Signed RESponse

Description

The Signed RESponse (SRES) is a core component of the 2G GSM authentication mechanism, specifically within the A3 algorithm. The process begins when the network's Authentication Center (AuC) generates a 128-bit random number (RAND) and sends it to the mobile station (MS). The MS's SIM card receives this RAND and, using a secret key (Ki) shared only between the SIM and the AuC, processes it through the A3 algorithm. This computation produces a 32-bit output, which is the SRES. The MS sends this SRES back to the network. Simultaneously, the AuC performs the identical computation using its stored copy of the subscriber's Ki and the same RAND to generate an expected SRES value. The network compares the received SRES from the MS with its locally computed expected SRES. A match authenticates the subscriber, proving they possess the correct secret key, and grants access to network services. The SRES is a static-length, relatively short value designed for the computational constraints of early SIM cards. Its generation and verification are fundamental to the challenge-response paradigm, preventing impersonation attacks by ensuring only a legitimate subscriber with the correct Ki can produce the correct response to a unique, non-replayable network challenge. While central to 2G security, the SRES mechanism is part of a suite that also includes the A8 algorithm for generating the session ciphering key (Kc). The entire authentication triplet (RAND, SRES, Kc) is sent from the Home Location Register (HLR)/AuC to the Visitor Location Register (VLR) or Serving GPRS Support Node (SGSN) to facilitate local authentication during mobility.

Purpose & Motivation

The SRES was created to provide subscriber authentication in 2G GSM networks, solving the critical problem of unauthorized network access. Prior to cellular digital authentication, analog systems were vulnerable to cloning and eavesdropping. The SRES, as part of the AKA procedure, introduced a cryptographic, challenge-response-based method to verify that a mobile station is a legitimate subscriber of the network operator. It addresses the need for a lightweight, implementable security mechanism that could run on the limited hardware of early SIM cards while providing a foundational layer of trust. The motivation was to move beyond simple identifier checks (like Electronic Serial Numbers) which could be copied, to a system based on a shared secret (Ki) that never traverses the air interface. By having the SIM prove knowledge of Ki via the SRES, the network could confidently authenticate the user. This design mitigated the risk of simple fraud and formed the basis for subsequent, more robust 3G/4G/5G authentication methods. However, its purpose was primarily authentication; it did not provide mutual authentication (the network did not prove itself to the subscriber in 2G) or strong protection against active attacks, limitations that later generations aimed to address.

Key Features

• 32-bit cryptographic output generated by the A3 algorithm.
• Part of a challenge-response protocol using a random network challenge (RAND).
• Derived from the subscriber's unique secret key (Ki) stored on the SIM and in the AuC.
• Enables unilateral authentication of the mobile subscriber to the network.
• Used as one element of the authentication triplet (RAND, SRES, Kc).
• Fundamental to the GSM security architecture for access control.

Evolution Across Releases

Defining Specifications