Home > STU-III

Most STU-III units were built for use with what NSA calls Type 1 encryption. This allows them to protect conversations at all security classification levels up to TOP SECRET, with the maximum level permitted on a call being the lower clearance level of the two persons talking. At the height of the Commercial COMSEC Endorsement Program , Type 2, 3, and 4 STU-IIIs were manufactured, but they saw little commercial success

Two major factors in the STU-III's success were the Electronic Key Management System (EKMS) and the use of a removable memory module in a plastic package in the shape of a house key, called a KSD-64A. The EKMS is believed to be one of the first widespread applications of asymmetric cryptography. It greatly reduced the complex logistics and bookkeeping associated with insuring each encryption device has the right keys and that all keying material is protected and accounted for.

The KSD-64A contains a 64K-bit EEPROMAn EEPROM E²PROM , or E lectrically E rasable P rogrammable R ead O nly M emory, is a non-volatile storage chip used in computers and other devices. Unlike an EPROM, an EEPROM can be programmed and erased multiple times electrically. It may be erased and chip that can be used to store various types of keying and other information. A new (or zeroizedCryptography In cryptography, to zeroise (also spelled zeroize means to erase sensitive parameters (especially keys) from a cryptographic module to prevent their disclosure. When encryption was performed by mechanical devices, this would often mean changi) STU-III must first have a "seed key" installed. This key is shipped from NSA by registered mailBaghdad to San Francisco in August 1945 Registered items of mail are letters which have their details recorded in a register to enable their location to be tracked. The item is pre-paid with the normal postage rate and an additional charge known as a regi or Defense Courier ServiceDefense Courier Service (DCS) is responsible for the secure and expeditious worldwide movement of highly classified, time-sensitive national security materials integral to the national command authorities' C3I systems in a selectively manned, joint DoD Co. Once the STU-III has its seed key, the user calls an 800-number at NSA to have the seed key converted into an operational key. A list of compromised keys is downloaded to the STU-III at this time. The operational key is supposed to be renewed at least once a year.

The operational key is then split into two components, one of which replaces the information on the KSD-64A, at which point it becomes a Crypto Ignition Key or CIK. When the CIK is removed from the STU-III telephone neither unit is considered classified. Only when the CIK is inserted into the STU-III on which it was created can classified information be received and sent.

When a call "goes secure," the two STU-III's create a unique key that will be used to encrypt just this call. Each unit first makes sure that the other is not using a revoked key and if one has a more up-to-date key revocation list it transmits it to the other. Presumably the revocation lists are protected by a digital signatureIn cryptography, digital signatures are a method of authenticating digital information often treated, sometimes too closely, as analogous to a physical signature on paper. Whilst there are analogies, there are also differences which can be important. generated by NSA.

While there have been no reports of STU-III encryption being broken, there have been claims that foreign intelligence services can recognize the lines on which STU-IIIs are installed and that un-encrypted calls on these lines, particularly what was said while waiting for the "go secure" command to complete, have provided valuable information.

Hundreds of thousands of STU-III sets were produced and many are still in use as of 20042004 is a leap year starting on Thursday (the link is to a full 2004 calendar), and has also been designated the: International Year of Rice International Year to Commemorate the Struggle against Slavery and its Abolition Elections are to be held in 73 co. STU-III replaced earlier voice encryption devices, including the KY-3 (1960s), the STU-I ( 1970) and the STU-II ( 1975). The STU-II had some 10,000 users. These, in turn, replaced less secure voice scramblers.The STU-III is no longer in production, and is being replaced by the STE ( Secure Terminal Equipment), a more modern, all digital system that overcomes many of the STU-III's problems, including the 15 second delay.