Class 1 Encryption

Introduction

Background

STU-III

 

STU-III Family

 

Data Rates

 

Power

 

Environmental

STE

bullet

Data Rates

bullet

Power

bullet

Environmental

 

Introduction

This document is intended as a technical guide to assist telecommunications professionals in selecting and using encryption devices with the new Inmarsat Global Area Network. The scope of encryption devices will be limited to the Secure Telephone Units employed by various governments and military organizations.  

There are many references to encryption and security procedures, which are unavoidable given the nature of the equipment under discussion. The focus of this document is describing the telecommunications features and capabilities of STE and STU-III equipment, not security procedures. This document assumes proper procedures in programming of the encryption key have been followed successfully. It must be stated, however, that the improper programming of Secure Telephone Units will prevent any and all secure operation.  

This document also assumes that the reader has a working knowledge of ISDN, PSTN and satellite equipment standards and interfaces. A complete understanding of ISDN interface standards is key in avoiding damage to equipment and peripherals.  

The equipment configuration scenarios are presented without regard of airtime costs. The reader or end user should be aware of the differing costs for the various Inmarsat services

 

Background

The Future Secure Voice System (FSVS) initiative, known as the STU-III Program, was initiated in 1984 in response to the Secretary of Defense’s challenge to develop and field a compact, inexpensive, user friendly, secure telephone by the end of the decade. The initial bandwidth capability was a modest 2.4 kilobits per second (kbps) in secure voice or data, with only a single telephone line supported. Competition between the three commercial vendors of the STU-III (AT&T - currently Lucent Technologies, RCA - currently Lockheed-Martin, and Motorola) has spurred these vendors to incorporate current technology into today’s STU-III: adding support of state-of-the-art facsimile; providing video and computer data transfer capabilities; and increasing secure voice data rates to 9.6 kbps (Motorola) or 4.8 kbps (AT&T/Lockheed Martin). Currently, more than 415,000 STU-III units have been delivered to U.S. Government organizations worldwide. The Secure Terminal Equipment (STE) is the next generation secure voice and data security product.  

 

STU-III

The Secure Telephone Unit - Third Generation (STU-III) is a low-cost, user-friendly, secure telephone device. The terminals are designed to operate reliably, with high voice quality, as both ordinary telephones and secure instruments over the dial-up public switch telephone network. STU-III operates in full duplex over a single telephone circuit, using echo canceling modem technology. STU-IIIs come equipped with 2.4 and 4.8 kbps code-excited linear prediction (CELP) secure voice. Secure data can be transmitted at speeds of 2.4, 4.8, and 9.6 kbps. There are many manufacturers each having different maximum throughput rates. The data throughput between two STU-IIIs can only be as great as the slowest STU-III connected. After, 31 March 1998, General Dynamics (Formerly AT&T) became the only producer of STU-III terminals, and will continue to produce terminals until December 1999.

The STU-III Family:

The STU-III/Low Cost Terminal (LCT)

The LCT was designed for use in the office environment among a broad spectrum of military, civil, government, and selected private sector users. It is compatible with standard modular or multiline (key system) connectors and operates full duplex over a single telephone circuit. 

The STU-III/Cellular Telephone 

The Cellular telephone interoperable with all other versions of the STU-III Family. It combines cellular mobile radiotelephone technology with advanced secure voice/data communications. The unit includes a message center that is integrated with the standard cellular handset; it can be conveniently mounted inside a vehicle and provides all STU-III functions, including authentication/classification display. 

The STU-III/Allied (A)

The Allied is a specialized version of the STU-III/LCT that is compatible with the STU-II. It retains all basic STU-III functions and capabilities and incorporates STU-II BELLFIELD Key Distribution Center (KDC), STU-II net, and STU-II multipoint modes of operation. 

The STU-III/Remote Control Interface (RCU) 

The RCU provides RED enclave subscribers with STU-III compatible secure communications in a rack-mounted remotely controlled line-encrypting unit. When used in conjunction with a RED switch or conferencing director, the STU-III/R allows STU-III users to confer with multiple STU-III users or others who have secure functions. It is capable of encrypting/decrypting voice or data over two-wire or four-wire telephone systems and incorporating a 2.4 kbps BLACK digital (external modem) interface. 

The Multimedia Terminal (MMT) 

The MMT 1500 is a diversified STU-III capable of clear or secure voice and data communications over both analog and digital mediums. The MMT interfaces to the commercial telephone system via a standard RJ-11 telephone jack and to digital systems through a Black Digital Interface (BDI). The BDI port will support both half-and full-duplex communications, precedence dialing, black digital network signaling, and multiple satellite hops. When unattended the MMT can automatically answer an inbound call without operator intervention and establish a secure link with any user on a preprogrammed Access Control List (ACL). 

