Click for homepage
Phone
USA
NSA
SCIP
  
vIPer →
← STU-III
  
STE
Secure Terminal Equipment

STE, short for Secure Telephone Equipment, is a secure telephone set that provides voice and data protection via standard (commercial) ISDN and PSTN telephone lines. It was developed in the early 1990s by the US National Security Agency (NSA) as the successor to the STU-III crypto tele­phone. The units were built under government contract from 1994 onwards, exclusively by L-3 Communications in Camden (New Jersey). STE units were still available from L3 in 2011 [1].

The image on the right shows a typical STE Tactical unit manufactured by L3 in 2008. The unit is dark-grey and is slightly higher than the Motorola STU-III. In 2006, the price of an STE was between US$ 3000 and US$ 4000 (excluding the Crypto Card), depending on the model [2].

At the front of the unit is a PCMCIA-slot that allows a Fortezza Crypto Card (KOV-14) or a KSV-21 Enhanced Crypto Card to be inserted. Only when such an NSA-configured crypto card is present, can secure calls be placed to other STE phones (and in the past to STU-III phones).
  

Unlike the STU-III, the STE is neither a classified nor a restricted item, as the cryptographic algorithms are held inside the Fortezza crypto card. Without this card, the STE can be used to place standard (unsecured) calls on a PSTN or ISDN network, just like an ordinary telephone [3].

On 31 December 2009, STU-III — the predecessor of the STE — was officially phased out. After that date, STU-III — and hence the STU-III compatible mode of the STE — was no longer to be used [4]. In the meantime, all STE units had been upgraded to firmware version 2, by swapping two PCBs inside the device [5]. This makes the upgraded STE compatible with the newer Secure Communications Interoperability Protocol (SCIP) and incompatible with older STU-III.

During the course of 2013, the American Government started replacing the STE by the Sectéra® vIPer™ Universal Secure Phone, which has built-in security and does not need an external crypto card or Crypto Ignition Key (CIK). vIPer is approved for Top Secret/SCI traffic and is interoperable with the STE and other secure phones used by the Government and the Department of Defence.

STE-tactical with Fortezza crypto card
STE with Fortezza crypto card
Rear view
Rear view
Inserting Fortezza crypto card into STE
Fortezza crypto card installed in STE
A
×
A
1 / 6
STE-tactical with Fortezza crypto card
A
2 / 6
STE with Fortezza crypto card
A
3 / 6
Rear view
A
4 / 6
Rear view
A
5 / 6
Inserting Fortezza crypto card into STE
A
6 / 6
Fortezza crypto card installed in STE

Features
The images below provide an overview of the controls and connections of the STE. The device resembles a regular telephone set, but is slightly bigger and heavier. Power is provided by an (approved) external wide-range mains power supply unit (PSU) that is connected at the rear.


At the left is a regular handset that is connected to the body by means of a coiled cable with RJ9 (4P4C) connectors at either end. At the top right is a large LCD for user interaction. It is used in combination with four blue function keys below the LCD. At the bottom right is a regular keypad for entering a telephone number. The remaining buttons are for selecting pre-programmed numbers (speed dialling, line selection, priority override, etc.). At the front is the PCMCIA slot into which the Fortezza crypto card must be inserted. The device also has a built-in speaker and microphone – for handsfree operation – but for security reasons these are disabled by default.


All connections , with the exception of the handset, are at the rear of the device. There is an RJ11 socket for connection to an analogue PSTN line, and an RJ45 socket for connection to an ISDN line. Furthermore, there is a DE9/M socket for the power supply unit (PSU) and a DB25/F socket for connection of an external peripheral, such as a fax unit. In addition, the STE Tactical has a DB25/M receptacle with a BDI (RS232) interface for connection to a MILSTAR network, and four wire terminals for connection to the TRI-TAC network of the United States Armed Forces.

Above the connectors – hidden behind black plastic caps – are two slots for expansion interfaces, marked BLK EXP (black expansion) and RED EXP (red expansion). These slots accept standard PCMCIA cards. By installing an ethernet card in the BLK EXP slot, the device can be connected to a standard TCP/IP network and used for Voice-over-IP (VoIP). This is part of the SCIP standard.


