Unlimited business calling to anyone in 50 US states, Canada and VoIP Communications with Packet8 subscribers world wide Auto attendant, conference bridge, business class voicemail, music on hold, 3-way conferencing, advanced call forwarding 3 digit extensions dialing and local DID for each user regardless of geographic location

No on-site equipment or configuration of extensions or trunks. Virtual Office $39.95 Business Service Plans

Business 2000 Service Plans provide you following features: 2000 business calling minutes to anyone in 50 US states and Canada, and unlimited minutes to Packet8 subscribers world wide

Business phone features including voicemail, caller ID, call waiting and many more.

Unbeatable international rates Business 2000 $34.95 Residential Videophone Service Plans

Unlimited Videophone Service Plans - See what you've been missing.

Easy to install

Full motion, real time video at up to 30 fps Supports speeds up to 640 kbps and works on home dsl and cable services Freedom Unlimited Videophone $29.95 $200 Mail-in Rebate when you purchase one Packet8 VideoPhone! $49999 (8x8 VIDEOPHONE) -$20000 Mail-in Rebate thru 9/30/04 $29999 Video Service Plan Must Be Activated Before 10/30/04 $500 Mail-in Rebate when you purchase two Packet8 VideoPhones! $99999 (8x8 VIDEOPHONE) -$50000 Mail-in Rebate thru 9/30/04 $49999 Video Service Plan Must Be Activated Before 10/30/04

Order Now! http://www.voippacket8.net or call 1800-904-VoIP (8647) We will ship over nite!

Security breaches

Time to time, people have tried to decode GSM algorithms. For instance, according to Issac press release (1998) in April 1998, SDA (Smartcard Developer Association) along with two U.C Berkeley researchers alleged that they have cracked COMP128 algorithm, which is stored on SIM. They claimed that within several hours they were able to deduce Ki by sending immense numbers of challenges to authorization module. They also said that out of 64 bits, Kc uses only 54 bits with zeros padding out other 10, which makes cipher key purposefully weaker. They felt government interference might be reason behind this, as this would allow them to monitor conversations. However, they were unable to confirm their assertion since it is illegal to use equipment to carry out such an attack in US. In reply to this assertion, GSM alliance stated that since GSM network allows only one call from any phone number at any one time it is of no relevant use even if a SIM could be cloned. GSM has ability to detect and shut down duplicate SIM codes found on multiple phones (Business press release, 1998).

According to Srinivas (2001), one of other claims was made by ISAAC security research group. They asserted that a fake base station could be built for around $10,000, which would allow a “man-in-the-middle” attack. As a result of this, real base station can get deluged which would compel a mobile station to connect to fake station. Consequently, base station could eavesdrop on conversation by informing phone to use A5/0, which is without encryption.

One of other possible scenarios is of insider attack. In GSM system, communication is encrypted only between Mobile station and Base Transceiver station but within provider’s network, all signals are transmitted in plain text, which could give a chance for a hacker to step inside (Li, Chen & Ma).

Measures taken to tackle these flaws According to Quirke (2004), since emergence of these, attacks, GSM have been revising its standard to add newer technologies to patch up possible security holes, e.g. GSM1800, HSCSD, GPRS and EDGE. In last year, two significant patches have been implemented. Firstly, patches for COMP 128-2 and COMP128-3 hash function have been developed to address security hole with COMP 128 function. COMP128-3 fixes issue where remaining 10 bits of Session Key (Kc) were replaced by zeroes. Secondly, it has been decided that a new A5/3 algorithm, which is created as part of 3rd Generation Partnership Project (3GPP) will replace old and weak A5/2. But this replacement would result in releasing new versions of software and hardware in order to implement this new algorithm and it requires co-operation of hardware and software manufacturers. GSM is coming out of their “security by obscurity” ideology, which is actually a flaw by making their 3GPP algorithms available to security researchers and scientists (Srinivas, 2001).

Conclusion To provide security for mobile phone traffic is one goals described in GSM 02.09 specification, GSM has failed in achieving it in past (Quirke, 2004). Until a certain point GSM did provide strong subscriber authentication and over-the-air transmission encryption but different parts of an operator’s network became vulnerable to attacks (Li, Chen, Ma). The reason behind this was secrecy of designing algorithms and use of weakened algorithms like A5/2 and COMP 128. One of other vulnerability is that of inside attack. In order to achieve its stated goals, GSM is revising its standards and it is bringing in new technologies so as to counteract these security holes. While no human-made technology is perfect, GSM is most secure, globally accepted, wireless, public standard to date and it can be made more secure by taking appropriate security measures in certain areas. Bibliography

Business Wire Press release (1998). GSM Alliance Clarifies False & Misleading Reports of Digital Phone Cloning. Retrieved October 26th, 2004 Web site: http://jya.com/gsm042098.txt

Brookson (1994). Gsmdoc Retrieved October 24th, 2004 from gsm Web site: http://www.brookson.com/gsm/gsmdoc.pdf

Chengyuan Peng (2000). GSM and GPRS security. Retrieved October 24th, 2004 from Telecommunications Software and Multimedia Laboratory Helsinki University of Technology Web site: http://www.tml.hut.fi/Opinnot/Tik-110.501/2000/papers/peng.pdf Epoker Retrieved October 27th, 2004 from Department of Mathematics Boise State University, Mathematics 124,Fall 2004 Web site:http://math.boisestate.edu/~marion/teaching/m124f04/epoker.htm Huynh & Nguyen (2003). Overview of GSM and GSM security. Retrieved October 25th, 2004 from Oregon State university, project Web site: http://islab.oregonstate.edu/koc/ece478/project/2003RP/huynh_nguyen_gsm.doc

Li, Chen & Ma (n.d). Security in gsm. Retrieved October 24th, 2004 from gsm-security Web site: http://www.gsm-security.net/papers/securityingsm.pdf

Quirke (2004). Security in GSM system. Retrieved October 25th, 2004 from Security Website:http://www.ausmobile.com/downloads/technical/Security in GSM system 01052004.pdf

Margrave (n.d). GSM system and Encryption. Retrieved October 25th, 2004 from gsm-secur Web site: http://www.hackcanada.com/blackcrawl/cell/gsm/gsm-secur/gsm-secur.html Press release (1998). Smartcard Developer Association Clones Digital GSM 1998). Retrieved October 26th, 2004 from is sac Web site: http://www.isaac.cs.berkeley.edu/isaac/gsm.html

Srinivas (2001). The GSM Standard (An overview of its security) Retrieved October 25th, 2004 from papers Web site:http://www.sans.org/rr/papers/index.php?id=317

Stallings (2003). Cryptography and Network Security: Principles and practices. USA: Prentice Hall.