When a cell phone connects to a tower, how does the tower identify the device, ensure that it is actually the device that it claims to be, and secure the communication?
Is it different for CDMA networks and devices?
Is the process different when a device is roaming?
I know it's asking a lot, but a detailed explanation would be great.
It will be different for different types of wireless networks but for GSM, the phone sends an IMSI (unique identifier for the SIM) to the tower which in turns sends it to the MSC (Mobile Switch) and this then sends it to the HLR (Home location register - basically a big database mapping IMSI's to information about the subscriber including their location). The HLR sends the IMSI to the AuC (Authentication Centre) requesting a set of triplets to authenticate the devices. These are sent back to the MSC which uses them to authenticate the IMSI is actually who it says it is. More detail on the authentication is available at: http://www.decodesystems.com/mt/98oct/
As far as I am aware CDMA uses a different but similar system - CAVE: https://en.wikipedia.org/wiki/CAVE-based_authentication
The process is essentially the same, except that the visited network has to communicate back to the HLR in the home network to get the authentication triplets.