|
|
|
|
AT&T USA Phone STU-III
When the STU-III
was developed by the NSA in 1987,
it was decided that various manufactuers
would be allowed to build it and that it would be available with
different crypto-algorithms, so that the device could be used at
various security levels, both inside and outside the government.
The image on the right shows a basic 1100 which was a true
NSA Type 1 encryption device.
It was interoperable with the
STU-III terminals
from other manufacturers and contained hardware-based (ASIC) encryption.
A Crypto Ignition Key (CIK) was inserted at the right front.
|
|
|
All AT&T 1100 STU-III phones have built-in LPC-10E, CELP and MRELP
vocoders, and can send voice and data at 2400, 4800 and 9600 bps
(bits per second) in full or half duplex, depending on the
mode in which they are used. In Type 1 mode,
all 1100 models supported 2400 bps (LPC-10E) and 4800 bps
(CELP
and HDLPC), but not 9600 bps like the
Motorola SECTEL 1500.
As a result, the Motorola 1500
offered a better voice quality.
At the rear
is a 25-way D-type socket with the serial (RS232) port
that gives access to the built-in V.26 and V.32 modems.
The units are AUTOVON compatible and are fully shielded against
unwanted eminations (TEMPEST) [1].
The line of STU-III telephones from AT&T started in the late
1980s with a secure phone that was called the Security Plus or simply the
STU-III
[8].
It came in a Misty Cream case and, because of its large size, most users
referred to it as the big white monster or the boat anchor.
The KSD-64 key (CIK) was entered at the right upper side of the phone.
It was eventually replaced by the more compact 1100-series, that has the
size of a normal desktop telephone with a key at the right.
On 30 September 1996, the AT&T Technologies business unit of
AT&T Corporation (including
Western Electric and Bell Labs) was demerged and continued
as Lucent Technologies
[6].
On 1 October 1997, the products were rebatched again, after
General Dynamics (GD)
took over the Advanced Technologies Systems Unit from Lucent [7].
The 1100 became known as Surity 1100.
The AT&T/Lucent/GD 1100 was the last STU-III phone that
remained in production after the other manufacturers had discontinued
their STU-III products, following the announcement of its
successors, the Secure Teminal Equipment (STE)
and other SCIP compatible products.
All STU-III products have now been phased out, with
the last keys expiring on 31 December 2009.
|
The 1100-series consisted of a number of models, each with its own
features, colour and security level. Globally speaking, the first
digit of the model number determines the cryptographic level, as
identified by the NSA. The 1100-series is therefore
an NSA Type 1 product,
the 2100 is Type 2, etc. Only the 1100 and the
2100 series are real STU-III
terminals. Some examples:
|
- 1100
The 1100 is the basic STU-III with Type 1 encryption.
It was used by the US Government, the Canadian Government and also by NATO,
for conversations at the highest level (TOP SECRET).
It uses a KSD-64 as a Crypto Ignition Key (CIK)
and has built-in hardware-based encryption algorithms.
For use by NATO the SAVILLE algorithm was used.
All Type I phones supported LPC-10E (2400 bps) and CELP (4800 bps).
- 1150
This is the multi-line version of the 1100. It is also a Type 1
encryption product, but it can be connected to more than one line
simultaneously.
- 2100
This is the Type 2
version of AT&T's STU-III terminal. The level of
security is slightly less than that of the 1100 series, but still
enough for many US Government services, such as the FBI and the CIA.
Any Type 2 STU-III terminal can communicate securely with any other
type or brand of Type 2 STU-III (e.g.
Motorola SECTEL 2500),
but also with Type 1 devices, such as the 1100.
Like the 1100, the 2100 uses a KSD-64 as CIK.
All Type II phones supported LPC-10E (2400 bps) and CELP (4800 bps).
- 3000
The 3000-series was the US commercial variant of the above phone.
It uses Public Key Encryption (PKE) algorithms, such as DES,
Tripple DES (3DES) and Advanced Encryption Standard (AES-256).
The 3000-series consists of many different commercial devices,
such as the CSD-3600 and the ill-fated TSD-3600
with its Clipper Chip.
The 3000-series are Type 3 encryption products
and are not compatible with Type 1 and Type 2 devices.
- 4100
This version can been seen as the international variant of the
phone. It does not use a CIK and does not contain hardware-based
encryption. Instead it uses publicly available encryption standards,
based on Public Key Encryption (PKE), such as DES.
The 4100 series is classed as a
Type 4 encryption product
and can freely be exported from the US.
Depending on the customer or country, it was supplied
with a different algorithm. More...
|
The 1100-series was fully compatible with the
STU-III terminals from other manufacturers,
such as the Motorola SECTEL 1500.
It was also (downwards) compatible with the 2100 series (Type 2
encryption). The AT&T range of STU-III telephones
have appeared on the market under different names, inlcuding AT&T,
Lucent and General Dynamics.
These units are all interoperable.
|
Within the STU family, the STU-III introduced the concept of the
Crypto Ignition Key (CIK), which is used for protection of the cryptographic
keys stored inside the phone. This concept is
similar to that of
the STU-II
compatible Spendex 40
that was introduced by Philips in the early 1980s.
|
With the STU-III, the CIK takes the form of a physical plastic key that is
inserted into a slot at the right hand side of the phone and rotated 90°
clockwise.
The image on the right shows the KSD-64
that was used with the STU-III family.
