SRES

Signed RESponse

Security →
Introduced in Rel-5

SRES is a cryptographic authentication value generated by a SIM or USIM in response to a network challenge to verify a subscriber's identity during 2G authentication.

Category
Security
Introduced
Rel-5
Where
Services
Specifications
3 specs
SRES Description Purpose Related Classification Detected Changes Specifications

Description

The Signed RESponse (SRES) is a core component of the 2G GSM authentication mechanism, specifically within the A3 algorithm. The process begins when the network's Authentication Center (AuC) generates a 128-bit random number (RAND) and sends it to the mobile station (MS). The MS's SIM card receives this RAND and, using a secret key (Ki) shared only between the SIM and the AuC, processes it through the A3 algorithm. This computation produces a 32-bit output, which is the SRES. The MS sends this SRES back to the network. Simultaneously, the AuC performs the identical computation using its stored copy of the subscriber's Ki and the same RAND to generate an expected SRES value. The network compares the received SRES from the MS with its locally computed expected SRES. A match authenticates the subscriber, proving they possess the correct secret key, and grants access to network services. The SRES is a static-length, relatively short value designed for the computational constraints of early SIM cards. Its generation and verification are fundamental to the challenge-response paradigm, preventing impersonation attacks by ensuring only a legitimate subscriber with the correct Ki can produce the correct response to a unique, non-replayable network challenge. While central to 2G security, the SRES mechanism is part of a suite that also includes the A8 algorithm for generating the session ciphering key (Kc). The entire authentication triplet (RAND, SRES, Kc) is sent from the Home Location Register (HLR)/AuC to the Visitor Location Register (VLR) or Serving GPRS Support Node (SGSN) to facilitate local authentication during mobility.

Purpose & Motivation

The SRES was created to provide subscriber authentication in 2G GSM networks, solving the critical problem of unauthorized network access. Prior to cellular digital authentication, analog systems were vulnerable to cloning and eavesdropping. The SRES, as part of the AKA procedure, introduced a cryptographic, challenge-response-based method to verify that a mobile station is a legitimate subscriber of the network operator. It addresses the need for a lightweight, implementable security mechanism that could run on the limited hardware of early SIM cards while providing a foundational layer of trust. The motivation was to move beyond simple identifier checks (like Electronic Serial Numbers) which could be copied, to a system based on a shared secret (Ki) that never traverses the air interface. By having the SIM prove knowledge of Ki via the SRES, the network could confidently authenticate the user. This design mitigated the risk of simple fraud and formed the basis for subsequent, more robust 3G/4G/5G authentication methods. However, its purpose was primarily authentication; it did not provide mutual authentication (the network did not prove itself to the subscriber in 2G) or strong protection against active attacks, limitations that later generations aimed to address.

Classification

Part ofAKA
Related approachesRANDAUCSIMUSIM

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (28 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-5, normative work from Rel-15.

Rel-15 6 changes

In Release 15, updates to USIM management procedures for 5GS were introduced, which encompass the SRES function as part of the broader USIM application and its security mechanisms. These enhancements included allowing the configuration of access identities via the USIM and updates to support mission critical services configuration data. Furthermore, the release provided clarifications regarding the presence of specific files, such as EFIMSConfigData, within the USIM.

  • USIM Service Table update for PDU session call control support TS 31.102CR0786
  • Allow configuration of MCS (Access Identity 2) via USIM. TS 31.102CR0794
  • Mission Critical Services configuration data update to USIM TS 31.102CR0808
  • Enhance USIM OPL configuration to support 3 bytes TAC when in NG-RAN. TS 31.102CR0818
  • Updates to USIM management procedures for 5GS TS 31.102CR0806
  • Clarification about presence of EFIMSConfigData in ISIM and USIM TS 31.102CR0833
Rel-16 9 changes

In Release 16, the SRES function itself was not directly modified, but the USIM's role in authentication and network access was enhanced with several new configuration capabilities. These included the USIM-based storage of lists for Rudimentary Location Services (RLOS) PLMNs and allowed MCCs, as well as a list for Trusted non-3GPP access networks. Furthermore, Release 16 specified storage for a potentially separate KSEAF for non-3GPP access and introduced support for a Dedicated AID for USIM Applications with non-IMSI based SUPI Types.

