Inside a GSM Location Update, what authentication and ciphering steps actually run on the wire before the network accepts the phone?
The MSC fetches an authentication triplet from the HLR, challenges the phone with a random number (RAND), checks the answer (SRES), records the location, switches on A5 ciphering, and hands the phone a fresh temporary identity (TMSI).
* The full L3 Location Update exchange: identify, authenticate, register, cipher, re-identify with a fresh TMSI. *
The sequence, step by step:
- MM Location Update Request — the phone sends it on its dedicated channel (SDCCH). If the network only holds an old temporary identity it can't resolve, it first asks for the IMSI (Identity Request/Response).
- MAP Send Authentication Info — the MSC/VLR asks the HLR/AuC for an authentication triplet: a random challenge RAND, the expected response SRES, and a cipher key Kc.
- Authentication Request (RAND) — the MSC forwards just the RAND; the SIM computes its own SRES (and Kc) from RAND and the secret subscriber key Ki.
- Authentication Response (SRES) — the phone returns its SRES, and the MSC compares it with the HLR's value: match → authenticated, mismatch → reject.
- MAP Update Location + Insert Subscriber Data — the MSC records the new location in the HLR, which pushes back the subscriber profile.
- Cipher Mode Command — the network orders encryption on (the A5 stream cipher keyed with Kc); from here the radio link is ciphered.
- Location Update Accept — usually with a TMSI reallocation: the network issues a new Temporary Mobile Subscriber Identity so the phone can stop sending its permanent IMSI over the air.
Why this matters (security): GSM authentication here is one-way — only the phone proves itself; the network never proves itself to the phone. That asymmetry is exactly what lets a fake base station (IMSI catcher) impersonate a real cell, and it is the hole UMTS later closes with mutual AKA. The TMSI exists to limit how often the permanent IMSI travels in the clear — but it is assigned only after this first exchange, so the very first attach can still leak the IMSI.
Tip: Authenticate first, cipher second, and you leave the exchange carrying a fresh TMSI instead of your IMSI.
Go deeper:
GSM procedures — the IMSI-attach / location-update call flow (Wikipedia) — the full ordered exchange: Channel Request on RACH, SDCCH assignment, authentication triplet, MAP Update Location, cipher mode, and TMSI reallocation.
Temporary Mobile Subscriber Identity (Wikipedia) — why the network swaps the permanent IMSI for a short-lived TMSI, and the window in which the IMSI still leaks.
Harald Welte — What happens on a protocol level when I switch on my phone? (CCC, 2018) — watch this authenticate → register → cipher exchange traced live in real protocol messages.