|
|
|
|
Voice Phone Philips Spendex 50 (DBT) → ← Spendex 30
Narrowband secure voice terminal
Spendex 40 is a narrowband secure voice terminal,
developed in the mid-1980s by Philips Usfa,
for use by the Dutch Government and by NATO.
It enables secure transmission of voice, fax and computer signals
over standard POTS 1 telephone lines,
using the secret GCHQ/NSA-developed
SAVILLE crypto-algorithm.
Also known as Spendex 40 M, NBSV-45 (non-NATO) and UA-8251.
|
At the rear panel are receptacles
for mains power and POTS telephone line
(DE9/S). Also present at the rear is a
DB25/P receptacle
for connection of an
external modem that can be used instead of the internal one.
A backup battery, accessible via a panel at the rear, is used to
retain the cryptographic keys in CMOS memory.
The most prominent users of this telephone set were NATO,
the Dutch Armed Forces and the Dutch PTT 2 (now: KPN).
It was gradually phased out in the 2000s, after which its approval
in the Netherlands was officially withdrawn by the
NBV in 2009 [1].
|
-
POTS (Plain Old Telephone System) refers to the
Public Switched Telehone Network (PSTN) over fixed analogue lines.
➤ More
-
At the time, the PTT was the Dutch state-owned telecom operator.
In 1989, the company was privatized and renamed KPN
(Koninklijke PTT Nederland).
➤ More
➤ Wikipedia
|
The diagram below gives an overview of the controls and connections of the
Spendex 40. The enclosure consists of three parts: a die-cast aluminium
centre part that contains the electronics, a die-cast rear panel that gives
access to the line interface, and a sloped die-cast aluminium front panel that
holds the controls and the sockets for peripheral equipment, such as handset,
personal computer (or fax), Crypto Ignition Key (CIK) and a FILL device.
The ZERIOZE button is hidden under a circular pivoting lid.
On top of the device is a black cradle for the handset.
|
Spendex 40 was available in two different models that can be identified by an
extension to the model number in the form /XX. The extension number
identifies the type of (internal) modem that is present in the phone's rear
compartment. Note that
the (soft) settings of the device have to be configured accordingly.
|
UA-8251/00 all modes except 2-wire full-duplex UA-8251/01 2-wire full-duplex only
|
Spendex 40 can work in the following modes of operation:
|
- Nonsecure speech (clear)
- Secure speech
- Secure data
|
Spendex 40 is connected permanently to the mains
and to a standard 2-wire analogue PSTN telephone line.
Optionally it could be made to work with 4-wire lines as well.
Basic operation of the unit is rather straightforward and is
comparable to using a standard telephone set.
|
Lifting the handset activates the unit and connects it to the line or PABX.
Telephone numbers are entered on the black keypad, located at the bottom right.
When dialling a number, it is displayed on the red 8-digit numerical LED
display, just above the keypad.
When the connection with the required party has been established,
the conversation is started en clair (clear speech).
When it is agreed to switch to encrypted mode (go secure)
one of the parties presses the SECURE button.
After an initial delay of approx. 10 seconds the connection is secure.
|
|
|
The SECURE button is located to the left of the keypad. It can be used
to toggle between SECURE and PLAIN.
The 10 second delay when going secure is typical for encryption systems
using an LPC-10 vocoder. Please note that in order to setup a secure
connection, a Crypto Ignition Key (CIK)
should be present and valid keys should be loaded
into the Spendex 40 and the CIK first.
A typical side effect of narrow-band LPC-10 encoding is that speech is
carried accross relatively clear, but that it is impossible to recognise
the person at the other end. This is the result of the fact that speech
is first analysed, sent to the other end (in encrypted form) at a speed of
2400 baud, and then reconstructed or synthesized,
resulting in a rather artificial or synthetic sound.
Spendex 40 is a full-duplex system, that can also be used in half-duplex
mode. This was used for example when the quality of the line was too poor, or
when the signal path was (partly) over radio links.
In half-duplex mode the Push-To-Talk switch (Ptt)
on the handset would be used.
This mode was also used when communicating with an American
STU-II phone at the other end.
|
Depending on he situation and security requirements, Spendex 40 supports
the following key management procedures:
|
- Key distribution center · KDC
In this situation, a validated Spendex 40 automatically dials the
(secret) telephone number of an external Key Distribution Center (KDC),
which assigns it a temporary key. In this situation, the contact between
all parties runs via the KDC, which in most cases was an NSA facility.
