The Global System for Mobile Communication (GSM) is the largest existing second generation network. Basically, second generation network is based on digital mobile radio signal architecture which provide services and protocol by means of digital radio signals in contrast to first generation systems where based on analogue signals used in the system.
For the purpose of this paper, the GSM networks are treated in terms of security issues and exclusively authentication of users. Since basically radio networks are by nature more susceptible to be eavesdropped and to be fraudulent in use and can be access by anyone, authentication of users became a very important challenge in mobile networks security. Hence, the relevant components involved in the authentication process of GSM networks are illustrated (figure 1). Then some developments which have been done to improve this process are discussed.
Figure 1: GSM Network Architecture 
Basically, the GSM network comprises some functional subsystems, namely the Radio Subsystem (RSS), the Network and Switching Subsystem (NSS) and the Operation Subsystem (OSS).
Get your grade
or your money back
using our Essay Writing Service!
The RSS is responsible for all the radio functions and aspects of the network such as: the mobile station (MS) consisting of the mobile device a user uses to make calls and other services and, the subscriber identity module (SIM) which contains identity of GSM subscriber and authentication specific data for identification to the network via IMSI and key generation purposes. Here, the security mechanism implemented for the SIM and considered for authentication purposes is basically based on challenge and response mechanism.  Also Base Station Subsystem comprises BTS which deals with communication operations with the mobile station (MS) and moreover, BSC takes care of the switching between existing BTSs and radio channels by providing essential control functions and physical connections between Network Subsystem (NSS) supplied by mobile switching center and BTS. 
The NSS comprises of Mobile Switching Center (MSC) and Home Location Registrar (HLR) which provide switching services among GSM and external networks. The NSS contains all data related to mobile subscribers including subscriber's identities which are also stored in SIM card and service specific data and location information, and also the Visitor Location Registrar (VLR) which is distributed in the network according to geographical locations enhances handling mobile subscribers connecting areas outside their local network. 
Upon describing involved components of GSM networks in authentication process, the whole authentication scenario is describes and illustrated here as shown in figure 2.
Figure 2: Authentication in GSM Networks 
As mentioned before authentication is GSM network is basically in challenge-response basis. As it is show in figure 2, Me as the mobile subscriber has a SIM card containing information about the subscriber and also necessary keys for authentication purposes. Basically, when a subscriber is added to a home network, an assigned secret and unique 128-bit key (Ki) would be stored to the SIM card of the subscriber. Correspondingly, this secret key (Ki) would be assigned to the IMSI for verification of the subscriber identity and also, would be stored in AuC in the HLR at the network side of the mobile operator but, it never transmitted from AuC or SIM card. In other words, according to challenge-response authentication, it is required to prove the secret key stored in SIM card of MS is the same key stored in AuC. 
The mobile station (MS) initiates the procedure by signing into the network or in other words, issues a sign-on request access to the network in which the mobile device sends it out as an authentication request to BTS. Then the BTS sends out the IMSI request to the MSC, which in turn forwards this information to the HLR in the home network to decide to grant or deny the access requested by ME-SIM to the home network. [3, p.132] In order to make this decision, after that AuC associated with the HLR received the IMSI, a 128-bit random number (RAND) would be generated using the IMSI and the stored secret key (Ki) in AuC.  The process of authenticating a subscriber (Fig.3) is basically based on the A3 algorithm and the A8 algorithm for key generation contained in SIM and AuC and is performed at the network side as well as at the subscriber side. 
Always on Time
Marked to Standard
Figure 3: Principle of subscriber authentication 
The Mobile Services Switching Center (MSC) asks the Home Location Register (HLR) to provide it with five sets of security triplets. The security triplets consist of three numbers: RAND (128-bit random number), SRES (a 32-bit signed response to the RAND generated using the pre-shared secret key Ki) and a session key Kc generated using Ki. Also, the triplets are generated and stored in the VLR for each subscriber. So, the HLR supplies these triplets to MSC by using the Ki from AuC as an authentication response. [3, p.133][1, p.26] Then, the MSC via the BSC and the BTS forwards the RAND number of the generated triplets as a challenge to the mobile station to make it generate the same response generated by AuC. The ME-SIM is now supposed to generate a RES as a response to this RAND number using the A3 algorithm and Ki stored in SIM and send it back to MSC using BTS. [3, p.133] Next, the MSC/VLR compares the RES received from ME-SIM and the SRES from the triplet it received from the HLR. If both responses match, the MSC can safely deduce that the ME has the SIM containing a valid Ki and the authentication procedure is successful and MSC allow the ME access to the network otherwise, the MSC would deny the ME access request to the network.
Discussion and Conclusion
Obviously, the described process authenticates the GSM Mobile Station (MS) to the GSM network. So, one of the security limitations of GSM a network is that the GSM network is never authenticated by the GSM Mobile Station (MS). This one-way authentication may make it possible for an attacker to pretend to be a GSM network provider. Hence, there has been offered some proposed protocols to improve the former ones and reduce the security limitations to enhance the whole process as much as possible. Therefore, beside some other improved strong authentication protocols, there have been done some efforts to achieve mutual authentication between MS and VLR instead of the HLR, even if the VLR does not know the subscriber's secret key Ki and A3 algorithm to omit the mentioned security drawbacks.  Also, another security drawback in mentioned procedure could be that, GSM network authenticates the SIM card and not the subscriber of the SIM card. Since, the authentication process relies on pre-shared secret key between SIM and AuC, so if a ME is stolen it could be used for making calls and using other GSM services. Hence, there are still various drawbacks which are targeted for some countermeasures to protect against.
- Asma Alazeib, An Ontology for Generic Wireless Authentication, Stuttgart, 07.October.2005
 Young Jae Choi and Soon Ja Kim, An Improvement on Privacy and Authentication in GSM, School of Electrical Engineering and Computer Science, Kyungpook National University, 1370 Sangyuk-dong Buk-gu Daegu, Republic of Korea