STU-III

Last updated August 31, 2022

STU-III (Secure Telephone Unit - third generation) is a family of secure telephones introduced in 1987 by the NSA for use by the United States government, its contractors, and its allies. STU-III desk units look much like typical office telephones, plug into a standard telephone wall jack and can make calls to any ordinary phone user (with such calls receiving no special protection, however). When a call is placed to another STU-III unit that is properly set up, one caller can ask the other to initiate secure transmission. They then press a button on their telephones and, after a 15-second delay, their call is encrypted to prevent eavesdropping. There are portable and militarized versions and most STU-IIIs contained an internal modem and RS-232 port for data and fax transmission. Vendors were AT&T (later transferred to Lucent Technologies), RCA (Now L-3 Communications, East) and Motorola.

Versions

STU-III/Low Cost Terminal (LCT) designed for use in office environment by all types of users. (Motorola Sectel 1500, Lucent Technologies/GD 1100 and 1150)
STU-III/Cellular Telephone (CT) is interoperable with all STU-III versions. Works in all continental US mobile network and in most of the foreign cellular networks.
STU-III/Allied (A) specialized version of the STU-III/LCT that is compatible with the STU-II. It retains all basic STU-III functions and capabilities and incorporates STU-II BELLFIELD KDC, STU-II net, and STU-II multipoint modes of operation.
STU-III/Remote Control Interface (R or RCU)
STU-III/MultiMedia Terminal (MMT)
STU-III/Inter Working Function (IWF)
STU-III/Secure Data Device (SDD)
STU-III/CipherTAC 2000 (CTAC)

Security

STU-III secure telephones on display at the National Cryptologic Museum in 2005. STU-IIIphones.nsa.jpg — STU-III secure telephones on display at the National Cryptologic Museum in 2005.

Most STU-III units were built for use with what NSA calls Type 1 encryption. This allows them to protect conversations at all security classification levels up to Top Secret, with the maximum level permitted on a call being the lower clearance level of the two persons talking. At the height of the Commercial COMSEC Endorsement Program, Type 2, 3, and 4 STU-IIIs were manufactured, but they saw little commercial success.

Two major factors in the STU-III's success were the Electronic Key Management System (EKMS) and the use of a removable memory module in a plastic package in the shape of a house key, called a KSD-64A. The EKMS is believed to be one of the first widespread applications of asymmetric cryptography. It greatly reduced the complex logistics and bookkeeping associated with ensuring each encryption device has the right keys and that all keying material is protected and accounted for.

KSD-64A Crypto Ignition Key Ksd-64.jpg — KSD-64A Crypto Ignition Key

The KSD-64A contains a 64kbit EEPROM chip that can be used to store various types of keying and other information. A new (or zeroized) STU-III must first have a "seed key" installed. This key is shipped from NSA by registered mail or Defense Courier Service. Once the STU-III has its seed key, the user calls a toll-free number at NSA to have the seed key converted into an operational key. A list of compromised keys is downloaded to the STU-III at this time. The operational key is supposed to be renewed at least once a year.

The operational key is then split into two components, one of which replaces the information on the KSD-64A, at which point it becomes a Crypto Ignition Key or CIK. When the CIK is removed from the STU-III telephone neither unit is considered classified. Only when the CIK is inserted into the STU-III on which it was created can classified information be received and sent.

When a call "goes secure", the two STU-III's create a unique key that will be used to encrypt just the call being placed. Each unit first makes sure that the other is not using a revoked key and if one has a more up-to-date key revocation list, it transmits it to the other. Presumably the revocation lists are protected by a digital signature generated by NSA.

While there have been no reports of STU-III encryption being broken, there have been claims that foreign intelligence services can recognize the lines on which STU-IIIs are installed and that un-encrypted calls on these lines, particularly what was said while waiting for the "go secure" command to complete, have provided valuable information.^[2]

Use

Hundreds of thousands of STU-III sets were produced and many were still in use as of 2004. STU-III replaced earlier voice encryption devices, including the KY-3 (1960s), the STU-I (1970) and the STU-II (1975). The STU-II had some 10,000 users. These, in turn, replaced less secure voice scramblers. Unlike earlier systems, the STU-III's encryption electronics are completely contained in the desk set. Further, the reduced bandwidth required by a STU-III permitted it to be used for encrypted voice communications even over limited conduits such as the commercial maritime communication satellites of the day.^[3] The STU-III is no longer in use, having been replaced by the STE (Secure Terminal Equipment) or OMNI, more modern, all digital systems that overcome many of the STU-III's problems, including the 15 second delay.

Operational difficulties in using STU-III phones hindered coordination between the Federal Aviation Administration and NORAD during the September 11, 2001 attacks on New York and Washington. See Communication during the September 11 attacks.

STE succeeded STU-III in the 1990s. Similar to STU-III, an STE unit physically resembles an ordinary telephone. Besides connecting to a regular wall phone jack (Public Switched Telephone Network), the STE was originally designed to be connected to Integrated Services Digital Network (ISDN) lines. As a result, in addition to having secured voice conversations, users can also use an STE unit for classified data and fax transmissions. Transfer rate of an STE is also considerably higher (STU-III: up to 9 kbit/s; STE: up to 128 kbit/s). Lastly, an STE unit is backward compatible with an STU-III unit when both units are connected to the PSTN.

