Homepage
Crypto
Index
Glossary
Enigma
Hagelin
Fialka
Nema
Voice
Hand
OTP
EMU
Mixers
Phones
FILL
Codebooks
Algorithms
USA
USSR
UK
Yugoslavia
Ascom
AT&T
Bosch
Datotek
Gretag
HELL
ITT
Motorola
Mils
OMI
Philips
Racal
Siemens
STK
Tadiran
Telsy
Teltron
Transvertex
TST
Spy radio
Burst encoders
Intercept
Covert
Radio
PC
Telex
People
Agencies
Manufacturers
• • • Donate • • •
Kits
Shop
News
Events
Wanted
Contact
About
Links
   Click for homepage
AT&T 4100
Secure Telephone 4100

The 4100 was a secure telephone with digital encryption and decryption developed by AT&T (later: Lucent) around 1992. The design is based on the 1100 STU-III phone, also made by AT&T. Contrary to the 1100 however, the 4100 was less secure and did not use a Crypto Ignition Key (CIK) 1. As it was an NSA Type 4 encryption product, it could be sold without restrictions.

When the STU-III was developed by the NSA in 1987, it was decided that various manufactuers would be allowed to build it and that it would be available with different crypto-algorithms, so that the device could be used at various security levels, both inside and outside the government.

The US National Security Agency (NSA) defined four types of encryption products, called Type 1, 2, 3 and 4. Type 1 and 2 were intended for use by the US Government, Type 3 for restricted users and Type 4 for international customers. Type 4 imposes no UK export restrictions.
  
AT&T/Lucent STU-III phone (model 4100)

The image above shows a typical AT&T 4100 secure telephone unit. As the first digit of the model number reveals: it is a Type 4 product that was intended for international (civil) customers. The unit is housed in the same case as the 1100 STU-III phone, but it does not have a keyceptacle for a KSD-64 Crypto Ignition Key (CIK) 1. Furthermore, it uses software based encryption, based on Public Key Encryption (PKE) techniques, such as DES, rather than hardware-based encryption like the 1100 and the 2100. The hole for the key at the right front is blocked on this model.

AT&T 4100 STU-III phones were supplied with a choice of vocoders, such as LPC-10E, RCELP and MRELP. They can send voice and data at 2400, 4800 and 9600 b/s (bits per second) in full duplex mode. At the rear is a 25-way D-type socket with a serial port that gives access to the built-in V.26 and V.32 modems. The units are sufficiently shielded to prevent unwanted eminations.

  1. There was a version of the 4100, known as the CSD 4100, that did have a CIK and contained hardware-based encryption (see below).

AT&T/Lucent STU-III phone (model 4100) Display AT&T logo, sometimes hidden under a Lucent label Keypad Place for the CIK receptacle on the CSD-4100 (absent on the MDL-4100) Zeroize button. Use a paperclip to press the recessed button. Removing the plastic cover Rear view of the 4100
A
×
A
1 / 8
AT&T/Lucent STU-III phone (model 4100)
A
2 / 8
Display
A
3 / 8
AT&T logo, sometimes hidden under a Lucent label
A
4 / 8
Keypad
A
5 / 8
Place for the CIK receptacle on the CSD-4100 (absent on the MDL-4100)
A
6 / 8
Zeroize button. Use a paperclip to press the recessed button.
A
7 / 8
Removing the plastic cover
A
8 / 8
Rear view of the 4100

Models
The following variants of the 4100 are currently known:

  • MDL-4100
    This is the basic AT&T 4100 secure phone that uses software-based Public Key Encryption (PKE) techniques, based on 512-bit Diffie-Hellman. The key length is 192 bits, with a 64-bit Initialization Vector and a 4-digit anti-spoof code. This device is an NSA Type 4 encryption product and does not use a CIK [1]. It is featured on this page.