It allowed the NSA to monitor, log and control all calls and keys.
The main advantage of this method is that it provides full authentication.
- Net KEY
In this situation, a common key is issued to multiple parties,
allowing group conversations. A terminal can not communicate with
a party outside the group.
- Individual KEY
In this case, a single KEY is issued to multiple parties, allowing
each of them to communicate with each other. In practice, this option
was used most of the time, as it avoids the use of a KDC. The drawback
of this method is that there is no authentication.
|
The SAVILLE crypto-algorithm uses a 128 bits key.
For enhanced security this key is split in two parts that are stored
separetely. Each part is also 128 bits long and must be XOR-ed with the
other one in order to obtain the actual key. One half is stored in
battery-backed RAM inside the Spendex 40, whilst the other half is stored
in an EEPROM inside the Crypto Ignition Key (CIK).
|
Splitting the key makes it easier to render the machine
useless when security is compromised. Whenever a user temporarily leaves
the Spendex 40 unattended, he can leave the key loaded as long
as he takes the removable CIK with him.
Without the CIK, the key inside the Spendex 40 has no value.
Likewise, a loaded CIK can not be used on another Spendex 40 device.
Trying the CIK on another Spendex 40 causes the message ILL. CIK
(illegal CIK) to be displayed.
The image on the right shows a typical CIK being connected to the CIK
socket on the Spendex 40 front panel.
|
|
|
Secure operation is only possible with
a valid (loaded) CIK present on the
socket marked 'CIK'.
When security is compromised, the user presses the
ZEROIZE button
that is behind a metal flap at the front panel.
Pressing the button destroys all keys that are present in the
internal RAM of the Spendex 40. It also clears the CIK (when connected).
The display will then show
the message ZEROISED (British spelling).
If the CIK was not present when the ZEROIZE button was pressed,
the internal RAM is still cleared, rendering the CIK useless.
The same CIK was used with Spendex 50.
Although the CIK is marked with the word
CONFIDENTIAL on its serial number plate,
un unloaded CIK is an unclassified device.
Whenever a valid key is loaded to both the Spendex 40 and the CIK,
the CIK is classified to the level of the loaded key.
Deleting the key makes it unclassified again.
The CIK only contains a memory chip (EEPROM) that can hold a randomly-generated
number that is part of the key.
There is no additional intelligence or other protective or secret circuitry
inside.
|
Key material for the Spendex-40 was produced by an external
key management system. This was usually a piece of proprietary software
running on a dedicated PC.
The keys were then distributed by means of a
key filler or
key transfer device such as
the military KYK-13 fill gun.
In the case of NATO, a government agency acting as a Key Distribution Center
(KDC) could also be used for this.
|
Keys are normally loaded into the Spendex 40 by means of a
fill gun.
As soon as it is connected to the FILL socket on the front panel,
the display shows
the message COMSEC ?.
The user then selects the desired key compartment,
sets the selector to WRITE and
presses the ACTIVATE button, in order
to initiate a key transfer.
As the American KYK-13
key loader was in short supply, Philips
developed equivalent devices like the
UP-2001 shown on the right.
It had 40 key compartments which was a great improvement
over the KYK-13, which had just six of them.
|
|
|
A larger number of key compartments in a fill device
allows keys for different devices
or for more days in advance to be carried.
As soon as the keys were loaded, the key loader was removed and both
the Spendex 40 and the CIK had become a
Classified Cryptographic Item (CCI) 1 .
Note that the original key was not stored inside the Spendex 40.
It was reconstructed when needed by adding the internally stored key
to the one stored in the CIK (by means of an XOR operation).
|
-
CCI is sometimes defined as Controlled COMSEC Item, which has the same
meaning.
|
Apart from voice communication, the Spendex 40 was also capable of
encrypting and decrypting digital (computer) data through the internal
modem, or an externally connected modem at speeds up to 4800 baud.
For this, the DB25/F connector at the left side
of the front panel is available.
|
The data port has a serial (RS-232) interface that can be used for the
connection of a personal computer or a similar data device such as a fax.
The image on the right shows a standard Canon fax unit of the
early 1980s connected to the DB25 socket on the left side of the
Spendex-40. The image was taken from a stock photo [7]
that appeared in a 6-page brochure at the time [10].
