Authentication in most mobile phone networks is based on a challenge response mechanism using pre-shared keys provided by a subscriber identity module (SIM). SIM keys are provided by the SIM manufacturer to carriers. The carriers store these keys in the home subscriber server (HSS) network element repository. The SIM keys are known to the mobile device and to the carrier thus each key is used as a pre-shared key. SIM keys are never shared over the air.
When a mobile device attaches to the network, the mobility management entity (MME) sends an authentication request to the HSS. The HSS provides an authentication vector to the MME. The authentication vector consists of a random number and an expected response. The expected response is calculated using the AES algorithm and the pre-shared key. If the mobile device provides a response, which matches the expected response, then authentication is validated and access is granted to the network. The user has no control over this process since a SIM key is provided by the carrier and the SIM manufacturer.