  • CSD-4100
    This is an enhanced version of the 4100. Contrary to the MDL-4100 it did use a KSD-64 CIK. It also had build-in hardware-base encryption, using the same chip as the CSD-3600. The unit was therefore compatible with the CSD-3600. Furthermore it could also be used for communication with the AT&T 2100, a Type 2 variant of the phone that was used in Type 3 or Type 4 mode. The CSD-4100 contains AT&T's proprietary DACE encryption algorithm, as well as an AT&T Bell Laboratories algorithm [10]. In addition to the existing vocoders, the CSD-4100 als supported secure voice at 9600 bps, with automatic fall-back to 4800 bps. For key distribution, an (external) Key Management System (KMS) was needed. This was basically a PC with suitable software.

  • DST-4100
    This is yet another enhanced version of the 4100. It was sold in the early 1990s by AT&T Datotek in Dallas (Texas, US) and uses a CIK for added security. It was suitable for clear and secure operation and has a good voice quality due to its CELP vocoder (4800 bps). In addition, the DST-4100 has an LPC-10E vocoder (2400 bps) that can be operated in Full-Duplex and Half-Duplex. Data can be transferred at 2400, 4800 and 9600 baud [11].
Customers
The 4100 was an NSA Type 4 encryption product, which means that it was suitable for customers and covernments outside the US, without the usual export restrictions for CCI devices (Controlled Cryptographic Items). In addition, the CSD-4100 offered extra key management features, such as the use of a CIK and the (optional) Electronic Key Managment System (EKMS) KCS-4000.

The ATS Division of AT&T in Greensboro (North Carolina, US) and its strategic partner Datotek in Dallas (Texas, US) sold CSD-4100 phones and EMKSs to countries such as Argentina and Mexico. Similar setups were also sold to big multinational corporations, both domestic and abroad.


Crypto Ignition Key
Like the high-level security devices, such as the 1100 series, the CSD-4100 offered added security by offering key management facilities. Unlike the MDL-4100, the CSD-4100 had a socket (keyceptacle) at the right front of the device, that accepts a standard KSD-64 Key Storage Device.

When using the CSD-4100, a new key would be negotiated each communication session, using Diffie-Hellman based Public Key Encryption (PKE). In addition, the KSD-64 adds message authentication and certification, in order to guarantee that the addressed person at the other end is indeed the intended recipient.

For optimum security, serial numbers were assigned to each CSD-4100 and to each key bank. Only users who had the matching serial numbers programmed into their CIK, were allowed to operate the unit in secure mode [10].

 More about the KSD-64

  
Crypto Ignition Key (CIK)

Interior
The 4100-series secure phone is housed in a sturdy pre-shaped compartimented die-cast aluminium case. All connections to the outside world are at the rear (power, line and serial port), except for the handset which is connected at the left side. The unit needs an external PSU.

The case can easily be opened by removing four long crosshead screws at the bottom, after which the top half and the bottom half can be separated. The interior of the 4100 consists of three large PCBs: a main (digital) board at the center, a board with the controls (top) and an interface board which is mounted at the bottom.

The controls board is mounted inside the top half of the phone, just behind the control panel. It is connected to the bottom part by means of a double flat cable and a 2-wire cable for the hook switch. The top part also contains the display.
  
Close-up of some special components (DSP, V.32 interface and a large EPROM)

The bottom part contains the rest of the electronics and is covered by a metal shield in order to avoid the emission of compromising (radio) signals (TEMPEST). After removing the metal shield the solder side of the Main Board is revealed. At the top is the connector to the controls board.

At the center of the Main Board is a so-called tamper switch that causes the non-volatile RAM (containing the current cryptographic keys) to be cleared as soon as the metal shield is removed. This way the keys are protected against tampering. The Main Board is held in place by a single screw and can easily be removed. The component side of the board is partly covered by a metalized plastic EMC shield. Below the shield are the actual digital components of the 4100.

The main board is nicely compartimented, so that all sections of the circuit are easily identified. Two TMS320 Digital Signal Processors (DSPs) from Texas Instruments (TI) are used for the implementation of the vocoders (e.g. LPC-10). At the center of the board is the area for the hardware-based encryption chip, that contains an NSA-developed algorithm. This chip is omitted (i.e. not mounted) in the MDL-4100, which has a weaker software-based encryption algorithm.

