STU-III is a family of secure telephones introduced in 1987 by the NSA for use by the United States government, its contractors, and its allies. STU-III desk units look much like typical office telephones, plug into a standard telephone wall jack and can make calls to any ordinary phone user (such calls receiving, however, no special protection). However, when a call is placed to another STU-III unit that is properly set up, one caller can ask the other to initiate secure transmission (or, colloquially, to "go secure"). They then press a button on their telephones and, after a 15 second delay, their call is encrypted to prevent eavesdropping. There are portable and militarized versions and most STU-IIIs contain an internal modem and RS-232 port for data and fax transmission. Vendors were AT&T (later transferred to Lucent Technologies), RCA (Now L3-Communications, East); and Motorola.
Different versions exist:
Most STU-III units were built for use with what NSA calls Type 1 encryption. This allows them to protect conversations at all security classification levels up to Top Secret, with the maximum level permitted on a call being the lower clearance level of the two persons talking. At the height of the Commercial COMSEC Endorsement Program, Type 2, 3, and 4 STU-IIIs were manufactured, but they saw little commercial success.
Two major factors in the STU-III's success were the Electronic Key Management System (EKMS) and the use of a removable memory module in a plastic package in the shape of a house key, called a KSD-64A. The EKMS is believed to be one of the first widespread applications of asymmetric cryptography. It greatly reduced the complex logistics and bookkeeping associated with ensuring each encryption device has the right keys and that all keying material is protected and accounted for.
The KSD-64A contains a 64kbit EEPROM chip that can be used to store various types of keying and other information. A new (or zeroized) STU-III must first have a "seed key" installed. This key is shipped from NSA by registered mail or Defense Courier Service. Once the STU-III has its seed key, the user calls an 800-number at NSA to have the seed key converted into an operational key. A list of compromised keys is downloaded to the STU-III at this time. The operational key is supposed to be renewed at least once a year.
The operational key is then split into two components, one of which replaces the information on the KSD-64A, at which point it becomes a Crypto Ignition Key or CIK. When the CIK is removed from the STU-III telephone neither unit is considered classified. Only when the CIK is inserted into the STU-III on which it was created can classified information be received and sent.
When a call "goes secure," the two STU-III's create a unique key that will be used to encrypt just this call. Each unit first makes sure that the other is not using a revoked key and if one has a more up-to-date key revocation list it transmits it to the other. Presumably the revocation lists are protected by a digital signature generated by NSA.
While there have been no reports of STU-III encryption being broken, there have been claims that foreign intelligence services can recognize the lines on which STU-IIIs are installed and that un-encrypted calls on these lines, particularly what was said while waiting for the "go secure" command to complete, have provided valuable information.
Hundreds of thousands of STU-III sets were produced and many are still in use as of 2004. STU-III replaced earlier voice encryption devices, including the KY-3 (1960s), the STU-I (1970) and the STU-II (1975). The STU-II had some 10,000 users. These, in turn, replaced less secure voice scramblers. Unlike earlier systems, the STU-III's encryption electronics are completely contained in the desk set. The STU-III is no longer in production, and is being replaced by the STE (Secure Terminal Equipment) or OMNI, more modern, all digital systems that overcome many of the STU-III's problems, including the 15 second delay.
Secure Terminal Equipment (STE) became the successor of STU-III in the 1990s. Similar to STU-III, an STE unit resembles physically to an ordinary telephone. Besides connecting to a regular wall phone jack (Public Switched Telephone Network), the STE was originally designed to be connected to Integrated Services Digital Network (ISDN) lines. As a result, in addition to having secured voice conversations, users can also use an STE unit for classified data and fax transmissions. Transfer rate of an STE is also considerably higher (STU-III: up to 9 kbit/s; STE: up to 128 kbit/s). Lastly, an STE unit is backward compatible with an STU-III unit when both units are connected to the PSTN.
The heart and soul of an STE unit lie within the Fortezza Plus (KOV-14) Crypto Card, which is a PCMCIA card. It contains both the cryptographic algorithms as well as the key(s) used for encryption. Cryptographic algorithms include BATON, FIREFLY, and SDNS signature algorithm. When the Crypto Card is removed from the STE unit, neither the phone or the card is considered classified. BATON is a block cipher developed by the NSA with a block size of 128 bits and key size of 320 bits. FIREFLY, on the other hand, is a key distribution protocol developed by the NSA. The FIREFLY protocol uses public key cryptography to exchange keys between two participants of a secured call.
Both STU-III and STE are built on technologies that are proprietary and detail of the cryptographic algorithms is classified (e.g. BATON, FIREFLY). Although the secrecy of the algorithms does not make the device less secure, it does limit the usage to within the U.S. military. The concept of secured voice application is nothing new to the commercial world. Synchronous transmission of confidential information is often necessary for the operation of a business. Many corporations have resorted to the more-available Voice Over IP (VOIP) technology. However, security of VOIP calls has been limited to compression to make eavesdropping difficult, security by obscurity, and encryption/cryptographic authentication which is not widely available. Within the Department of Defense, VOIP has slowly emerged as an alternative solution to STU-III and STE. The high bandwidth of IP networks makes VOIP attractive because it results in superior voice quality over STU-III and STE. To secure VOIP calls, VOIP phones are connected to classified IP networks (e.g. Secret Internet Protocol Router Network – SIPRNET).
Both allies and adversaries of the United States are interested in STU-III, STE, and other secured voice technologies developed by the NSA. Espionage can be traced back to more than a thousand years as countries try to gain advantages over others by illegally obtaining sensitive information through various means. As of this moment, there has not been any reported cryptanalysis on the encryption algorithms used by the STU-III and STE. Any breaks in these algorithms could jeopardize national security and, potentially, threaten the lives of citizens both in the United States and allied countries..
Because of the sensitive nature of the subject, there are few relevant documents available on the Internet. The war on terrorism has caused many government agencies to remove any potentially-sensitive information from their websites in the public domain. During the course of research, the majority of the information originates from the manufacturers (e.g. L-3 Communications) of STU-III and STE. As mentioned earlier, the detail of the cryptographic algorithms is considered classified, and is therefore not available. Information about STU-III is very limited despite the fact that it is out of production.