There is a secret authentication key Ki for each subscriber, which is stored in

their SIM and in the AuC, but nowhere else.

The AuC generates a random number (RAND) which is passed together with
the key through an algorithm known as A3. This produces a signed result
value (SRES).
The values of RAND and SRES (but not the key) are passed to the MSC.
The MSC sends RAND to the mobile, which uses its key and the A3 algorithm
to generate SRES.
The MS returns its SRES value to the MSC, which compares the two values. If
they are the same, the mobile is allowed on the network.
This system provides fairly good (but not perfect) protection against fraud
and SIM cloning. It can however be broken.
The A8 algorithm is used to generate a second key (Kc) which is used to apply
encryption to the voice or data being transmitted. Again this provides limited
protection against interception of the message.

Section 1 Introduction to GSM

Equipment Identity Register (EIR)

EIR is a database that stores a unique International
Mobile Equipment Identity (IMEI) number for each
item of mobile equipment

EIR

The EIR controls access to the network by returning the status of a

mobile in response to an IMEI query
Possible status levels are:
White-listed

The terminal is allowed to connect to the network.

Grey-listed

The terminal is under observation by the network

for possible problems.

Black-listed

The terminal has either been reported stolen, or is not a

type approved for a GSM network.
The terminal is not allowed to connect to the network.

The EIR may optionally be used by the operator to control access to the
network by certain types of equipment or to monitor lost or stolen handsets.

1-12

GSM System Overview

AIRCOM International 2002