AUC in GSM, for 2G, 3G, and LTE authentication.


Each mobile device needs a SIM card for voice, data, and SMS services. It authenticates with the mobile operator of the sim provider, to activate voice, SMS, or data services. For authentication, a mobile operator needs a node name AUC. As the telecom networks are dedicated to the mobile operators, so looks like all communication is secure? No need for any authentication and ciphering mechanism.

But not always, we need AuC, to avoid the intrusion on the air interface.  To make the air interface secure, all communication should be cipher between the device and the GSM tower.

Auc is the network node in the GSM network that is hosted by the operator in the HPLM for sim card authentication. As the mobile switches on, the attache procedure starts between UE and the gsm network. During attache SGSN/MSC does all messaging with the AUC for authentication.  If authentication fails no service to sim activates. On successful, sim registration starts, and services become active eventually if the subscriber is allowed to roam.

Sim Authentication Data In AuC :

While manufacturing SIM cards, an authentication key called Ki is embedded in SIM. The same key is configured on AuC, for the IMSI.  During GSM authentication, AuC generates vectors using Ki, Random number, and Authentication algorithm.  Send Authentication-Info (SAI) is the GSM level map protocol procedure. Each GSM MAP message uses SS7 as a transport protocol.

Authentication Vectors for 2G, 3G, and LTE:

With the advancement of mobile network generation, mobile communication becoming more secure. This leads to more advancements in algorithms and a total number of parameters, here we will discuss the authentication vectors for 2G, 3G, and LTE (4G) mobile networks.

For 2G authentication, AuC keeps the Ki, authentication algorithm (have A3, A8 functions) and generates the random number (RAND). 3GPP /GSM provides a specification for the authentication algorithm. AUC for GSM 2G, sim cards send the triplet to MSC (or SGSN). Each triplet has RAND,  Kc, and SRES.

A3(Ki, RAND) -> SRES, A8(Ki, RAND) = Kc

Upon receiving the triplet, MSC sends the RAND to the UE, UE uses pre-configured Ki and sends SRES to the MSC. If SRES same and from AuC, authentication is successful.  MSC sends Kc to the mobile device for encryption.

In 3G (USIM), the procedure is more complex than 2G, to make communication more secure. USIM profile on AUC has, Ki, Random Number (RAND), the Sequence Number (SQN), and algorithm( have functions, f1, f2, f3, f4, f5).  In USIM there are five authentication vectors, which is called quintuple. Each quintuple has RAND, XRES, CK, IK, and AUTN.   MSC can download multiple quintuples from AuC for future use.

Re-synchronization in USIM, MSC may have older vectors (e.g when a subscriber moves to the previous MSC), this may fail in the matching of the sequence number in the UE when a vector needs to use.  To synchronize the sequence number, the authentication request has the AUTS parameter. AUTS has SQN and MAC.  New SQN is updated in AUC and a new set of vectors is transmitted to the MSC. 

4G or LTE, the authentication process is similar to the 3G.  Vectors are XRES, CK, IK, AUTH, and KASME.  Here KASME is a new vector.  Kasme calculation also has PLMN id as input. This makes vectors specific to the visiting PLMN only.

Auc and HLR :

In another tutorial, we have described the HLR.  HLR is the interface with the roaming network over the GSM Map protocol.  The SAI message reaches the HLR. HLR checks for the subscription profile. If IMSI is provisioned, HLR sends the vector request to the AUC. Authentication Center is a logical module. It may be located with the HLR or maybe on a separate server.

Mobile Phone Vs SIM card Authentication:

Both types of authentication look similar. But they are different.  Mobile phone verification means, authenticating the mobile device or hardware.  A mobile device may be blacklisted (e.f if stolen). The device check is done using the IMEI number from EIR.  While SIM authentication is done, using IMSI, from AUC.