What a SIM card is for?
Authentication
A SIM card is a module aimed to identify if a subscriber is real or fake. This module contains a number of parameters:
• IMSI, or an International Mobile Subscriber Identity;
• Ki, or an Individual Subscriber Authentication Key;
• A3, or an Authentication Algorithm;
• A8, or a Key Generator Algorithm.
Same elements can be found in Authentication Center (AuC).
One of its key features is to transmit Information to MSC/VLR. It is MSC/VLR where the subscriber is identified and the transmitted messages are enciphered.
The information that AuC generates is called ‘triplet’, it consists of:
• a RAND, or a Random Number,
• a SRES, or a Signed Response,
• a Kc, or a Ciphering Key.
Once the subscriber is being identified, MSC/VLR transmit a RAND to a mobile station. The Mobile Station uses RAND, Ki and A3 and make some calculations using these parameters: SRES = Ki [RAND] and returns the results back to the Network. Then SRES is compared the SRES received from the Mobile Station to the SRES in MSC/VLR. If the two SRES coincides, Information is allowed to be transmitted, if they two of the SRESs are different, the Information is not allowed to be transmitted.Due to the safety reasons, Ki is not transmitted via a radio channel.
Transmitted Data Ciphering
Ki is used to provide confidentiality to Data that is transmitted between MS and BTS. As we have already mentioned a SIM card contains algorithm A8 that is responsible for Ki ciphering.
Ki is not transmitted via a radio channel due to safety reasons,i.e. to prevent interception. To set a Security Mode, a Network sends a CMC, or a Ciphering Mode Command, to the Mobile Station. Once PING is received, the Mobile Station starts the process of message ciphering and deciphering, using Ki and A5 Algorithm.