  • Support for USIM configuration of RLOS PLMN list TS 31.102CR0847
  • URSP storage in USIM TS 31.102CR0861
  • Specify storage for a potentially separate KSEAF for non-3gpp access on the USIM TS 31.102CR0864
  • USIM configuration of RLOS allowed MCC list TS 31.102CR0881
  • Support for Trusted non-3GPP access networks list by USIM TS 31.102CR0891
  • Dedicated AID for USIM Applications with non-IMSI based SUPI Types TS 31.102CR0897

+ 3 more changes

Rel-17 8 changes

In Release 17, the SRES function itself was not directly modified; however, several new USIM configuration files were introduced to support enhanced network selection and access control procedures. These included dedicated files for storing pre-configured CAG information, parameters for Steering of Roaming with CMCI, and configurations for disaster roaming conditions. Additionally, new USIM files were added to manage 5G NSWO configuration, eDRX parameters for NG-RAN, and the reception of warning messages in SNPNs.

  • Introduce a USIM file to store pre-configured CAG information list TS 31.102CR0904
  • SOR-CMCI storage in USIM TS 31.102CR0917
  • Addition of USIM files for the indication of whether disaster roaming is enabled in the UE, disaster roaming wait range, disaster return wait range and applicability indicator for disaster roaming PLMNs list provided by VPLMN. TS 31.102CR0938
  • Adding eDRX parameters in the USIM for NG-RAN TS 31.102CR0943
  • 5G NSWO (Non-Seamless WLAN Offload) configuration support in the USIM compromised proposal. TS 31.102CR0946
  • Support of 'No E-UTRA Disabling In 5GS' in USIM TS 31.102CR0947

+ 2 more changes

Rel-18 4 changes

In Release 18, the SRES function was not directly modified; however, related security parameters for 5G were enhanced by mandating the extended storage of these parameters on the USIM when a specific service is enabled. This update involves the USIM's implementation capability for securely storing credentials. Furthermore, new Elementary Files (EFs) were added to the USIM for Access Control to GBA_U_APIs and for IMS Data Channel configuration, expanding the logical channel data managed by the USIM application.

  • 5G Security Parameters extended storage on USIM (Mandating Service n°133 to be enabled when Service n°123 is enabled) Rel18. TS 31.102CR1014
  • Add EF of Access Control to GBA_U_APIs to the USIM TS 31.102CR1007
  • Add EF of IMS Data Channel configuration to the USIM TS 31.102CR1006
  • Clarification of NID coding in the response data of GET IDENTITY TS 31.102CR1040
Rel-19 1 change

In Release 19, the enhancement for the SRES function specifically addressed backward compatibility for USIMs that lack extended security parameter storage in the EF_5GAuthKeys file. This ensures that authentication procedures can still function correctly with older USIM applications during network access. The update manages the interaction between the mobile equipment and the UICC's USIM application to maintain security even when the newer key storage capability is absent.

  • Backward compatibility handling of USIM without extended security parameter storage in EF_5GAuthKeys - Rel19 TS 31.102CR1074

Explore further

Broader topics and technologies where SRES plays a role.

Topics
SON (Self-Organizing Networks)Authentication (5G-AKA, EAP)Encryption & IntegrityMEC (Edge Computing)Lawful InterceptServices & Applications
Technologies
LTE5G

Defining Specifications

3GPP specifications that define or reference SRES, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TR 21.905 vj00 3GPP Technical Terms and Definitions Rel-19
TS 31.102 vj40 USIM Application Specification Rel-19
TR 31.900 vj00 3GPP TS 31.900: Security Interworking Guidance Rel-19