|
|
|
|
Phone USA NSA SCIP vIPer → ← STU-III
The image on the right shows a typical STE Tactical unit manufactured
by L3 in 2008. The unit is dark-grey and is slightly higher
than the Motorola STU-III.
In 2006, the price of an STE was between US$ 3000 and US$ 4000
(excluding the Crypto Card), depending on the model [2].
At the front of the unit is a PCMCIA-slot that allows a
Fortezza Crypto Card
(KOV-14) or a KSV-21 Enhanced Crypto Card
to be inserted. Only when such an
NSA-configured crypto card is present, can secure calls be placed to other
STE phones (and in the past to STU-III phones).
|
|
|
Unlike the STU-III, the STE is
neither a classified nor
a restricted item, as the cryptographic algorithms are held inside
the Fortezza crypto card.
Without this card, the STE can be used to place standard (unsecured)
calls on a PSTN or ISDN network, just like an ordinary telephone [3].
On 31 December 2009, STU-III — the predecessor of the STE —
was officially phased out. After that date, STU-III —
and hence the STU-III compatible mode of the STE — was no longer
to be used [4].
In the meantime, all STE units had been upgraded to firmware version 2,
by swapping two PCBs inside the device [5].
This makes the upgraded STE compatible with the newer
Secure Communications Interoperability Protocol (SCIP)
and incompatible with older STU-III.
During the course of 2013, the American Government started replacing the
STE by the
Sectéra® vIPer™ Universal Secure Phone,
which has built-in security and
does not need an external crypto card or Crypto Ignition Key (CIK).
vIPer is approved for Top Secret/SCI traffic and is interoperable with
the STE and other secure phones used by the Government and the
Department of Defence.
|
The images below provide an overview of the controls and connections
of the STE. The device resembles a regular telephone set, but is
slightly bigger and heavier. Power is provided by an (approved) external
wide-range mains power supply unit (PSU) that is connected at the rear.
At the left is a regular handset that is connected to the body by means of
a coiled cable with RJ9 (4P4C) connectors at either end. At the top right is a large LCD for
user interaction. It is used in combination with four blue function
keys below the LCD. At the bottom right is a regular keypad for entering
a telephone number. The remaining buttons are for selecting pre-programmed
numbers (speed dialling, line selection, priority override, etc.).
At the front is the PCMCIA slot into which the
Fortezza crypto card must be inserted. The device also
has a built-in speaker and microphone – for handsfree operation – but for
security reasons these are disabled by default.
All connections , with the exception of the handset, are at the rear of the
device. There is an RJ11 socket for connection to an analogue PSTN line,
and an RJ45 socket for connection to an ISDN line. Furthermore, there
is a DE9/M socket
for the power supply unit (PSU) and a
DB25/F socket for
connection of an external peripheral, such as a fax unit.
In addition, the STE Tactical has a DB25/M receptacle with a BDI (RS232)
interface for connection to a MILSTAR network, and four wire terminals for
connection to the TRI-TAC network of the United States Armed Forces.
Above the connectors – hidden behind black plastic caps – are two slots
for expansion interfaces, marked BLK EXP (black expansion) and RED EXP
(red expansion). These slots accept standard PCMCIA cards. By installing an
ethernet card in the BLK EXP slot, the device can be connected to a standard
TCP/IP network and used for Voice-over-IP (VoIP).
This is part of the SCIP standard.
|
STE replaces the following secure telephones:
|
|
Improvements over STU-III
|
|
|
Although the STE is backward compatible 1 with the STU-III,
it offers a number of advantages:
|
- Can be used over ISDN lines (as well as over PSTN)
- Better speech quality (in full digital mode)
- Backward compatibility with STU-III 1
- Higher data rates (38.4 Kb/s asynchronous, 128 kB/s synchronous)
- No delay when going secure
- Optional ethernet interface for Voice-over-IP (VoIP) 2
|
-
Only STE units with firmware prior to version 2.
-
Version 2 onwards.
|
The STE comes in a number of models and variants, each of which is
tailored to a specific application or customer. The following models
are known:
|
- Office
This is the most widely used version of the STE within the US Government.
It offers voice and data protection via ISDN (Integrated Services Digital
Network) and PSTN (Public Switched Telephone Network). It is available in
two configrations: ISDN only, and ISDN plus PSTN.
Also known as Office/STE.
- Tactical
The Tactical version is similar to the Office-version, but can also
be used to access the TRI-TAC network
(Tri-Service Tactical Network).
In addition, it has a secure serial EIA-530A/EIA-232 BDI port
(BDI: Black Data Interface). Also known as Tactical/STE.
The device featured here is of this type.
- Data
This unit is suitable for voice, data, fax and video-conferencing.
