[atallcostsky]

I wonder if it would be possible to take the idea of certificate authorities and apply it to cell phone towers. Basically, each cell tower company would be a CA, and could generate a certificate for each cell tower. Major cell tower companies could then be trusted by other CAs, and cell phones could have a store of trusted CAs. Then, when a cell phone attempts to connect to a tower, a check is made to verify that the tower is trusted by a trusted CA. This way, a user could (at least maybe) revoke a certificate from a CA that has trusted a group that has set up a cell site simulator.

My knowledge of PKI is pretty shaky. Does anyone know if something like this would work and/or be an improvement?

[jlgaddis]

The SIM card in your phone is, basically, a smartcard. The private/public keypair on the SIM is how your phone authenticates to the cellular network.

Is what you're asking technically possible? Sure. What motivation do the cellular companies have to implement it, though? They are currently satisfied with the level of security already offered and to do what you are asking would cost a not-insignificant amount of money with little or no return (for them).

[c22]

Probably would make it hard for non-smart / low powered handsets to participate.