The heart of an STE unit is the Fortezza Plus (KOV-14) Crypto Card, which is a PCMCIA card. It contains both the cryptographic algorithms as well as the key(s) used for encryption. Cryptographic algorithms include BATON, FIREFLY, and SDNS signature algorithm. When the Crypto Card is removed from the STE unit, neither the phone or the card is considered classified. BATON is a block cipher developed by the NSA with a block size of 128 bits and key size of 320 bits.^{[ citation needed ]} FIREFLY, on the other hand, is a key distribution protocol developed by the NSA. The FIREFLY protocol uses public key cryptography to exchange keys between two participants of a secured call.

Both STU-III and STE are built on technologies that are proprietary, and details of the cryptographic algorithms (BATON and FIREFLY) are classified. Although the secrecy of the algorithms does not make the device less secure, it does limit the usage to within the U.S. government and its allies. Within the Department of Defense, Voice over IP (VoIP) has slowly emerged as an alternative solution to STU-III and STE. The high bandwidth of IP networks makes VoIP attractive because it results in voice quality superior to STU-III and STE. To secure VoIP calls, VoIP phones are connected to classified IP networks (e.g. Secret Internet Protocol Router Network – SIPRNET).

Both allies and adversaries of the United States are interested in STU-III, STE, and other secured voice technologies developed by the NSA. To date, there has not been any reported cryptanalysis on the encryption algorithms used by the STU-III and STE. Any breaks in these algorithms could jeopardize national security.

Information about STU-III is very limited despite the fact that it is out of production. Because of the sensitive nature of the subject, there are few relevant documents available. The majority of the information available originates from the manufacturers (e.g. L-3 Communications) of STU-III and STE.

Related Research Articles

Communications security is the discipline of preventing unauthorized interceptors from accessing telecommunications in an intelligible form, while still delivering content to the intended recipients.

Voice over Internet Protocol (VoIP), also called IP telephony, is a method and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. The terms Internet telephony, broadband telephony, and broadband phone service specifically refer to the provisioning of communications services over the Internet, rather than via the public switched telephone network (PSTN), also known as plain old telephone service (POTS).

Articles related to cryptography include:

The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured "voice and data messages" with a built-in backdoor that was intended to "allow Federal, State, and local law enforcement officials the ability to decode intercepted voice and data transmissions." It was intended to be adopted by telecommunications companies for voice transmission. Introduced in 1993, it was entirely defunct by 1996.

There are a number of standards related to cryptography. Standard algorithms and protocols provide a focus for study; standards for popular applications attract a large amount of cryptanalysis.

Fortezza is an information security system that uses the Fortezza Crypto Card, a PC Card-based security token. It was developed for the U.S. government's Clipper chip project and has been used by the U.S. Government in various applications.

<span class="mw-page-title-main">Secure Terminal Equipment</span> Encrypted telephone system

Secure Terminal Equipment (STE) is the U.S. government's current, encrypted telephone communications system for wired or "landline" communications. STE is designed to use ISDN telephone lines which offer higher speeds of up to 128 kbit/s and are all digital. The greater bandwidth allows higher quality voice and can also be utilized for data and fax transmission through a built-in RS-232 port. STE is intended to replace the older STU-III office system and the KY-68 tactical system. STE sets are backwards compatible with STU-III phones, but not with KY-68 sets.

The National Security Agency took over responsibility for all U.S. Government encryption systems when it was formed in 1952. The technical details of most NSA-approved systems are still classified, but much more about its early systems have become known and its most modern systems share at least some features with commercial products.

The Electronic Key Management System (EKMS) is a United States National Security Agency led program responsible for Communications Security (COMSEC) key management, accounting, and distribution. Specifically, EKMS generates and distributes electronic key material for all NSA encryption system whose keys are loaded using standard fill devices, and directs the distribution of NSA produced key material. Additionally, EKMS performs account registration, privilege management, ordering, distribution, and accounting to direct the management and distribution of physical COMSEC material for the services. The common EKMS components and standards facilitate interoperability and commonality among the armed services and civilian agencies.

The Secure Communications Interoperability Protocol (SCIP) is a US standard for secure voice and data communication, for circuit-switched one-to-one connections, not packet-switched networks. SCIP derived from the US Government Future Narrowband Digital Terminal (FNBDT) project. SCIP supports a number of different modes, including national and multinational modes which employ different cryptography. Many nations and industries develop SCIP devices to support the multinational and national modes of SCIP.

VINSON is a family of voice encryption devices used by U.S. and allied military and law enforcement, based on the NSA's classified Suite A SAVILLE encryption algorithm and 16 kbit/s CVSD audio compression. It replaces the Vietnam War-era NESTOR (KY-8/KY-28|28/KY-38|38) family.