It has two EIA-530A/EIA-232 BDI ports and can be used for data connections
to multiple destinations. This unit comes as a 'black box' without any
controls or a handset.
- C2
This model is similar to the Tactical-version. It contains modified
software for use with its Tactical Terminal Locking Handset mechanism.
- STE-R
This model is similar to the Data-version. In addition to the
features offered by the STE-Data, it provides dial-in access to the
DRSN (Defense Red Switch Network). The letter R stands for Remote.
- STE-RT
Tactical version of the STE-R, which adds a 4-wire MSE connection in
addition to ISDN and PSTN connectivity.
- STE-RI
Rack mounted SVCS module CEU (DRSN interface).
|
Voice Over Internet Protocol (VoIP) is a new emerging standard, which has
become available to the STE in the form of an upgrade to the existing models.
It requires a PCMCIA 10/100 Mb/s ethernet card to be inserted into the
BLK EXP slot at the rear.
The VoIP option was pre-installed with some of the later models.
|
The STE can be used on different communication networks. It was designed for
the fully digital ISDN network, but could still be used on legacy PSTN networks.
In addition, the Tactical STE was suitable for TRI-TAC and MILSTAR networks
as well. The difference between the Office-version and the
Tactical-version is just the bottom part — the so-called wedge.
They can be used on:
|
- Digital, BRI, 2B+D, RJ45 connector
- Analogue, 2-wire, RJ12 connector
TRI-TAC MSE, 4-Wire Modem, 16/32 kbps CVSD MILSTAR BDI service (black data interface) RS-530A or RS-232, DB25 connector VoIP Voice-over-Internet (requires ethernet expansion card)
|
The best performance is obtained when the STE is used on an ISDN network.
As all data is already in the digital domain, there is no need to initiate
a call in clear as with the STU-III. Furthermore, when used on
ISDN, the STE doesn't have the dreaded 10-15 second delay when 'going secure'.
Protocols and keys are negotiated even before a call is answered.
In secure voice mode on an ISDN network, speech is compressed at 32 Kb/s
using ADPCM, producing excellent quality speech with good intelligibility.
In this mode, the STE uses the (Enhanced) Firefly encryption algorithm
developed by the NSA [7].
When used on a PSTN network (i.e. in STU-III compatible mode),
speech is compressed at 4800 baud using the CELP algorithm.
For data transmission, various speeds are possible both in synchronous and
asynchronous modes. The maximum speed of 128 Kb/s is obtained in
synchronous mode, when both ISDN B-channels are used.
For connection to TRI-TAC,
the 4 wire-terminals at the rear are used.
|
STE units can be enhanced in several ways. First of all, all users have been
upgraded from 2001 onwards to version 2.0 which is
SCIP compatible.
This was done by swapping two internal PCBs.
SCIP was developed by the US Department of Defense
Digital Voice Processor Consortium –
in cooperation with the NSA – and
is a platform independant interoperability protocol.
In addition, STE units can easily be adapted to new
emerging standards by adding hardware expansion units.
|
The basic STE set can be regared as a standard (non-secure)
telephone, and is therefore neither classified nor restricted.
In order to make secure telephone calles, a
Fortezza Crypto Card
has to be installed in the PCMCIA slot at the front.
The Fortezza card contains an NSA-developed Type 1 algorithm
that is used to encrypt voice and data calls. It is issued for a specific
user and comes with a unique PIN code.
➤ More information
|
|
|
STE can be used to send secure fax messages, by connecting an external gateway
to the red dataport at the rear of the STE. The 90si Secure Fax Gateway shown
in the image on the right was approved for this application.
By adding a GFS-910 Fax Switcher,
the same fax machine can also be used
for receiving non-secure fax messages, without swapping cables.
Both items were approved for use with the STE.
➤ More information
|
|
|
Two expansion slots are available at the rear.
One is marked BLK EXP (Black Expansion). It allows hardware to be added to
the unsecure (black) side. The other expansion slot is marked RED EXP.
It can be used to add hardware to the red side (the side that needs to be
protected.
An example of a possible hardware expansion is the ethernet card that was introduced
in 2006 to add VoIP capability 1 to the STE. The card was inserted into the
BLK EXP slot and allowed connection to a standard (insecure) network.
|
|
|
-
The use of VoIP over STE was approved
by the NSA in July 2006 [6].
|
In order to guarantee a smooth transition from the older
STU-III secure phones, the STE was made backward
compatible with it. Whenever the STE senses a STU-III terminal at the other end,
or when it is used over an analogue telephone line (PSTN), it uses a
Type 1
STU-III compatible encryption algorithm for voice transmission.
|
The image on the right shows the STU-III, which is the predecessor of the STE.
STU-III units were manufactured by Motorola, AT&T and RCD (later: L-3
Communications). The one shown here was made by Motorola.
More information...
