 |
CipherTAC® 2000 Security Module
|
|
Features |
|
|
Applications | |
|
Specifications | |
|
Physical Characteristics | |
|
CipherTAC Line Drawing |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
13 April 1998: Add link to GSM
hack
11 April 1998: Add links to NSA and EIA
sources
10 April 1998: Add messages and
more
10 April 1998
Date: April 9, 1998 To: cypherpunks@toad.com From: jya@pipeline.com Subject: Secure Cell Phones for State U.S. State Dept Press Briefing 9 April 1998: Briefer: James Rubin Now, I have a piece of show-and-tell for you, which I do rarely around here. But I thought this was interesting enough, even for you cynical and jaded journalists. This is a secure cell phone. Lieutenant General Kenneth Minihan, Director of the National Security Agency, presented Secretary Albright with a bank of Motorola Cipher-Tac 2000 security modules to provide secure cellular communications. This state of the art secure voice cellular technology will offer the highest level of security wherever and whenever the Secretary and her top advisors need to protect their communications. So when you see us carrying this beast around, rather than the slim-line phones we usually like to use, you'll know that's because we're trying to have a secure call. That is not only for the obvious good reason that we want to make sure nobody is interfering, but we also want to make sure that nobody is making transcripts and passing them around for a variety of perfidious reasons. So this here is the original, first secure cell phone to be delivered to Secretary Albright, and we thought you guys might get a kick out of that. ----- Would anyone know the security technology of this unit and its support system? And how it compares to those of competitors in the US and outside?
From: Adam Shostack <adam@homeport.org> Subject: Re: Secure Cell Phones for State To: jya@pipeline.com (John Young) Date: Fri, 10 Apr 1998 08:42:42 -0400 (EDT) Cc: cypherpunks@toad.com http://www.mot.com/GSS/SSTG/ISD/Secure_Telecom/CipherTAC_2000.html Its a STU-III, operating at 4.8kbps. Which means that you lose the shit sound of a normal cell phone, only to be replaced by the shit sound of a 4800bit codec. It is *not* recoverable encryption, because as the NSA and State both know, there are security risks there. And we all know that our country's most valuable secrets are transmitted by people like Madeline Albright, and thus deserve better protection than can be offered by recoverable systems. Adam
Date: Fri, 10 Apr 1998 09:25:01 -0700 (PDT) From: Phil Karn <karn@qualcomm.com> To: jya@pipeline.com CC: cryptography@c2.net, karn@qualcomm.com Subject: Re: Secure Cell Phones for State I don't know about the Motorola phones, but a while back Qualcomm built a bunch of prototype secure CDMA phones for NSA under a contract project called "Condor". They insisted on hardware encryption, originally using Fortezza PCMCIA cards but later it became apparent that they really wanted STU-III. So we had to build a PCMCIA adapter that stuck on the back of a Qualcomm CD-7000 (our first generation CDMA portable, never sold on the market in large quantities). This must all be public info, because NSA took photos of the units and put them up in the National Cryptologic Museum. Phil