Replacement
STE replaces the following secure telephones:

  1. STE Tactical only.

Improvements over STU-III
Although the STE is backward compatible 1 with the STU-III, it offers a number of advantages:

  • Can be used over ISDN lines (as well as over PSTN)
  • Better speech quality (in full digital mode)
  • Backward compatibility with STU-III 1
  • Higher data rates (38.4 Kb/s asynchronous, 128 kB/s synchronous)
  • No delay when going secure
  • Optional ethernet interface for Voice-over-IP (VoIP) 2
  1. Only STE units with firmware prior to version 2.
  2. Version 2 onwards.

Models
The STE comes in a number of models and variants, each of which is tailored to a specific application or customer. The following models are known:

  • Office
    This is the most widely used version of the STE within the US Government. It offers voice and data protection via ISDN (Integrated Services Digital Network) and PSTN (Public Switched Telephone Network). It is available in two configrations: ISDN only, and ISDN plus PSTN. Also known as Office/STE.

  • Tactical
    The Tactical version is similar to the Office-version, but can also be used to access the TRI-TAC network (Tri-Service Tactical Network). In addition, it has a secure serial EIA-530A/EIA-232 BDI port (BDI: Black Data Interface). Also known as Tactical/STE. The device featured here is of this type.

  • Data
    This unit is suitable for voice, data, fax and video-conferencing. It has two EIA-530A/EIA-232 BDI ports and can be used for data connections to multiple destinations. This unit comes as a 'black box' without any controls or a handset.

  • C2
    This model is similar to the Tactical-version. It contains modified software for use with its Tactical Terminal Locking Handset mechanism.

  • STE-R
    This model is similar to the Data-version. In addition to the features offered by the STE-Data, it provides dial-in access to the DRSN (Defense Red Switch Network). The letter R stands for Remote.

  • STE-RT
    Tactical version of the STE-R, which adds a 4-wire MSE connection in addition to ISDN and PSTN connectivity.

  • STE-RI
    Rack mounted SVCS module CEU (DRSN interface).
VoIP
Voice Over Internet Protocol (VoIP) is a new emerging standard, which has become available to the STE in the form of an upgrade to the existing models. It requires a PCMCIA 10/100 Mb/s ethernet card to be inserted into the BLK EXP slot at the rear. The VoIP option was pre-installed with some of the later models.


Multiple Networks
The STE can be used on different communication networks. It was designed for the fully digital ISDN network, but could still be used on legacy PSTN networks. In addition, the Tactical STE was suitable for TRI-TAC and MILSTAR networks as well. The difference between the Office-version and the Tactical-version is just the bottom part — the so-called wedge. They can be used on:

  • Digital, BRI, 2B+D, RJ45 connector
  • Analogue, 2-wire, RJ12 connector
  • TRI-TAC
    MSE, 4-Wire Modem, 16/32 kbps CVSD
  • MILSTAR
    BDI service (black data interface) RS-530A or RS-232, DB25 connector
  • VoIP
    Voice-over-Internet (requires ethernet expansion card)
The best performance is obtained when the STE is used on an ISDN network. As all data is already in the digital domain, there is no need to initiate a call in clear as with the STU-III. Furthermore, when used on ISDN, the STE doesn't have the dreaded 10-15 second delay when 'going secure'. Protocols and keys are negotiated even before a call is answered.

In secure voice mode on an ISDN network, speech is compressed at 32 Kb/s using ADPCM, producing excellent quality speech with good intelligibility. In this mode, the STE uses the (Enhanced) Firefly encryption algorithm developed by the NSA [7]. When used on a PSTN network (i.e. in STU-III compatible mode), speech is compressed at 4800 baud using the CELP algorithm.

For data transmission, various speeds are possible both in synchronous and asynchronous modes. The maximum speed of 128 Kb/s is obtained in synchronous mode, when both ISDN B-channels are used. For connection to TRI-TAC, the 4 wire-terminals at the rear are used.


Expansion
STE units can be enhanced in several ways. First of all, all users have been upgraded from 2001 onwards to version 2.0 which is SCIP compatible. This was done by swapping two internal PCBs. SCIP was developed by the US Department of Defense Digital Voice Processor Consortium – in cooperation with the NSA – and is a platform independant interoperability protocol. In addition, STE units can easily be adapted to new emerging standards by adding hardware expansion units.

