LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What is the GSM authentication triplet, who creates it, and where does it travel?

The Authentication Center (AUC) creates a triplet (RAND, SRES, Kc) for a subscriber; it is sent to the VLR/MSC of the visited network so that network can run challenge-response and set up encryption without ever learning the secret key Ki.

AuC sends (RAND, SRES, Kc) to VLR/MSC, which challenges the SIM.

* Triplet flow: the AuC supplies (RAND, SRES, Kc); Ki never leaves it. *

The triplet (RAND, SRES, Kc):

Element Meaning
RAND random number (the challenge)
SRES the signed response expected back (computed with RAND and Ki)
Kc the session key for A5 encryption

The flow of secrets:

  • Ki never leaves the AUC (and the SIM). The HLR stores IMSI, MSISDN, Ki; the AUC computes triplets from Ki
  • The triplet is handed to the VLR of the network currently serving the subscriber
  • The serving MSC/VLR can now: send RAND, compare the returned SRES, and use Kc to encrypt — all without knowing Ki

Why this design is elegant: it lets a visited network authenticate a roaming subscriber and encrypt their calls without the home operator ever exposing the master secret. The visited network gets disposable, single-use credentials.

Tip: The triplet is "everything you need to challenge and encrypt one (or a few) sessions, minus the crown jewel (Ki)." That separation is the heart of GSM's roaming security.

Go deeper:

  • doc GSM (Wikipedia) — covers the AuC, the (RAND, SRES, Kc) triplet and how the home network supplies it to a visited VLR/MSC without exposing Ki.

From Quiz: MOBINFSEC / GSM & LTE Security Infrastructure | Updated: Jul 14, 2026