Date: Fri, 10 Apr 1998 16:30:24 -0400 From: Dave Emery <die@die.com> To: Phil Karn <karn@qualcomm.com> Cc: cryptography@c2.net Subject: Re: Secure Cell Phones for State On Fri, Apr 10, 1998 at 09:25:01AM -0700, Phil Karn wrote: [snip] Am I missing something here, or are the STU III "add ons" for your phones and Motorola's full STU III implementations with integrated modems and/or some provision for getting off the cell system as V.32 modem tones to directly connect to a STU III on the other end ? This would allow direct interoperation with all the other hundreds of thousands of STU IIIs in offices and scattered throughout the federal and POTS telephone networks... Much more useful than Fortezza cards since a STU III capability allows end to end encryption of any desired security level over the standard phone system to the large installed base of land line STU IIIs without requiring that the serving MTSO (mobile telephone switch) have any access to the RED (secure) side of the call with all the guards, and vaults and TEMPEST sheilding and so forth this implies. This allows use of the phones almost anywhere. The only way that Fortezza would be useful is in establishing links to another Fortezza phone or to some sort of trusted intermediary that handled the conversion to STU III, which would of course add delay to the talking path and make the whole thing more brittle and cumbersome than having the cellphone able to talk STU III directly. Of course if there was a large base of Fortezza phones things might be different. -- Dave Emery N1PRE, die@die.com DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Date: April 10, 1998 From: John Young <jya@pipeline.com> To: cryptography@c2.net Subject: Secure Cell Phones for State Motorola's site is informative (thanks for the pointers and comments), and perhaps cannot reveal the detail needed to compare security level to other systems in the US and other countries. Dave Emery probes the tech questions a bit and I'll go further, with Adam Shostack and others, to ask as a citizen why we cannot purchase the level of cell phone privacy that our gov and mil folks can with our money (a return to the NSA-crippled algo of CMEA and CAVE). There has been some discussion of this on UK Crypto about the various telco security systems in Europe and the same critique of a double standard has been made. Cell phone manufacturers would have a big stake in who gets the best security to the global public first. Moreover, as Scientific American points out in its special section this month, applications of wireless technology are rapidly growing for a host of new information distribution, collection and interactive purposes. The need for security of this data floating through the spectrum could hardly be greater, not only for privacy but for prtoection against tampering, insertion of disinformation, and a variety of new ways to warp data to fit schemes the owners and originators never dreamed of. Is end to end encryption of the STU-III sort going to be needed for all wireless or is there other plans in the works at TLAs and TIAs? It would be greatly appreciated if those who may be tongue-tied by NDA and worse, if we were pointed in the right direction by, say, semaphore, to the likely places where we can dig out, say, by FOIA, what we need to know about Albright-privileged wireless security. Finally, are the TAC-2000 units useful for the Secretary's global travels? If so, are they supported by military networks overseas? Or do American officials use a different system when traveling? Note: We're commencing a log of this discussion of this topic from several lists at: http://jya.com/tac-2000.htm
Date: Fri, 10 Apr 1998 16:00:34 -0700 From: koontz@netapp.com (David Koontz) To: die@die.com, karn@qualcomm.com Subject: Re: Secure Cell Phones for State Cc: cryptography@c2.net [snip Dave Emery message] There is a thing called Fortezza-Plus or Krypton which adds Type I encryption to a PCMCIA card. This is the basis of the STE (STU-III replacement phones), whose other major feature upgrade includes ISDN. url <http://www.nsa.gov:8080/programs/missi/stepg.html> There is a link to L3 Corps web page but not to the Motorola page (maybe they lost a contract?).
