STU-III
|
STU-III.png
STU-III is a family of secure telephones introduced in 1987 by the NSA for use by the United States Government, its allies and its contractors. STU-III desk units look like typical office telephones, plug into a standard telephone wall jack and can make calls to any ordinary phone user. Such calls receive no special protection. However, when a call is placed to another STU-III unit that is properly set up, one caller can ask the other to "go secure." They then press a button on their telephones and, after a 15 second delay, their call is encrypted to prevent eavesdropping. There are portable and militarized versions and most STU-IIIs contain an internal modem and RS-232 port for data and fax transmission.
Different versions exist:
- STU-III/Low Cost Terminal (LCT) designed for use in office environment by all types of users.
- STU-III/Cellular Telephone (CT) is interoperable with all STU-III versions. Works in all continental US mobile network and in most of the foreign cellular networks.
- STU-III/Allied (A) specialized version of the STU-III/LCT that is compatible with the STU-II. It retains all basic STU-III functions and capabilities and incorporates STU-II BELLFIELD KDC, STU-II net, and STU-II multipoint modes of operation.
- STU-III/Remote Control Interface (R or RCU)
- STU-III/MultiMedia Terminal (MMT)
- STU-III/Inter Working Function (IWF)
- STU-III/Secure Data Device (SDD)
- STU-III/CipherTAC 2000 (CTAC)
Most STU-III units were built for use with what NSA calls Type 1 encryption. This allows them to protect conversations at all security classification levels up to TOP SECRET, with the maximum level permitted on a call being the lower clearance level of the two persons talking. At the height of the Commercial COMSEC Endorsement Program, Type 2, 3, and 4 STU-IIIs were manufactured, but they saw little commercial success.
Two major factors in the STU-III's success were the Electronic Key Management System (EKMS) and the use of a removable memory module in a plastic package in the shape of a house key, called a KSD-64A. The EKMS is believed to be one of the first widespread applications of asymmetric cryptography. It greatly reduced the complex logistics and bookkeeping associated with insuring each encryption device has the right keys and that all keying material is protected and accounted for.
The KSD-64A contains a 64K-bit EEPROM chip that can be used to store various types of keying and other information. A new (or zeroized) STU-III must first have a "seed key" installed. This key is shipped from NSA by registered mail or Defense Courier Service. Once the STU-III has its seed key, the user calls an 800-number at NSA to have the seed key converted into an operational key. A list of compromised keys is downloaded to the STU-III at this time. The operational key is supposed to be renewed at least once a year.
The operational key is then split into two components, one of which replaces the information on the KSD-64A, at which point it becomes a Crypto Ignition Key or CIK. When the CIK is removed from the STU-III telephone neither unit is considered classified. Only when the CIK is inserted into the STU-III on which it was created can classified information be received and sent.
When a call "goes secure," the two STU-III's create a unique key that will be used to encrypt just this call. Each unit first makes sure that the other is not using a revoked key and if one has a more up-to-date key revocation list it transmits it to the other. Presumably the revocation lists are protected by a digital signature generated by NSA.
While there have been no reports of STU-III encryption being broken, there have been claims that foreign intelligence services can recognize the lines on which STU-IIIs are installed and that un-encrypted calls on these lines, particularly what was said while waiting for the "go secure" command to complete, have provided valuable information.
Hundreds of thousands of STU-III sets were produced and many are still in use as of 2004. STU-III replaced earlier voice encryption devices, including the KY-3 (1960s), the STU-I (1970) and the STU-II (1975). The STU-II had some 10,000 users. These, in turn, replaced less secure voice scramblers.The STU-III is no longer in production, and is being replaced by the STE (Secure Terminal Equipment), a more modern, all digital system that overcomes many of the STU-III's problems, including the 15 second delay.
See also
External links
- STU-III Handbook (http://www.tscm.com/STUIIIhandbook.html)
- STU-III Description, Technical Specification, Pictures (http://www.tscm.com/stu.html)