SAVILLE is a classified NSA Type 1 encryption algorithm, developed in the late 1960s, jointly by the Government Communications Headquarters (GCHQ) in the UK and the National Security Agency (NSA) in the US. It is used broadly, often for voice encryption, and implemented in many encryption devices.

The KSD-64[A] Crypto Ignition Key (CIK) is an NSA-developed EEPROM chip packed in a plastic case that looks like a toy key. The model number is due to its storage capacity — 64 kibibits, enough to store multiple encryption keys. Most frequently it was used in key-splitting applications: either the encryption device or the KSD-64 alone is worthless, but together they can be used to make encrypted connections. It was also used alone as a fill device for transfer of key material, as for the initial seed key loading of an STU-III secure phone.

Secure voice is a term in cryptography for the encryption of voice communication over a range of communication types such as radio, telephone or IP.

<span class="mw-page-title-main">Secure telephone</span> Telephone that provides encrypted calls

A secure telephone is a telephone that provides voice security in the form of end-to-end encryption for the telephone call, and in some cases also the mutual authentication of the call parties, protecting them against a man-in-the-middle attack. Concerns about massive growth of telephone tapping incidents led to growing demand for secure telephones.

Over-the-air rekeying (OTAR) refers to transmitting or updating encryption keys (rekeying) in secure information systems by conveying the keys via encrypted electronic communication channels. It is also referred to as over-the-air transfer (OTAT), or over-the-air distribution (OTAD), depending on the specific type, use, and transmission means of the key being changed. Although the acronym refers specifically to radio transmission, the technology is also employed via wire, cable, or optical fiber.

OMNI is an encryption device manufactured by L-3 Communications. It adds secure voice and secure data to any standard analog telephone or modem connected computer.

Fill device Module used to load cryptographic keys into encryption machines

A fill device or key loader is a module used to load cryptographic keys into electronic encryption machines. Fill devices are usually hand held and electronic ones are battery operated.

Fishbowl is a mobile phone architecture developed by the U.S. National Security Agency (NSA) to provide a secure Voice over IP (VoIP) capability using commercial grade products that can be approved to communicate classified information. It is the first phase of NSA's Enterprise Mobility Architecture. According to a presentation at the 2012 RSA Conference by Margaret Salter, a Technical Director in the Information Assurance Directorate, "The plan was to buy commercial components, layer them together and get a secure solution. It uses solely commercial infrastructure to protect classified data." Government employees were reportedly testing 100 of the phones as of the announcement.

References

↑ STU-III Phase Out, L3 Communications
↑ "Intercepting Your Communications".
↑ As first demonstrated by Cold War technological innovator Lieutenant Commander David Winters. OPERATION PROVIDE COMFORT, A Communications Perspective, published by the United States European Command Directorate of Command, Control, and Communications, June 4, 1993.

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] STU-III Phase Out, L3 Communications

[2] "Intercepting Your Communications".

[3] As first demonstrated by Cold War technological innovator Lieutenant Commander David Winters. OPERATION PROVIDE COMFORT, A Communications Perspective, published by the United States European Command Directorate of Command, Control, and Communications, June 4, 1993.

[1]

[2]

[3]

v t e National Security Agency
Locations	Alaska Mission Operations Center Colorado Cryptologic Center Consolidated Intelligence Center CSSG Dorsey Road European Cryptologic Center European Technical Center Fort Meade Friendship Annex Georgia Cryptologic Center Hawaii Cryptologic Center Interagency Training Center Kent Island Misawa Security Operations Center Multiprogram Research Facility Pine Gap RAF Menwith Hill Roaring Creek Room 641A Salt Creek Sugar Grove Texas Cryptologic Center Utah Data Center Pacific Technical Center
Leaders	Ralph Canine John A. Samford Laurence Hugh Frost Gordon Blake Marshall Carter Noel Gayler Samuel C. Phillips Lew Allen Bobby Ray Inman Lincoln D. Faurer William Eldridge Odom Bill Studeman John Michael McConnell Kenneth Minihan Michael Hayden Keith B. Alexander Michael S. Rogers Paul Nakasone
Divisions	CSS Information Warfare Support Center ROC Special Collection Service SSO TAO NTOC NSOC
Technology	ANT catalog FROSTBURG HARVEST Secure Terminal Equipment (STE) STU-I STU-II STU-III WARRIOR PRIDE
Controversy	Global surveillance disclosures (2013–present) Church Committee Edward Snowden LOVEINT James Bamford NSA warrantless surveillance controversy Pike Committee Russ Tice Thomas Andrews Drake Thomas Tamm Matthew Aid
Programs	Boundless Informant Dropmire ECHELON Fairview Insider Threat Program MUSCULAR MYSTIC PRISM Real Time Regional Gateway Stellar Wind TRAILBLAZER Turbulence Upstream XKeyscore Epic Shelter
Databases	DISHFIRE Interquake Main Core MAINWAY MARINA Nymrod PINWALE
Other	Dundee Society Institute for Defense Analyses National Cryptologic Museum National Cryptologic School National Vigilance Park NSA Hall of Honor VENONA Vulnerabilities Equities Process Zendian Problem