Date: Fri, 10 Apr 1998 21:21:06 -0400 From: Dave Emery <die@die.com> To: John Young <jya@pipeline.com> Cc: cryptography@c2.net Subject: Re: Secure Cell Phones for State On Fri, Apr 10, 1998 at 07:00:14PM -0400, John Young wrote: > > Finally, are the TAC-2000 units useful for the Secretary's > global travels? If so, are they supported by military networks > overseas? Or do American officials use a different system > when traveling? Reading the Motorola specs makes clear that the CipherTAC 2000 module interfaces an analog cellphone (AMPS NAMPS or ETACS) using V.32 modem tones at 4.8 kbs to remote STU IIIs. This would make these phones useful anywhere analog service was available. Security (and voice quality) would be the same as STU III, EG end to end Type I with up to Top Secret possible. The product sounds like a Newt memorial quick fix... Most places the Secretary travels actually use GSM phones rather than the various US digital systems, although many of those places still have some of the AMPS analog stuff or the European version of it (ETACS) still operating so the cipherTAC-2000 would probably still work. I do know that within the US the WHCA people have been using cellphone STU III links to the President's limos for years (but the primary secure system called Yankee/Zulu is set up by WHCA at the trip site and operates on Federal VHF frequencies using military crypto gear and a direct satellite link back to the White House Secure Switchboard (Royal Crown) from a satellite terminal located at the USSS/WHCA command post). How much of the time the WHCA limos use special digital CDPD links and how much they use plain old AMPS with modem tones I don't really know. Both military (UHF fleetsat) and INMARSAT satellites are extensively used by traveling diplomats to call home, one suspects often in preference to using local telephone systems. Both of these satellite systems support secure voice (INMARSAT directly supports use of STU IIIs). The terminals use portable dish antennas carried in baggage and unfolded and pointed at the satellite from hotel or conference sites. A hand carried STU III cellphone would be more conveniant for diplomats than the satcom terminals and might have significantly lower delay and easier talking as a result. I think the general intent is to provide cell phones that can interoperate with STU IIIs as the primary method. Old fashioned analog cell phones can carry modem tones and be used with variable results with ordinary STU IIIs (the same problems with modem tones over cell apply here as they do to other data over analog cell - dropouts, bursts of errors, renegotiation of connections etc). Digital cell phones cannot carry high speed modem tones directly and need to be interfaced to devices at the MTSO that offload the digital data and shovel it down a regular modem toward the far end. To the extent that such devices are provided by the network infrastructure a digital cellphone can be used for secure voice. But see Phil's comment on this. -- Dave Emery N1PRE, die@die.com DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Date: Fri, 10 Apr 1998 18:56:16 -0700 To: John Young <jya@pipeline.com> From: Steve Schear <schear@lvdi.net> Subject: Re: Secure Cell Phones for State >Finally, are the TAC-2000 units useful for the Secretary's >global travels? If so, are they supported by military networks >overseas? Or do American officials use a different system >when traveling? The TAC-2000's analog protocols, AMPS, NAMPS, JTAC and ETAC, support all ITU regions (the Americas, including the Caribbean), Africa, Europe, Asia and Asia Pacific. --Steve PGP mail preferred, see http://www.pgp.com and http://web.mit.edu/network/pgp.html RSA fingerprint: FE90 1A95 9DEA 8D61 812E CCA9 A44A FBA9 RSA key: http://keys.pgp.com:11371/pks/lookup?op=indexsearch=0x55C78B0D --------------------------------------------------------------------- Steve Schear | tel: (702) 658-2654 CEO | fax: (702) 658-2673 Lammar Laboratories | 7075 West Gowan Road | Suite 2148 | Las Vegas, NV 89129 | Internet: schear@lvdi.net ---------------------------------------------------------------------
Source: http://www.mot.com/GSS/SSTG/ISD/Secure_Telecom/CipherTAC_2000.html
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Source: http://www.mot.com/GSS/SSTG/ISD/Secure_Telecom/CipherTAC_2000_Line.html
CipherTAC® 2000 Security Module and Cellular Phone
National Security Agency information on Secure Voice, Data and Video Communications:
http://www.nsa.gov:8080/programs/missi/stu3.html
STU-III - Secure Telephone Unit, 3rd Generation.STU-IIIs are the standard secure telephone for the U.S. Government, used by people at all levels: the President and his Cabinet, Congress, the military, civil agencies, law enforcement, government contractors and research institutions. The major goals of the STU-III program were to provide an affordable secure telephone that fit conveniently on a desk, was easy to use, and worked over the public telephone network. The first STU-IIIs became available in 1987. Since then, over 300,000 STU-IIIs have been fielded. Continual improvements have enabled the STU-III family to evolve to support many applications. They provide security for voice conversations and data communications such as faxes, computer-to-computer file transfers, and video.
NOTE: STU-IIIs are available for purchase by U.S. Government users. Contact 1-800-GO-MISSI.
