Expected Response

Description

The Expected Response (XRES) is a critical component within the 3GPP authentication and key agreement (AKA) framework, specifically for 3G (UMTS) networks. It is generated by the Home Location Register/Authentication Center (HLR/AuC) alongside other authentication vectors (AV), which include a random challenge (RAND), a network authentication token (AUTN), and ciphering/integrity keys (CK/IK). This vector is sent to the serving network node, such as the Visitor Location Register (VLR) or Serving GPRS Support Node (SGSN). The core function of XRES is to serve as the network's reference value for verifying the user's identity. When a user equipment (UE) attempts to attach to the network, the VLR/SGSN forwards the RAND and AUTN to the UE. The UE's Universal Subscriber Identity Module (USIM) uses the shared secret key (K) with the HLR/AuC to process these inputs. It independently computes a response value, called RES. The UE then sends this RES back to the VLR/SGSN. The network node performs a direct comparison: if the received RES matches the pre-stored XRES from the authentication vector, the user is authenticated. A mismatch indicates authentication failure, and access is denied. This process ensures that only a UE possessing the correct secret key K can generate the correct RES, thereby validating the subscriber's identity and protecting against impersonation attacks. The XRES is a temporary value, valid for a single authentication procedure, which enhances security by preventing replay attacks. Its generation and verification are central to the mutual authentication process in 3G, where the network authenticates the UE and the UE authenticates the network (via the AUTN).

Purpose & Motivation

XRES was introduced to address security weaknesses in the 2G (GSM) authentication system, which only provided one-way authentication (network to user). The primary purpose of XRES is to enable robust mutual authentication in 3G UMTS networks. It solves the problem of verifying that a user is who they claim to be, based on a cryptographically secure challenge-response mechanism. By having the network generate an expected value (XRES) derived from a secret key known only to the home network and the user's SIM, the system can definitively confirm a user's identity before granting network access. This was a significant evolution from GSM's use of the SRES (Signed Response), as part of a more comprehensive AKA procedure that also provided stronger encryption keys (CK/IK) and network authentication. The creation of XRES was motivated by the need for enhanced security in mobile communications to protect against fraud, eavesdropping, and unauthorized access, which became increasingly critical with the advent of mobile data services. It forms the verification cornerstone within the UMTS AKA protocol, a standard that has influenced all subsequent 3GPP security architectures.

Key Features

• Generated by the HLR/AuC as part of a quintet authentication vector (RAND, XRES, CK, IK, AUTN).
• Serves as the network's reference value for verifying the user's computed response (RES).
• Enables user authentication by the serving network (VLR/SGSN) through direct value comparison.
• Valid for only one authentication instance, preventing replay attacks.
• Integral part of the 3G mutual authentication and key agreement (AKA) procedure.
• Derived from the shared secret key (K) and a random challenge (RAND) using the f2 algorithm.

Evolution Across Releases

Defining Specifications