As an alternative, the NSA-approved fax unit Cryptek TS-40
could also be used [2].
It was a plain paper laser fax that complied with NSA TEMPEST
Level I standards. Neither of the fax units discussed here are
available anymore.
|
|
|
A facsimile machine (fax) was a popular means of sending hand-written
documents and images over telephone lines during the 1980s and 90s.
Since the internet-revolution, it has gradually been replaced by e-mail.
As the Spendex 40 allowed secure transmission of fax-documents, it was
also used for the distribution of cryptographic keys, simply by printing
them onto an A4-sheet as barcodes. The keys were then transferred to
a key loader by means
of a barcode reader.
|
The keys, stored in the memory (CMOS RAM) of the Spendex 40, are
retained by a backup battery. For this purpose,
a long-life 3.6V Lithium cell is used.
It has the shape of a common AA-size
battery and is accessible from the rear of the device, by removing
a small panel at the right.
|
The battery compartment can be opened by removing 4 hex-bolts,
as shown in the image on the right.
The battery itself can be removed by
pulling its white cloth jacket
(images below).
Suitable replacement batteries are available
from a variety of sources, such as Tadiran (TL-5104) and Conrad
Elektronik in Germany. The latter offers batteries from manufacturer EVE
(Energy Very Endure) for about EUR 4.99
(order number 650773-89) and Emmerich (651244-89).
Note that standard 1.5V penlight batteries can not be used as
they do not deliver the required voltage.
|
|
|
When the battery is fully exhausted, or when it has been removed from the
device for more than a few seconds, the internal settings of the phone
will be lost. This might render the phone useless, especially when
the internal modem is used (which is nearly always the case), as it
defaults to using an external modem.
Should that happen, the initial setup procedure must be carried out.
|
Spendex 40 was one of the first secure voice terminals that used an LPC-10 vocoder
for speech digitization [6].
LPC or Linear Predictive Coding was a high-quality vocoder,
developed by the US Department of Defense for use by NATO. It is also known
as FS-1015 and as STANAG-4198.
Although LPC-10 encoding became rather common in later years, its implementation
was by no means easy at the time Spendex 40 was developed.
The LPC-10 unit inside the Spendex 40, was developed in collaboration with Philips
Research (NatLab) in Eindhoven (Netherlands). It needed five
NEC DSPs 1 of the first generation. Reliability and speech quality was
reported to be better than on comparable systems
like the much larger
American STU-II, which was also used by NATO.
|
As far as we know, Spendex 40 was the first non-US/UK device to
be licenced to implement the highly secure GCHQ/NSA-developed
SAVILLE cryptographic algorithm [3].
As SAVILLE is an extremely complex algorithm, it was considered
too difficult for implementation in software [8].
Philips therefore developed its own crypto-chip called the
OQ4430.
It is shown in the image on the right. The same chip was also used
in the military Spendex 50 secure voice terminal.
Three of these crypto-chips are used in each Spendex device: 1 for
reception and 2 for transmission. 2
|
|
|
Spendex 40 was arguably the most secure voice and data terminal at the time.
It was approved for use by the US Government at the highest possible level
(NSA Type 1) and was also used by NATO and
by the German government.
It was one of the smallest Type 1 devices
at the time.
Rumour has it that NSA officials were 'shocked' when they saw the first
Spendex 40 prototype in action. It was so much smaller than the American
STU-II and yet its speech
quality was so much better [5].
Motorola later developed the
STU-II/B, that
was intended as a replacement for all STU-II compatible
devices, including the Spendex 40. It was much smaller and had improved
speech quality (using Motorola's own DSP technology)
but came nearly 10 years after the Spendex 40.
It is also rumoured that Spendex 40 played an important role
before, during and after the fall of the
Berlin Wall in 1989, when
West-German Authorities used it for secure voice communication [5].
It was assumed that foreign secret services were unable to break the
SAVILLE encryption.
|
|
-
Two NEC DSPs were used for the speech analyzer, whilst three were
needed for the speech synthesizer.
-
Two crypto units are used for transmission in order to provide a fail-safe
system. The output of the two units is constantly monitored and compared,
raising an alarm when they are no longer identical.
|
The Spendex 40 is an extremely robust device that was clearly intended for
military use. The unit is hermetically sealed with a large number of hex
bolts in order to prevent unwanted emission of RF signals (TEMPEST). The interior
can be access from the rear (PSU) and from the top (crypto).
|
The die-cast aluminium case consist of several compartments that are
interconnected by means of filtered lines.