Fortezza Crypto Card
The basic STE set can be regared as a standard (non-secure) telephone, and is therefore neither classified nor restricted. In order to make secure telephone calles, a Fortezza Crypto Card has to be installed in the PCMCIA slot at the front.

The Fortezza card contains an NSA-developed Type 1 algorithm that is used to encrypt voice and data calls. It is issued for a specific user and comes with a unique PIN code.

 More information

  

Secure fax
STE can be used to send secure fax messages, by connecting an external gateway to the red dataport at the rear of the STE. The 90si Secure Fax Gateway shown in the image on the right was approved for this application.

By adding a GFS-910 Fax Switcher, the same fax machine can also be used for receiving non-secure fax messages, without swapping cables. Both items were approved for use with the STE.

 More information

  

Expansion slot
Two expansion slots are available at the rear. One is marked BLK EXP (Black Expansion). It allows hardware to be added to the unsecure (black) side. The other expansion slot is marked RED EXP. It can be used to add hardware to the red side (the side that needs to be protected.

An example of a possible hardware expansion is the ethernet card that was introduced in 2006 to add VoIP capability 1 to the STE. The card was inserted into the BLK EXP slot and allowed connection to a standard (insecure) network.
  

  1. The use of VoIP over STE was approved by the NSA in July 2006 [6].

STE phone with Fortezza Crypto Card half-way in
STE phone with Fortezza Crypto Card
Inserting the Fortezza Crypto Card in the STE
Placing the crypto card
Fortezza card in place
Releasing the crypto card
Crypto card released
Removing the crypto card
Secure Fax Gateway 90si
Expansion slot
B
×
B
1 / 15
STE phone with Fortezza Crypto Card half-way in
B
2 / 15
STE phone with Fortezza Crypto Card
B
3 / 15
Inserting the Fortezza Crypto Card in the STE
B
4 / 15
Placing the crypto card
B
5 / 15
Fortezza card in place
B
6 / 15
Releasing the crypto card
B
7 / 15
Crypto card released
B
8 / 15
Removing the crypto card
B
9 / 15
Secure Fax Gateway 90si
B
10 / 15
10 / 15
B
11 / 15
11 / 15
B
12 / 15
12 / 15
B
13 / 15
13 / 15
B
14 / 15
14 / 15
B
15 / 15
Expansion slot

Backward compatibility
In order to guarantee a smooth transition from the older STU-III secure phones, the STE was made backward compatible with it. Whenever the STE senses a STU-III terminal at the other end, or when it is used over an analogue telephone line (PSTN), it uses a Type 1 STU-III compatible encryption algorithm for voice transmission.

The image on the right shows the STU-III, which is the predecessor of the STE. STU-III units were manufactured by Motorola, AT&T and RCD (later: L-3 Communications). The one shown here was made by Motorola. More information...

Please note that for all encrypted traffic, the Fortezza Crypto Card has to be present inside the slot at the front of the STE terminal.

When used on a PSTN network, the analogue line is connected to the RJ12 connector (J2) at the rear of the STE (covered here with a placard).
  

STU-III units were last allowed for secure communication on 31 December 2009. After that date, the STU-III compatible mode of the STE was not to be used anymore [4]. At the same time, the new SCIP compatible mode was introduced [5].


President Obama
Presidential Bus
This photograph shows President Obama on Sunday 9 May 2010, just before the Hampton University commencement. On the table are two L-3 STE phones, one of which is used by Obama to discuss the economic situation in Europe with German Chancellor Angela Merkel. At the same time he holds a GSM phone in his right hand, which can be seen as a security breach [10].

Official White House Photo by Pete Souza [8]. 9 May 2010.

Oakley Lindsay Center
This photographs shows President Obama in a backstage room at Intel Corporation in Hillsboro (Oregon) on 18 February 2011, discussing the developments in the Middle East with National Security Advisor Tom Donilon. The L-3 STE phone is on a small table at the left.

Official White House Photo by Pete Souza [8]. 18 February 2011.

