This article needs additional citations for verification .(October 2015) |
STU-III (Secure Telephone Unit - third generation) is a family of secure telephones introduced in 1987 by the NSA for use by the United States government, its contractors, and its allies. STU-III desk units look much like typical office telephones, plug into a standard telephone wall jack and can make calls to any ordinary phone user (with such calls receiving no special protection, however). When a call is placed to another STU-III unit that is properly set up, one caller can ask the other to initiate secure transmission. They then press a button on their telephones and, after a 15-second delay, their call is encrypted to prevent eavesdropping. There are portable and militarized versions and most STU-IIIs contained an internal modem and RS-232 port for data and fax transmission. Vendors were AT&T (later transferred to Lucent Technologies), RCA (now L-3 Communications, East) and Motorola.
STU-III are no longer in service with the U.S. Government, with the last cryptographic keys for the units expiring on December 31, 2009. It has been replaced by the STE (Secure Terminal Equipment) and other equipment using the more modern Secure Communications Interoperability Protocol (SCIP). [1]
Most STU-III units were built for use with what NSA calls Type 1 encryption. This allows them to protect conversations at all security classification levels up to Top Secret, with the maximum level permitted on a call being the lower clearance level of the two persons talking. At the height of the Commercial COMSEC Endorsement Program, Type 2, 3, and 4 STU-IIIs were manufactured, but they saw little commercial success.
Two major factors in the STU-III's success were the Electronic Key Management System (EKMS) and the use of a removable memory module in a plastic package in the shape of a house key, called a KSD-64A. The EKMS is believed to be one of the first widespread applications of asymmetric cryptography. It greatly reduced the complex logistics and bookkeeping associated with ensuring each encryption device has the right keys and that all keying material is protected and accounted for.
The KSD-64A contains a 64 kbit EEPROM chip that can be used to store various types of keying and other information. A new (or zeroized) STU-III must first have a "seed key" installed. This key is shipped from NSA by registered mail or Defense Courier Service. Once the STU-III has its seed key, the user calls a toll-free number at NSA to have the seed key converted into an operational key. A list of compromised keys is downloaded to the STU-III at this time. The operational key is supposed to be renewed at least once a year.
The operational key is then split into two components, one of which replaces the information on the KSD-64A, at which point it becomes a Crypto Ignition Key or CIK. When the CIK is removed from the STU-III telephone neither unit is considered classified. Only when the CIK is inserted into the STU-III on which it was created can classified information be received and sent.
When a call "goes secure", the two STU-III's create a unique key that will be used to encrypt just the call being placed. Each unit first makes sure that the other is not using a revoked key and if one has a more up-to-date key revocation list, it transmits it to the other. Presumably the revocation lists are protected by a digital signature generated by NSA.
While there have been no reports of STU-III encryption being broken, there have been claims that foreign intelligence services can recognize the lines on which STU-IIIs are installed and that un-encrypted calls on these lines, particularly what was said while waiting for the "go secure" command to complete, have provided valuable information. [2]
Hundreds of thousands of STU-III sets were produced and many were still in use as of 2004. STU-III replaced earlier voice encryption devices, including the KY-3 (1960s), the STU-I (1970) and the STU-II (1975). The STU-II had some 10,000 users. These, in turn, replaced less secure voice scramblers. Unlike earlier systems, the STU-III's encryption electronics are completely contained in the desk set. Further, the reduced bandwidth required by a STU-III permitted it to be used for encrypted voice communications even over limited conduits such as the commercial maritime communication satellites of the day. [3] The STU-III is no longer in use, having been replaced by the STE (Secure Terminal Equipment) or OMNI, more modern, all digital systems that overcome many of the STU-III's problems, including the 15 second delay.
Operational difficulties in using STU-III phones hindered coordination between the Federal Aviation Administration and NORAD during the September 11, 2001 attacks on New York and Washington. See Communication during the September 11 attacks.
STE succeeded STU-III in the 1990s. Similar to STU-III, an STE unit physically resembles an ordinary telephone. Besides connecting to a regular wall phone jack (Public Switched Telephone Network), the STE was originally designed to be connected to Integrated Services Digital Network (ISDN) lines. As a result, in addition to having secured voice conversations, users can also use an STE unit for classified data and fax transmissions. Transfer rate of an STE is also considerably higher (STU-III: up to 9 kbit/s; STE: up to 128 kbit/s). Lastly, an STE unit is backward compatible with an STU-III unit when both units are connected to the PSTN.
The heart of an STE unit is the Fortezza Plus (KOV-14) Crypto Card, which is a PCMCIA card. It contains both the cryptographic algorithms as well as the key(s) used for encryption. Cryptographic algorithms include BATON, FIREFLY, and SDNS signature algorithm. When the Crypto Card is removed from the STE unit, neither the phone or the card is considered classified. BATON is a block cipher developed by the NSA with a block size of 128 bits and key size of 320 bits.[ citation needed ] FIREFLY, on the other hand, is a key distribution protocol developed by the NSA. The FIREFLY protocol uses public key cryptography to exchange keys between two participants of a secured call.
Both STU-III and STE are built on technologies that are proprietary, and details of the cryptographic algorithms (BATON and FIREFLY) are classified. Although the secrecy of the algorithms does not make the device less secure, it does limit the usage to within the U.S. government and its allies. Within the Department of Defense, Voice over IP (VoIP) has slowly emerged as an alternative solution to STU-III and STE. The high bandwidth of IP networks makes VoIP attractive because it results in voice quality superior to STU-III and STE. To secure VoIP calls, VoIP phones are connected to classified IP networks (e.g. Secret Internet Protocol Router Network – SIPRNET).
