A consequence of international roaming is the exchange of information between providers in different countries. All countries have strict regulations against the export of encryption algorithms and thus GSM works around it.
When a user tries to use his phone in say another country, the local networks request the HLR of the subscriber’s home network for the RAND, SRES and KC which is sufficient for authentication and encrypting data. Thus the local network does not need to know anything about the A3 or A8 algorithms stored in the SIM.
Authentication Algorithm (A3) – In GSM, the users are first identified and authenticated then the services are granted. The GSM authentication protocol consists of a challenge-response mechanism. The authentication is based on a secret key Ki which is shared between HLR and MS.
After a visited MS gets a free channel by requesting BS, it makes a request for its location update to MSC through BSC. The MSC, in response, asks MS for its authentication. In the entire authentication process, the three main actors are the MS, MSC/VLR and HLR/AuC.
The mobile station sends its Temporary Mobile Subscriber Identity (TMSI) to VLR in its request for authentication. The MS uses its real identity IMSI when it is switched on for the first time but the temporary identity TMSI is used later. The TMSI is used to provide anonymity to the user identity. After getting the IMSI of the mobile station from the old VLR using TMSI, the VLR sends IMSI to the corresponding HLR/AuC.
The HLR/AuC uses authentication algorithm (A3) which is an operator dependent and is an operator option. The A3 algorithm is a one way function. That means it is easy to compute the output parameter SRES by using the A3 algorithm but very complex to retrieve the input parameters (RAND and KI) from the output parameter.
The HLR/AuC uses authentication algorithm (A3) and ciphering key generation algorithm (A8) to create the encryption key (Kc) and Signed result (SRES) respectively.