Conference call in Brazil
This photograph shows Presedent Obama, standing to the right of National Security Advisor Tom Donilon, both taking part in a conference call in which Obama authorizes action against Libya, as part of an international effort to protect Libyan civilians. The STE is operated here by Donilon, whilst Obama holds a Sectéra GSM Phone [9]. Click for a close-up of the STE phone and note the label POTUS2 at the back of the phone. POTUS is short for President Of The United States.

Obama is thought to be violating security rules here, as he is operating a mobile phone too close to an STE unit [10]. Operating a GSM phone in close proximity of an STE unit (< 5 metres) causes the strong RF signals from the GSM to mix with internal signals inside the STE, producing a third (mixed) RF signal. This mixed signal can be intercepted and exploited by an eavesdropper.

Official White House Photo by Pete Souza [8]. 19 March 2012.

 Close-up of the STE telephone set


Chilmark, Massachusetts (USA)
This photograph shows President Obama, together with his Assistent for Homeland Security John Brennan, conducting a conference call with his National Security Staff to discuss the situation in Lybia on 22 August 2011. The photo was taken through a mirror, and has been digitally corrected by Cryptome [8]. Note the use of Duct Tape to attach the many cables to the table (at the right).

Official White House Photo by Pete Souza [8]. 22 August 2011.

White House Situation Room
This image shows President Obama amidst his National Security Team in the Situation Room of the White House, discussing the mission against Osama Bin Laden on Sunday 1 May 2012. On the table are several regular telehone sets, plus a secure L3 STE-unit. Click for a larger view.

Official White House Photo by Pete Souza [8]. 1 May 2012.


Disclaimer
Although the STE was still in use in 2011 — in fact, new crypto cards had just been introduced — brand new STE units were showing up on flea markets in Europe that same year, making the STE a collector's item. All information presented on this page is available in the public domain, from the manufacturer, the NSA and from a variety of other sources (see the references section below).


Specifications
  • Device
    Secure telephone equipment
  • Purpose
    Classified conversation over insecure networks
  • Model
    STE
  • Manufacturer
    L3 Communications
  • Country
    USA
  • Year
    1992
  • Network
    PSTN, ISDN, IP (VoIP)
  • Predecessor
    STU-III
  • Successsor
    Sectéra® vIPer
  • Quantity
    400,000 (est.)
Documentation
  1. Office/STE leaflet (1)
    L3 Communications. Undated.

  2. Office/STE leaflet (2)
    L3 Communications. 23 October 2006.

  3. Tactical/STE leaflet
    L3 Communications. 23 October 2006.

  4. STE-R leaflet
    L3 Communications. 23 October 2006.

  5. Data/STE leaflet
    L3 Communications. 24 October 2006.

  6. VoIP/STE leaflet
    L3 Communications. 24 October 2006.

  7. Secure Video Conferencing System
    L3 Communications. 19 October 2006.

  8. STE User's Manual
    L3 Communications. Version 2.6, Rev. A, January 2006.
References
  1. L-3 Communications - Communication Systems-East, Secure Terminal Equipment
    Description of the NSA-certified STE offered by L3.

  2. L-3 Communications, STE Direct Sale Price List
    15-10-2006. Retrieved via WayBack Machine.

  3. Federation of American Scientists, STU-III and STE
    Secure Telephone Unit Third Generation (STU-III) / Secure Terminal Equipment (STE). September 2010.

  4. L-3 Communications, STU-III Replacement
    Retrieved January 2012.

  5. L-3 Communications, STE SCIP Upgrade Information
    Retrieved January 2012.

  6. L-3 Communications, VoIP STE Product Overview
    VoIP STE cleared by DoD/OSR for Public Release.
    OSR Case Number 08-S-1752, 6 August 2008.

  7. L-3 Communications, STE Users Manual
    Release 2.6 Rev. A, January 2008

  8. Cryptome, Obama Phones
    Retrieved October 2012.

  9. Peter Koop, Top Level Communications
    Website. Retrieved October 2012.

  10. James M. Atkinson, Obama Called a Moron at Phone Security
    Cryptome website. 7 January 2012. Retrieved October 2012.

  11. Wikipedia, Barack Obama
    Retrieved February 2013.
Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Monday 26 September 2011. Last changed: Monday, 08 April 2024 - 19:40 CET.
Click for homepage