The key, manufactured by Datakey Electronics in the US, contains 64Kb
of storage space, and can be used for a variety of purposes, including
CIK functionality and key transport. In practice, the color of the label
should give a hint to the key's functionality. A white label indicated
that the key was used as CIK (see the image at the top).
|
|
|
When used as CIK, the key contains a random number (generated internally
by the phone when the keys are loaded) that is used for encryption of
the actual cryptographic keys stored inside the phone. This way, a phone
without the CIK, or a lost CIK alone, has no meaning whatsoever and will
not reveal any information about the cryptographic keys. Only when the
CIK is entered into the phone it is paired to, can the original keys
be recovered and can secure mode be enabled.
In the 1100, the KSD-64 is entered into the special keyhole,
called keyceptical by Datakey, at the right front of the phone.
This socket is not present on civil variants of the phone, such as
the 4100.
The KSD-64
is no longer in production and is now replaced by the
PK-64
from the same manufacturer.
Other versions of the key, also from the same
manufacturer, are used with a variety of other crypto devices, such as
the KIV-7; the US replacement for
the KG-84.
➤ More about the KSD-64
|
The 1100-series secure phone is housed in a sturdy pre-shaped
compartimented die-cast aluminium case.
All connections to the outside world are
at the rear (power, line and serial port),
except for the handset which is connected at the left side.
The unit needs an external PSU.
|
The case can easily be opened by removing four long crosshead screws
at the bottom, after which the top half and the bottom half can be
separated.
The interior of the 1100 consists
of three large PCBs: a main (digital) board at the center, a board with
the controls (top) and an interface board which is mounted at the bottom.
The controls board is mounted inside the top
half of the phone, just behind the control panel. It is connected to the
bottom part by means of a double flat cable and a 2-wire cable for the
hook switch. The top part also contains the
display.
|
|
|
The bottom part contains the rest of the
electronics and is covered by a metal shield in order to avoid
the emission of compromising (radio) signals (TEMPEST). After
removing the metal shield the solder side
of the Main Board is revealed. At the top is the connector to the
controls board.
At the center of the Main Board is a so-called
tamper switch that causes the non-volatile
RAM (containing the current cryptographic keys) to be cleared as soon
as the metal shield is removed. This way the keys are protected against
tampering. The Main Board is held in place by a single screw and can
easily be removed.
The component side of
the board is partly covered by a metalized plastic EMC shield.
Below the shield are the
actual digital components of the 1100.
The main board is nicely compartimented,
so that all sections of the circuit are easily identified. Two
TMS320 Digital Signal Processors (DSPs)
from Texas Instruments (TI) are used for the implementation of the
vocoders (e.g. LPC-10).
At the center of the board is the the hardware-based encryption chip,
that contains NSA-developed algorithms.
This chip is omitted (i.e. not mounted) in the civil 4100 models,
which have a weaker software-based encryption algorithm.
Below the Main Board, in the
bottom of the phone, is the
Interface Board that contains all the
electronics for connection to the outside world. Like the Main Board,
it is nicely compartimented, so that its various functions are easily
identified. In the left corner at the rear is the
interface
to the analogue (PSTN) telephone line.
In the right corner at the rear is the
RS-232 interface with its typical
25-way D-type socket. The section at the front contains the actual
telephone electronics, consisting of a V.32 modem chip and
AT&T's own DSP chip.
At the center is a backup battery.
|
ASIC
|
|
Application Specific Integrated Circuit
General term for a custom-built electronic chip.
|
AUTOVON
|
|
Automatic Voice Network
Military phone system that was built in the US in 1963.
Designed to survive nuclear attacks, it allowed non-secure voice calls with precedence (piority override).
(Wikipedia)
|
CELP
|
|
Codebook Excited Linear Prediction
Method for digitizing human speech, also known as a vocoder.
CELP is a US Government standard that can be used at 4800 baud.
|
DSP
|
|
Digital Signal Processor
|
HDLPC
|
|
High-Definition Linear Predictive Coding
This is an improved variant of LPC that produces a better
speech quality at 4800 baud. As the format is General Dynamics
proprietary, it may not be supported by other STU-III manufacturers.
|
LPC
|
|
Linear Predictive Coding
A method for digitizing human speech by analyzing and storing
specific characteristics of it, in such a way that an intelligible
signal can be reconstructed later. LPC-10E was a US Government
standard that was used at 2400 baud on all STU-III terminals.
|
PSU
|
|
Power Supply Unit
|
- Granite Island Group, Secure Communications Systems
Details about AT&T STU-III systems. Retrieved March 2013.
- The Free Library, AT&T introduces new line of secure telephone equipment
PR Newswire Association, 6 May 1992. Retrieved March 2013.
- Network World, AT&T encryption unit is NSA approved
Telecommunications, 4 February 1991, p. 11. Retrieved March 2013.
- AOS Inc., Technical Communications Corporation, CSD 4100 Vice/Data Terminal
4-page brochure. Date unknown. Retrieved March 2013.
- Navy INFOSEC website, Secure Terminal Unit Third Generation
Date unknown. Retrieved March 2013.
- Wikipedia, Lucent
Retrieved March 2013.
- General Dynamics, GD completes acquisition of Lucent Technologies
Advanced Technologies Systems Unit
General Dynamics website. News. Retrieved March 2013.
- Joseph Tag, Various bits of information about AT&T phones and STU-III in general
Personal correspondence via e-mail. April 2013.
- ESTcorp, STU Products Page
Website. Retrieved April 2013.
- General Dynamics, STU-III Voice/Data Terminal SCS Models 1100/1150
Lucent Technologies. User's Manual ON-493106, Revision E, December 1997.
|
|
|
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Wednesday 17 April 2013. Last changed: Monday, 23 January 2023 - 14:19 CET.
|
|
|
|
|