holds the expected authentication response (XRES) which is received from the home network's Authentication Centre (AuC).

The process begins when the network sends an authentication challenge to the UE, which includes a random number (RAND) and an authentication token (AUTN). The USIM uses its shared secret key (K), stored securely on the SIM/USIM, along with the received RAND and a sequence number verification process, to compute two values: a Cipher Key (CK) and an Integrity Key (IK) for securing subsequent communications, and the RES. The USIM sends the calculated RES back to the network. The network entity compares the received RES with the XRES it pre-computed or received from the AuC. If RES matches XRES, authentication is successful, proving the UE possesses the correct secret key and is therefore a legitimate subscriber. The network then proceeds to use the derived CK and IK for ciphering and integrity protection of the radio connection.

In the context of 2G (GSM) authentication, the term RES is also used but the architecture differs. The Home Location Register (HLR) and its associated AuC generate a triplet consisting of RAND, Signed Response (SRES - equivalent to XRES), and the encryption key Kc. This triplet is sent to the serving MSC/VLR. The VLR sends the RAND to the Mobile Station (MS). The SIM card in the MS computes its own SRES (the response) using its secret key Ki and sends it back. The VLR compares the MS's SRES with the SRES from the triplet for authentication. Thus, whether in 2G or 3G AKA, the RES/SRES is the subscriber's cryptographic response to a network challenge, forming the cornerstone of mutual authentication (in 3G) or network authentication of the user (in 2G).

Purpose & Motivation

The RES exists to provide a secure method for a network to verify the identity of a subscriber attempting to access its services. Before cellular authentication standards, rogue devices could easily impersonate legitimate users, leading to fraud (cloning) and service theft. The RES, as part of a challenge-response protocol, solves this by requiring the UE to prove knowledge of a secret key (K or Ki) without ever transmitting the key itself over the air.

The creation of the RES mechanism in GSM (as SRES) addressed the vulnerability of simple password transmission. The 3G AKA procedure enhanced this by introducing mutual authentication and stronger cryptographic algorithms. The RES in 3G AKA is part of a more robust framework that also provides key separation and fresh key derivation for each session, addressing limitations in 2G such as lack of network authentication to the user and weaker encryption. The RES is thus central to preventing unauthorized access, protecting user privacy, and forming the basis for deriving session keys that secure voice and data communications.

Key Features

• Cryptographic output generated by the USIM (3G) or SIM (2G)
• Proves subscriber identity via a challenge-response mechanism
• Compared against the network's expected value (XRES/SRES) for authentication
• Derived using a shared secret key (K/Ki) and a random challenge (RAND)
• Fundamental to 3G Authentication and Key Agreement (AKA) procedure
• Also used in 2G GSM authentication (as SRES part of the authentication triplet)

Evolution Across Releases

Defining Specifications