It’s claimed GCHQ were able to steal bulk keys from Gemalto a GSM SIM manufacturer.
Assuming that GSM was a sane public key based system…
Making SIMs can be like this: have a machine which generates key pairs, writes the private key into the SIM, and the public key to a file along with the SIM identifier and throws away the private key. Put the SIMs in a box, and take the sd card that the public keys were written to across the air gap to the network.
Contrast this with what the article says:
‘After a SIM card is manufactured, the encryption key, known as a “Ki,” is burned directly onto the chip. A copy of the key is also given to the cellular provider, allowing its network to recognize an individual’s phone. In order for the phone to be able to connect to the wireless carrier’s network, the phone — with the help of the SIM — authenticates itself using the Ki that has been programmed onto the SIM.’
This is actually true! So much for sanity.
OK, so lets see what else we could do…
The machine could have the public encryption key for the operator it’s printing cards for. It can create a session key for each batch, encrypt the Kis with that, before writing the file, and appending the session key encrypted with the operators public key. The file is then copied across the air gap as before.
Given this strategy, Gemalto can quickly say GCHQ didn’t get the keys (from us), because all they need to prove is that the key generating box wasn’t compromised. Of course this solves nothing really: GCHQ could set about compromising the operator instead, where the Ki is needed in plain text. Operators are probably more easily compromised than Gemalto in any case.
You’re referred back to the top for a system that doesn’t have this problem either…