[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

secure phones - STU3



-----BEGIN PGP SIGNED MESSAGE-----


I browsed through the owner's manual for the AT&T STU-III secure phone
unit today.  It has no technical information whatsoever (security
through obscurity?).

It uses a so called CIK (Crypto Ignition Key), which resembles one of
those electronic keys that hotels use.  It must be inserted in a
"lock" in the phone, and turned 90 degrees.  This will enable one of
the crypto keys that is stored in the phone's battery backed up memory
(loaded previously by a "COMSEC custodian" through a data port on the
phone.  The manual warns the phone must be in a relatively secure
location and points out an emergency erase button that wipes out the
keys stored in memory.

Then you call someone, say you want a secure channel, wait for
them to insert their CIK (and tell you so), then touch the "secure
voice" button on the panel.

The manual then says it will go through an "authentication process",
the results of which will be displayed on the STU-III's screen.  It
will show data such as the other stations ID number, the security
level of the channel (secret, top secret, etc), and the baud rate.

Does anyone know how this works technically?  My speculation: It seems
to be a public key system.  The phone's memory seems to contain a
secret keyring, and a CIK is a 'passphrase' to a secret key, to make
an analogy to PGP.  Then the authentication process includes
exchanging a session key for a conventional crypto system - no doubt
DES.

Apparently the NSA issues the keys to authorized agencies and
contractors.  The public keys contain information such as the ID
number of the key, possibly the authorized user's name, the security
clearance level for that key, etc, which is exchanged during
authentication.

Am I on the right track?  Comments and speculations welcome.


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQBVAgUBLOg+wDSSmvXojb+5AQEplQH+JdiaWbzgXiWPtqVaQcPIo4arzOI8Fl1Z
6ylkT9UL/Qh8BpoyVK9PqiEwazaLPxCxWYksOty7LlRy0zByVXqWHw==
=8E4k
-----END PGP SIGNATURE-----