The Inter Working Function (IWF)

The IWF is the shore gateway device that provides the digital to analog conversion between the MMT and the analog STU-III. The IWF supports half and full duplex voice and data communications with rates of 2.4, 4.8, and 9.6Kbps. The IWF improves secure voice and data synchronization over multiple satellite hops with programmable extended time-outs and pre-staging of STU-III call information. The IWF supports all network-signaling functions to enable call setup and status messages including canned voice messaging to the analog user. 

The STU-III Secure Data Device (SDD)

The SDD is designed with the same capabilities as other members of the STU-III family including Secure Access Control System (SACS), remote authentication (RA), remote control, auto-answer secure data, and capable of operating in both attended and unattended environments. The SDD provides protection for facsimiles, e-mail, and computer communications. 

The Motorola CipherTAC 2000 (CTAC) STU-III

The CTAC STU-III family compatible secure voice communications via cellular phone. CTAC without an inserted CipherTAC 2000 security module is unclassified and functions as a non-secure commercial off the shelf (COTS) telephone product. The CTAC CiphterTAC security module is certified for all levels of classified discussions up to and including SECRET in an adequate operating/security environment.

STU-III (Motorola)

 

STU-III (AT&T)

Data Rates:

STU-III/Low Cost Terminal (LCT)
Supports voice/data rates of 2.4, 4.8, 9.6, and 14.4 Kbps

STU-III/Cellular Terminal (SCT)
Synchronous (sync): 2.4, 4.8, 9.6 Kbps
Asynchronous (async): 300, 1.2, 2.4 Kbps

STU-III/Allied (A)
Data: 300, 1200, 2400 bps async & 2400 bps sync

STU-III/Remote Control Interface (R)
Voice: 2.4, 4.8, 9.6 Kbps full-duplex synch/async 2.4 Kbps half-duplex
Data: 2.4, 4.8, 9.6 Kbps full-duplex sync/async 75, 110, 300, 600, 2400, 4800, 9600 bps full-duplex async 2.4 Kbps (or slower rates) half-duplex async 

MultiMedia Terminal (MMT) 1500
BDI Voice: 2.4, 4.8, 9.6 Kbps secure full duplex, 2.4 Kbps half-duplex
Analog Voice: 2.4, 4.8, 9.6 Kbps secure full/half-duplex
Data: 4.8, 9.6 Kbps secure full-duplex sync & async
Simultaneous Voice/Data: 2.4 Kbps secure full-duplex (voice/data)

Inter Working Function (IWF)
Data: 2.4, 4.8, 9.6 Kbps full & half-duplex

STU-III Secure Data Device (SDD)
2.4, 4.8, 9.6 and 14.4 Kbps full-duplex sync & async w/2.4 Kbps half-duplex sync secure data communications link

Motorola CipherTAC 2000 (CTAC)
Voice: up to 4.8 Kbps

Power: 

STU-III/Low Cost Terminal (LCT)
20 Watts (nominal), 115 or 230 VAC, 50-60 Hz

STU-III/Cellular Terminal (SCT)
Volts: +10 to +14 Vdc negative ground, Amps: 3.5 maximum

STU-III/Allied (A)
90 Vac to 265 Vac, 50 Hz to 60Hz

STU-III/Remote Control Interface (R)
90-265 Vac, 117V. 305 nominal

MultiMedia Terminal (MMT) 1500
90-270 Vac, 47-63 Hz (Auto-ranging)

Motorola CipherTAC 2000 (CTAC)
Less than 2.0 watts in secure with 1.75 hours talk time on a 3-hour battery in secure mode. Less than 0.8 watts in clear with 2.75 hours talk time on a 3-hour battery in clear mode. Less than 0.2 watts in power down with 24 hours standby time on 3-hour battery

Environmental: 

STU-III/Low Cost Terminal (LCT)
STU-III/Cellular Terminal (SCT)
STU-III/Allied (A) 

Storage Temperature: -40°C to 70°C
Operating Temperature: 0°C to 50°C

Motorola CipherTAC 2000 (CTAC)

Operating Temperature: 0°C to 50°C
Storage Temperature: -40°C to 70°C

 

STE

The Secure Terminal Equipment (STE)/Office is the evolutionary successor to the STU-III. The STE program will improve shore secure voice communications as well as shipboard communications by changing out the analog STU-III products with digital-based STE products. The STE cryptographic engine is on a removable Fortezza Plus KRYPTON ™ Personal Computer Memory Card International Association (PCMCIA) Card, which is provided separately. The STE Data Terminal provides a reliable, secure, high rate digital data modem for applications where only data transfer (FAX, PC files, Video Teleconferencing, etc.) is required. All STE products will be STU-III secure mode compatible with the following enhanced capabilities:

bulletVoice-recognition quality secure voice communication.
bulletHigh-speed secure data transfers (up to 38.4 Kbps for asynchronous or 128Kbps for synchronous).