Both allies and adversaries of the United States are interested in STU-III, STE, and other secured voice technologies developed by the NSA. To date, there has not been any reported cryptanalysis on the encryption algorithms used by the STU-III and STE. Any breaks in these algorithms could jeopardize national security.
Information about STU-III is very limited despite the fact that it is out of production. Because of the sensitive nature of the subject, there are few relevant documents available. The majority of the information available originates from the manufacturers (e.g. L-3 Communications) of STU-III and STE.
Communications security is the discipline of preventing unauthorized interceptors from accessing telecommunications in an intelligible form, while still delivering content to the intended recipients.
Voice over Internet Protocol (VoIP), also called IP telephony, is a method and group of technologies for voice calls for the delivery of voice communication sessions over Internet Protocol (IP) networks, such as the Internet.
Articles related to cryptography include:
The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured "voice and data messages" with a built-in backdoor that was intended to "allow Federal, State, and local law enforcement officials the ability to decode intercepted voice and data transmissions." It was intended to be adopted by telecommunications companies for voice transmission. Introduced in 1993, it was entirely defunct by 1996.
There are a number of standards related to cryptography. Standard algorithms and protocols provide a focus for study; standards for popular applications attract a large amount of cryptanalysis.
Fortezza is an information security system that uses the Fortezza Crypto Card, a PC Card-based security token. It was developed for the U.S. government's Clipper chip project and has been used by the U.S. Government in various applications.
Secure Terminal Equipment (STE) is the U.S. government's current, encrypted telephone communications system for wired or "landline" communications. STE is designed to use ISDN telephone lines which offer higher speeds of up to 128 kbit/s and are all digital. The greater bandwidth allows higher quality voice and can also be utilized for data and fax transmission through a built-in RS-232 port. STE is intended to replace the older STU-III office system and the KY-68 tactical system. STE sets are backwards compatible with STU-III phones, but not with KY-68 sets.
The National Security Agency took over responsibility for all U.S. Government encryption systems when it was formed in 1952. The technical details of most NSA-approved systems are still classified, but much more about its early systems have become known and its most modern systems share at least some features with commercial products.
The Electronic Key Management System (EKMS) is a United States National Security Agency led program responsible for Communications Security (COMSEC) key management, accounting, and distribution. Specifically, EKMS generates and distributes electronic key material for all NSA encryption systems whose keys are loaded using standard fill devices, and directs the distribution of NSA produced key material. Additionally, EKMS performs account registration, privilege management, ordering, distribution, and accounting to direct the management and distribution of physical COMSEC material for the services. The common EKMS components and standards facilitate interoperability and commonality among the armed services and civilian agencies.
The Secure Communications Interoperability Protocol (SCIP) is a US standard for secure voice and data communication, for circuit-switched one-to-one connections, not packet-switched networks. SCIP derived from the US Government Future Narrowband Digital Terminal (FNBDT) project. SCIP supports a number of different modes, including national and multinational modes which employ different cryptography. Many nations and industries develop SCIP devices to support the multinational and national modes of SCIP.
VINSON is a family of voice encryption devices used by U.S. and allied military and law enforcement, based on the NSA's classified Suite A SAVILLE encryption algorithm and 16 kbit/s CVSD audio compression. It replaces the Vietnam War-era NESTOR (KY-8/KY-28|28/KY-38|38) family.
SAVILLE is a classified NSA Type 1 encryption algorithm, developed in the late 1960s, jointly by the Government Communications Headquarters (GCHQ) in the UK and the National Security Agency (NSA) in the US. It is used broadly, often for voice encryption, and implemented in many encryption devices.
The KSD-64[A] Crypto Ignition Key (CIK) is an NSA-developed EEPROM chip packed in a plastic case that looks like a toy key. The model number is due to its storage capacity — 64 kibibits, enough to store multiple encryption keys. Most frequently it was used in key-splitting applications: either the encryption device or the KSD-64 alone is worthless, but together they can be used to make encrypted connections. It was also used alone as a fill device for transfer of key material, as for the initial seed key loading of an STU-III secure phone.
This glossary lists types of keys as the term is used in cryptography, as opposed to door locks. Terms that are primarily used by the U.S. National Security Agency are marked (NSA). For classification of keys according to their usage see cryptographic key types.
Secure voice is a term in cryptography for the encryption of voice communication over a range of communication types such as radio, telephone or IP.
A secure telephone is a telephone that provides voice security in the form of end-to-end encryption for the telephone call, and in some cases also the mutual authentication of the call parties, protecting them against a man-in-the-middle attack. Concerns about massive growth of telephone tapping incidents led to growing demand for secure telephones.
Over-the-air rekeying (OTAR) refers to transmitting or updating encryption keys (rekeying) in secure information systems by conveying the keys via encrypted electronic communication channels. It is also referred to as over-the-air transfer (OTAT), or over-the-air distribution (OTAD), depending on the specific type, use, and transmission means of the key being changed. Although the acronym refers specifically to radio transmission, the technology is also employed via wire, cable, or optical fiber.
The STU-II is a secure telephone developed by the U.S. National Security Agency. It permitted up to six users to have secure communications, on a time-shared basis. It was made by ITT Defense Communications, Nutley, New Jersey. An OEM partner was Northern Telecom.
Fishbowl is a mobile phone architecture developed by the U.S. National Security Agency (NSA) to provide a secure Voice over IP (VoIP) capability using commercial grade products that can be approved to communicate classified information. It is the first phase of NSA's Enterprise Mobility Architecture. According to a presentation at the 2012 RSA Conference by Margaret Salter, a Technical Director in the Information Assurance Directorate, "The plan was to buy commercial components, layer them together and get a secure solution. It uses solely commercial infrastructure to protect classified data." Government employees were reportedly testing 100 of the phones as of the announcement.