There are compartments at the rear, the front the side and at the top.
The front panel contains the user controls and connections
and is bolted to the front of the main enclosure.
The compartments at the rear can
be accessed by removing 14 hex bolts from the rear panel,
as shown in the image on the right.
At the left is the power supply (PSU) with the transformer just visible.
The (telephone) line interface is at the right, with
the filters mounted to the rear panel.
|
|
|
The filters are necessary to prevent unwanted leakage of information.
For the same reason, a metal gasket is present in between the main case
and the rear panel. The block at the bottom right contains the
backup battery (see below). The most interesting compartment is at the top.
|
It can be accessed by
removing the handset assembly and the
(sealed) top lid.
The image on the right shows the contents of the crypto compartment
as seen from the top.
There are 7 PCBs that are slotted into a backplane at the bottom.
A microswitch on card number 3
acts as tamper-detection.
When the top panel is lifted, all cryptographic
keys are destroyed instantly.
The two flying wires at the left are normally connected to a reed-switch
that is mounted to the top panel. It acts as the off-hook switch and is
activated by a magnet in the handset cradle.
|
|
|
The boards are listed below.
Six of the seven PCBs are mounted together in pairs. Although each PCB has
is own connection to the backplane, they should always be removed together.
The first two PCBs at the front are 'locked' in between metal panels in order
to provide sufficient cooling for the special chips that are used for speech
analysis and synthesis. Parts of these two boards were developed in
close collaboration between Philips Usfa and Philips' NatLab (Philips Research).
|
Board number 4 — key generator —
is the actual crypto logic, or crypto heart.
It contains three OQ4430 crypto processors that were developed
by Philips especially for this purpose.
They are used for the implementation of the
SAVILLE algorithm.
The same chips are used in the
Spendex 50.
As it is a full-duplex system, three chips are necessary,
one of which was used for reception. The other two were used for
transmission, raising an alarm if their outputs were not identical.
|
Boards (1) and (2) are technically the most advanced for the era.
For development of the speech analyzer
and the speech synthesizer,
a number of first-generation DSPs have been used. Spendex 40 was
one of the very first devices to use the
NEC µPD77P20D DSP.
The speech analyzer
contains two such DSPs,
whilst the speech synthesizer
uses three of them, plus a OQ4422 custom chip.
The two circuit boards are sandwiched together and are clamped in between
a series of copper springs that keep them in place and provide cooling.
|
|
|
Apart from providing cooling and clamping, the springs probably provide
some extra shielding (ground) for the DSPs as well.
The speech synthesis board
also contains an Intel 8085 processor with firmware in a 32K EPROM.
The function of the OQ4422 custom chip is currently unknown.
|
Vref (5V) [→ Switched ground [← Request [⇆ Data [⇆ Clock [⇆
|
|
|
Crypto Ignition Key (CIK)
|
|
|
At the front panel is an U79/U receptacle
for connection of the CIK.
Below is the pinout when looking into the receptacle.
Pin D (CIK connected) has an internal pull-up to (+5V). It is shorted by the CIK
to pin F (ground), to indicate to the terminal that the CIK has been connected.
|
- unused
Clock [→ - unused
CIK Connected [← Store [→ - Ground
Data in [→ Data out [← Write [→ SWV [→
|
|
At the left side of the front panel is a threaded
5-pin 240° DIN socket
for connection of the handset.
Note that the shield of the cable is connected to the shield of the
connector. This wire is not shown in the table below.
The pinout when looking into this socket is as follows:
|
TEL1 [→ Speaker TEL2 [→ Speaker Ptt [← Connected to shield MIC1 [← Microphone MIC2 [← Microphone
|
|
The Spendex 40 has a DB25/S receptacle
for peripheral equipment, such as
a fax machine or a personal computer, located at the left side of the front
panel, just below the handset socket.
The effective data rate is 1200 baud (/00) or 600 baud (/01).
The pinout is as follows:
|
GND Protective ground (shield) TXD [← Transmit Data RXD [→ Receive Data RTS [← Request To Send CTS [→ Clear To Send DSR [→ Data Set Ready GND Signal ground DCD [← Data Carrier Detect GND Protective ground (shield) TXC [→ Transmit Clock RXC [→ Receive Clock DSR [← Data Set Ready
|
|
The Spendex 40 has an internal MODEM for connection to the subscriber line,
but by default, the device is configured for use with an external modem,
such as a HF radio modem, which should be connected to the
DB25/P receptacle
at the rear panel. The pinout of this connector is specified below.