STU-III Vendors
(Only Currently Available Products Are Displayed)
http://www.nsa.gov:8080/programs/missi/stepg.html
STEs are the next generation of secure voice and data equipment for advanced digital communications networks, such as Integrated Services Digital Network (ISDN).Several factors prompted the development of an evolutionary successor to the STU-III:
- Demand is snowballing for faster transmission speeds, better reliability, and increasingly advanced services such as dial up access to the Internet or calling number identification. In response, the telephone networks have been steadily evolving from analog to digital. The nation's telecommunications infrastructure is being transformed.
- More interoperability is needed. Today, there is no single solution which provides seamless, secure interoperable communications for U.S. strategic and tactical forces, and with foreign Allies.
- Maximum use of products based on commercial standards is part of the Government's drive to reduce costs while improving capabilities.
The STE consists of a host terminal and a removable security core. The host terminal provides the application hardware and software. The security core is a FORTEZZA® Plus cryptographic card, which provides all the encryption and other security services.
The first STE products will use both the Integrated Services Digital Network (ISDN) and the analog Public Switched Telephone Network (PSTN). ISDN provides the speed and high quality digital connections that enable toll quality secure voice (32 kbps vs. 4.8 kbps), faster data rates (up to 128 kbps vs. 9.6 kbps), secure three party conferences and STU-III compatible modes. When connected to PSTN, STEs will emulate STU-IIIs. STEs will be software upgradeable to provide future enhancements to fielded products.
Digital networks give people the power to perform their missions faster and more efficiently. STE lets them do it securely.
NOTE: STEs are available for purchase by U.S. Government users. Contact 1-800-GO-MISSI.
VENDORS
One vendor is developing the STE:
L3 CommunicationsNOTE: You will exit the Secure Voice, Data and Video Communications pages when you activate this WWW link.
NOTE: This product has not been evaluated by NSA nor has it been endorsed by NSA.
http://www.nsa.gov:8080/programs/missi/frt+.html
FORTEZZA-Plus (KOV-14) - All keys and cryptography used by the STE are contained inside a FORTEZZA Plus cryptographic card. Without a FORTEZZA Plus, the STE cannot be used in secure modes. The FORTEZZA Plus is loaded with STE key for STE secure modes, and STU-III key when STU-III interoperability is needed. Both kinds of key are ordered from the Central Facility. Typically, a FORTEZZA Plus will be issued to each user. The FORTEZZA Plus is accountable within the COMSEC Material Control System by serial number (accounting legend code-1), and is unclassified when separated from its associated STE terminal.FORTEZZA Plus is an evolutionary member of the FORTEZZA PC card family, providing additional security capabilities. The Government algorithms employed in the FORTEZZA Plus card can provide security services to protect information of any classification level, although system security capabilities depend on many other components. The FORTEZZA Plus algorithm set maintains backward interoperability with the FORTEZZA Sensitive But Unclassified (SBU) security services.
The MISSI Security Management Infrastructure (SMI) is targeted to assume responsibility for initializing FORTEZZA Plus cards. Until then, FORTEZZA Plus cards will be initialized by the Electronic Key Management System (EKMS).
FORTEZZA® is a registered trademark of the National Security Agency
[Note these are links to ordering hardcopy, online versions not available]
http://www.isotel.com/standard.htm
Isotel Research Ltd.
Wireless Communication Standards (North-American)
This document provides a sorted index into TIA/EIA Standards for cellular and PCS communication. (Wouldn't it be nice if the TIA/EIA made standards available on-line...)
Electronic Industries Association
D-AMPS TDMA
PN-3616800 MHz Cellular Systems TDMA Services STU III
Committee: TR-45.3
Issued: 08/25/95
CDMA
PN-3571
STU III Service Option for Wideband Spread Spectrum Systems
Committee: TR-45.5
Issued: 05/10/95
For more information and how to order
cfleming@eia.org
Electronic Industries Association
For information on NSA-weakened security technology for cellular phones in U.S. systems see:
http://jya.com/tr453.htm