[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject



Subject: AT&T DES vs. Clipper phone security products

Uncertainty on the availability of DES versus Clipper based products
from AT&T has sparked some interest.  Parties within AT&T were contacted to 
determine the state of their products.

DES is not available in AT&T TSD products and one person said "NSA doesn't
want DES in the TSD." #  Also, the clipper algorithm is currently unavailable
and expected in "September".   This person deferred to a second person who 
provided the following:

The 3600 is available with two proprietary AT&T encryption algorithms, 
one ITAR compliant, one for U.S. persons only.  Two Telephone Security Devices
(TSD) will attempt to hierarchially establish security, the higher security
being non-ITAR compliant.  This will be extended to the clipper algorithm
(highest) when available.  Neither proprietary algorithm is in the public
domain.  [Apparently NSA is perfectly happy with these. + ]

You can buy TSDs now, and pay an extra fee (reasonable) for the ungrade path
to clipper when available (September not absolutely guaranteed).  Paying the
fee will allow you to exchange the TSD for a new and improved one at a later
date.  The hold up on clipper is availability from Mykotronx and questions
were deferred to "the NSA".  AT&T has been performed product integration tests
with clipper and is ready to go as soon as chips are available.

Their willingness to sell clipper phones is predicated on marketplace 
acceptance and the prospect of having a national standard with the chance of 
interoperability between different manufacturers.  There is a perceived need 
for voice security products, and the balance with respect to "legitimate
law enforcement access" was discussed.  There was some confusion about
key management, which was inferred to be present in the clipper chip.

[The question arises as to which clipper chip they are waiting on, the
MYK-78 or the MYK-80 which has key management features.  The question also 
arises as to whether or not the MYK-78 is susceptible to a captured control 
programming attack to prevent transmission of the Law Enforcement Access 
Field, with an inferred assumption that the MKY-80 does not share this 
vulnerability. *]

AT&T will continue to market the present 3600 sans clipper with the two
proprietary encryption algorithms (ITAR/U.S. ONLY).  This was stressed
rather strongly.  The question of relative strenght of cryptographic
algorithms was brought up.  There were no conclusions, as no common
metric can be used, with one public algorithm, two proprietary and one
classified algorithm.  DES availability was discussed and was inferred
to be affected by international agreements limiting DES proliferation.

The TSD uses RCELP, a proprietary vocoder that is supposed to add
fidelity over CELP, and is supposed to encode female voices better,
with better treble.  AT&T feels RCELP is superior to anything else
at 4800 baud.  This raised the question of licensing for RCELP.  RCELP is
not in the public domain to date.  Executive resistance to CELP at 4800
baud is supposedly a good sell for RCELP.

The 4800 baud limitation is based on the least common denominator of
analog cellular communications paths, which won't support V.32 (9600 baud).
The greatest need for telephone security devices is seen for cellular
communications.

The 3600 optionally comes with 5 handset interface modules (as opposed to
one for the base product) that interface different phones to the TSD.
This is required based on different frequency response of handset microphones
as well as signal amplitudes.  The 5 interface modules are considered
universal - covering all types of phones.  Think of this as signal conditioning
to make the RCELP vocoder perform better.  The standard power supply takes
110 VAC, 60 Hz.  An optional universal power supply and international power
package are available.

------

# Is DES secure enough to cause heartburn for our 3 letter agencie cousins?

+ the inferrence being that DES is higher security than either proprietary
  algorithm.

* It has been reported that MYK-80 chips exist and have been tested by
  Mykotronx.