If the internal modem must be used, the device should be configured
accordingly.
|
GND Protective ground (shield) TXD [→ Transmit Data RXD [← Receive Data RTS [→ Request To Send CTS [← Clear To Send DSR [← Data Set Ready GND Signal ground DCD [← Data Carrier Detect GND Protective ground (shield) TXC [← Transmit Clock RXC [← Receive Clock LLB [→ Local Loop-Back DSR [→ Data Set Ready GND Protective ground (shield)
|
|
At the rear panel is a 9-pin DE9/S receptacle
for connection of the POTS
subscriber line. With the UA-8251/01 version of the Spendex 40 only pin 1 and
2 are used, as this variant is suitable for a 2-wire subscriber line only.
In The Netherlands, these wires are known as the A and B lines.
With the 4-wire line version (UA-8251/00), pins 1 to 4 are used.
|
Line in/out 1 A Line in/out 2 B - Line out 1
- Line out 2
- GND
|
|
Device Secure narrowband voice and data terminal Purpose STU-II compatible voice and fax communication Model Spendex 40 Designator UA-8251/00, UA-8251/01 Year 1987 Manufacturer Philips Usfa BV Country Netherlands Users NATO, PTT, Netherlands Government, German Government CODEC LPC-10 (STANAG 4198) Encryption NSA Type 1, SAVILLE CIK UA-8247 Class. Mod. FILL DS-102, U229 Line Analogue (POTS) Response 80-3400 Hz Dialling Pulse, Tone (DTMF) Precedence Priority, Immediate, Flash, Flash Override Modem V22bis, V26, V26bis (see below) Speed 2400 baud Data 1200 baud (/00), 600 baud (/01) Interface CCITT V24/V28, EIA RS232C Backup 3.6V Lithium battery: Philips UA6303/03, Tadiran TL-5104 Power Mains 110, 220V AC ± 15%, 47-63 Hz Consumption ≤ 45W Fuses 250V/500mA, 110V/1A Backup 3.5 — 4.5V (typically 3.9V) Temperature -10°C to +50°C, ≤ 95% humidity Storage -40°C to +70°C, ≤ 90% humidity EMC TEMPEST AMSG-720B, MIL-STD-461B Vibration A2, shock A4 Dimensions 385 × 270 × 160 (230) mm Weight 12 kg
|
UA-8251/00 V26/V26bis 2 or 4-wire HD/FD STU-II interoperable UA-8251/01 V22bis 2-wire HD Not STU-II interoperable
|
Spendex 40 Philips model name UA-8251 Philips designator NBSV-45 Non-NATO version [3] Spendex-40M ?
|
- Nationaal Bureau voor Verbindingsbeveiliging (NBV, part of the AIVD),
List of approved crypto products (Dutch)
NLNCSA. Retrieved March 2009.
- NSA, Cryptek TS-40 secure facsimile unit
Fax unit approved for use with Spendex 40.
- Jane's Military Communications 1986
ISBN: 0-7106-0824-1
- Philips Usfa BV, NBSV 45, Provisional Data Sheet
Simple black & white leaflet about the NBSV-45 (Spendex 40 M).
9922 154 12401. Date unknown.
- Anonymous, Using the Spendex 40
Interview at Crypto Museum. Eindhoven, June 2011.
- Wikipedia, LPC-10 Vocoder
FS-1015 standard. Retrieved July 2011.
- Philips Usfa/Crypto, Spendex 40 stock photographs
Crypto Museum Photo Archive. CM300631.
- Crypto Museum, The SAVILLE Algorithm
Interview with former cryptographer at Crypto Museum, December 2011.
- NEC Electronics Inc., µPD77C20, 7720A, 77P20 Digital Signal Processors
First commercial DSP chip used in Spendex 40.
1980. Retrieved March 2012.
- Philips Usfa BV, Narrow Band Secure Voice Equipment Spendex 40
Spendex 40 Brochure (copy) 9922 154 12443. 1987.
|
|
|
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Saturday 06 February 2010. Last changed: Sunday, 12 May 2024 - 08:41 CET.
|
|
|
|
|