STE terminal products can use Integrated Services Digital Network (ISDN), analog PSTN, TRI-TAC, or direct connection to Radio Frequency (RF) assets via RS-530A/232E ports. Maximum STE performance may be attained only by those commands employing ISDN service with two Bearer Channels (2B+D ISDN Service). When connected to a PSTN (Analog Telephone) service, the STE/Office units will only support current STU-III voice and data capabilities.

A tactical version, STE/Tactical is a replacement for MMT 1500 with a Digital Non-secure Voice Terminal (DNVT) adapter. Though not a direct replacement for the KY-68, the STE/Tactical can serve as a DNVT replacement with secure voice communication capabilities in STU-III modes over TRI-TAC/Mobile Subscriber Equipment (MSE). STE/Tactical is not secure mode compatible with the Digital Secure Voice Terminal DSVT KY-68.

A STE Direct Dial capability; comprised of the STE/C2 Tactical terminal and/or associated STE/Interworking Function(s) will improve on the existing "Direct Dial" secure voice dial-up operations. STE Direct Dial improves secure mode connectivity, provides operational flexibility support for both plain text and cipher text voice modes, and provides a standardized secure digital telephone system solution and Joint CINC interoperability with forces at sea and ashore.

Individual STE Product Capabilities:

bulletSTE/Office provides enhanced STE capabilities over digital ISDN and STU-III over analog PSTN.
bulletSTE/Data provides STE and STU-III data capabilities only.
bulletSTE/Tactical with Wedge supports STU-III Black Digital Interface (BDI) over TRI-TAC/MSE or RF asset.
bulletSTE Direct Dial:
bulletSTE/C2 Tactical with Wedge supports STU-III BDI over ISDN or RF asset.
bulletSTE/IWF provides interface with PSTN (Analog) and ISDN (Digital).

STE products without an inserted Fortezza Plus KRYPTON ™ Card are unclassified and function as non-secure COTS telephone products. The NSA currently designates The Fortezza Plus KRYPTON ™ Card as an Accounting Legend Code 1 (ALC-1) item. Even though STE's are unclassified items, they should still be treated as high-value Government property (e.g., such as an office computer). Certification of STE will provide security for all levels of traffic, up to and including TOP SECRET Special Compartmented Information (TS-SCI). When a Fortezza Plus KRYPTON ™ Card is inserted into a STE, secure storage must be provided to the extent required by NSA directive for the maximum classification level of the key used. Fortezza Plus KRYPTON ™ Card is considered classified to the maximum level of key classification until it is associated with a STE terminal. Once associated with a STE terminal, the card is considered unclassified when not inserted in the associated STE terminal.

STE/Office (L-3 Communications Inc.)

L3 STE Manual Release 1B

Data Rates:

STE/Office
Synchronous Secure: 2.4 to 128 Kbps
Asynchronous Secure: 2.4 to 38.4 Kbps

STE/Data
Synchronous Secure: 2.4 to 128 Kbps
Asynchronous Secure: 2.4 to 38.4 Kbps

STE/Tactical
Synchronous Secure: 2.4 to 128 Kbps
Asynchronous Secure: 2.4 to 38.4 Kbps

SSTE Direct Dial (GW/IWF Module)
Voice and Data: Narrowband: 2.4, 4.8, 9.6 Kbps
Wideband: 64, 128 Kbps

Power:

STE/Office
External Power Supply 90-253 Vac, 47-63 Hz, Autoranging 20 watts maximum

STE/Data
External Power Supply 90-253 Vac, 47-63 Hz, Autoranging 20 watts maximum

STE/Tactical
External Power Supply 90-253 Vac, 47-63 Hz, Autoranging
20 watts maximum
Standard EOC Connector
Portable Uninterruptible Power Supply (PUP)

SSTE Direct Dial (GW/IWF Module)
External Power Supply 90-253 Vac, 47-63 Hz, Autoranging

Environmental:

STE/Office Operating Temperature: 0°C to 40°C
Operating Rel Humidty: 10% to 90% Noncondensing
Storage Temperature: -20°C to 60°C 
STE/Data Operating Temperature: 0°C to 40°C
Operating Rel Humidty: 10% to 90% Noncondensing
Storage Temperature: -20°C to 60°C
STE/Tactical Operating Temperature: 0°C to 40°C
Operating Rel Humidty: 10% to 90% Noncondensing
Storage Temperature: -20°C to 60°C
STE Direct Dial (GW/IWF Module) Operating Temperature: 0°C to 50°C
Operating Rel Humidty: 10% to 90% Noncondensing
Storage Temperature: -20°C to 60°C

Additional STE information:

Office/STE data sheet
Data/STE data sheet
Video/STE data sheet
Tactical/STE data sheet
Direct-Dial Gateway data sheet