Please note that for all encrypted traffic, the
Fortezza Crypto Card has to be present inside the
slot at the front of the STE terminal.
When used on a PSTN network, the analogue line is connected to the RJ12
connector (J2) at the rear of the STE (covered here with a placard).
|
|
|
STU-III units were last allowed for secure communication on 31 December 2009.
After that date, the STU-III compatible mode of the STE was not to be used
anymore [4].
At the same time, the new SCIP compatible
mode was introduced [5].
|
This photograph shows President Obama on Sunday 9 May 2010, just before
the Hampton University commencement. On the table are
two L-3 STE phones,
one of which is used by Obama to discuss the economic situation in Europe
with German Chancellor Angela Merkel. At the same time
he holds a GSM phone in his right hand, which can be seen as
a security breach [10].
Official White House Photo by Pete Souza [8]. 9 May 2010.
|
This photographs shows President Obama in a backstage room at Intel
Corporation in Hillsboro (Oregon) on 18 February 2011, discussing the
developments in the Middle East with National Security Advisor Tom Donilon.
The L-3 STE phone is on a small table at the left.
Official White House Photo by Pete Souza [8]. 18 February 2011.
|
|
Conference call in Brazil
|
|
|
This photograph shows Presedent Obama, standing to the right of
National Security Advisor Tom Donilon, both taking part in a conference
call in which Obama authorizes action against Libya, as part of
an international effort to protect Libyan civilians. The STE is operated
here by Donilon, whilst Obama holds a Sectéra GSM Phone [9].
Click for a close-up of the STE phone
and note the label POTUS2 at the back of the phone.
POTUS is short for President Of The United States.
Obama is thought to be violating security rules here, as he is operating
a mobile phone too close to an STE unit [10].
Operating a GSM phone in close proximity of an STE unit (< 5 metres)
causes the strong RF signals from the GSM to mix with internal
signals inside the STE, producing a third (mixed) RF signal. This mixed
signal can be intercepted and exploited by an eavesdropper.
Official White House Photo by Pete Souza [8]. 19 March 2012.
➤ Close-up of the STE telephone set
|
|
Chilmark, Massachusetts (USA)
|
|
|
This photograph shows President Obama, together with his Assistent for
Homeland Security John Brennan, conducting a conference call with his
National Security Staff to discuss the situation in Lybia on 22 August 2011.
The photo was taken through a mirror, and has been digitally corrected
by Cryptome [8].
Note the use of Duct Tape
to attach the many cables to the table (at the right).
Official White House Photo by Pete Souza [8]. 22 August 2011.
|
|
White House Situation Room
|
|
|
This image shows President Obama amidst his National Security Team
in the Situation Room of the White House, discussing the mission against
Osama Bin Laden on Sunday 1 May 2012.
On the table are several regular telehone sets, plus a secure L3 STE-unit.
Click for a larger view.
Official White House Photo by Pete Souza [8]. 1 May 2012.
|
Although the STE was still in use in 2011 — in fact, new crypto cards
had just been introduced — brand new STE units were
showing up on flea markets in Europe that same year,
making the STE a collector's item.
All information presented on this page is available in the public
domain, from the manufacturer,
the NSA and from a variety of other
sources (see the references section below).
|
Device Secure telephone equipment Purpose Classified conversation over insecure networks Model STE Manufacturer L3 Communications Country USA Year 1992 Network PSTN, ISDN, IP (VoIP) Predecessor STU-III Successsor Sectéra® vIPer Quantity 400,000 (est.)
|
- L-3 Communications - Communication Systems-East, Secure Terminal Equipment
Description of the NSA-certified STE offered by L3.
- L-3 Communications, STE Direct Sale Price List
15-10-2006. Retrieved via WayBack Machine.
- Federation of American Scientists, STU-III and STE
Secure Telephone Unit Third Generation (STU-III) / Secure Terminal
Equipment (STE). September 2010.
- L-3 Communications, STU-III Replacement
Retrieved January 2012.
- L-3 Communications, STE SCIP Upgrade Information
Retrieved January 2012.
- L-3 Communications, VoIP STE Product Overview
VoIP STE cleared by DoD/OSR for Public Release.
OSR Case Number 08-S-1752, 6 August 2008.
- L-3 Communications, STE Users Manual
Release 2.6 Rev. A, January 2008
- Cryptome, Obama Phones
Retrieved October 2012.
- Peter Koop, Top Level Communications
Website. Retrieved October 2012.
- James M. Atkinson, Obama Called a Moron at Phone Security
Cryptome website. 7 January 2012. Retrieved October 2012.
- Wikipedia, Barack Obama
Retrieved February 2013.
|
|
|
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Monday 26 September 2011. Last changed: Monday, 11 November 2024 - 12:30 CET.
|
|
|
|
|