Below the Main Board, in the bottom of the phone, is the Interface Board that contains all the electronics for connection to the outside world. Like the Main Board, it is nicely compartimented, so that its various functions are easily identified. In the left corner at the rear is the interface to the analogue (PSTN) telephone line. In the right corner at the rear is the RS-232 interface with its typical 25-way D-type socket. The section at the front contains the actual telephone electronics, consisting of a V.32 modem chip and AT&T's own DSP chip. At the center is a backup battery.

Opening the case Top and bottom part separated Bottom part Top part with controls board Close-up of the display (rear) Internal speaker Main board (solder side) Tamper switch
Main board removed, revealing the interface board Main board with protective (EMC) shield Protective shield removed from Main Board Main Board, component side Main board, component side (top view) Close-up of some special components (DSP, V.32 interface and a large EPROM) Another TMS320 DSP Area for the hardware-base encryption chip (ASIC). Not assembled in the MDL-4100.
Bottom part of the case containing the Interface Board Interface board Telephone line interface RS-232 interface Lithium back-up battery, used for retaining the keys when the phone is switched off. Modem chip (left) and DSP (bottom) Compartimented die-cast aluminum bottom case shell Close-up of the rear section of the bottom shell of the case
B
×
B
1 / 24
Opening the case
B
2 / 24
Top and bottom part separated
B
3 / 24
Bottom part
B
4 / 24
Top part with controls board
B
5 / 24
Close-up of the display (rear)
B
6 / 24
Internal speaker
B
7 / 24
Main board (solder side)
B
8 / 24
Tamper switch
B
9 / 24
Main board removed, revealing the interface board
B
10 / 24
Main board with protective (EMC) shield
B
11 / 24
Protective shield removed from Main Board
B
12 / 24
Main Board, component side
B
13 / 24
Main board, component side (top view)
B
14 / 24
Close-up of some special components (DSP, V.32 interface and a large EPROM)
B
15 / 24
Another TMS320 DSP
B
16 / 24
Area for the hardware-base encryption chip (ASIC). Not assembled in the MDL-4100.
B
17 / 24
Bottom part of the case containing the Interface Board
B
18 / 24
Interface board
B
19 / 24
Telephone line interface
B
20 / 24
RS-232 interface
B
21 / 24
Lithium back-up battery, used for retaining the keys when the phone is switched off.
B
22 / 24
Modem chip (left) and DSP (bottom)
B
23 / 24
Compartimented die-cast aluminum bottom case shell
B
24 / 24
Close-up of the rear section of the bottom shell of the case

Competition
References
  1. Granite Island Group, Secure Communications Systems
    Details about AT&T 4100 systems. Retrieved March 2013.

  2. The Free Library, AT&T introduces new line of secure telephone equipment
    PR Newswire Association, 6 May 1992. Retrieved March 2013.

  3. Network World, AT&T encryption unit is NSA approved
    Telecommunications, 4 February 1991, p. 11. Retrieved March 2013.

  4. AOS Inc., Technical Communications Corporation, CSD 4100 Vice/Data Terminal
    4-page brochure. Date unknown. Retrieved March 2013.

  5. Navy INFOSEC website, Secure Terminal Unit Third Generation
    Date unknown. Retrieved March 2013.

  6. Wikipedia, Lucent
    Retrieved March 2013.

  7. General Dynamics, GD completes acquisition of Lucent Technologies
    Advanced Technologies Systems Unit

    General Dynamics website. News. Retrieved March 2013.

  8. Joseph Tag, Various bits of information about AT&T phones and STU-III in general
    Personal correspondence via e-mail. April 2013.

  9. ESTcorp, STU Products Page
    Website. Retrieved April 2013.

  10. Granite Island Group, CSD-4100 brochure
    3-page brochure. Date unknown. Retrieved April 2013.

  11. Datotek, Secure Voice/Data Terminal Model DST-4100
    Leaflet. Date unknown. Retrieved April 2013.
Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
Crypto Museum. Last changed: Wednesday, 05 July 2017 - 20:44 CET.
Click for homepage