STU III (Secure Telephone and KSD-64)

In general, STU-III (Secure Telephone Unit Third Generation) is the standard telephone used by governments at all levels for secure communications. It is manufactured by various companies such as Motorola and AT&T, and is unique in that although it plugs into a normal telephone jack, the unit itself requires a security controlled key to access other STU-III units and users. The STU-III was used everywhere and was included with small VSAT (satellite communications) gear.

If one needs to discuss classified information, the STU-III can be used in non-secure mode to place a call to another party who also has a STU-III. After the connection is made, the caller asks the called party to "go secure." Both parties, then place their crypto-ignition keys (CIKs) into the phone terminal, turn them on. One party or the other then presses the SECURE button but not both. It may take about 15 seconds for the secure connection to be established. When the secure connection is activated, the display screen on the STU-III unit shows the highest classification level at which discussion is authorized. After hanging up, the user should wait at least two seconds before removing the CIK.

An example of a KSD-64 crypto-ignition key. [Photo courtesy Jerry Proc]

Rules regarding use of the STU-III and protection of the CIK that activates the encryption system are much less restrictive and cumbersome than rules governing older encryption systems. In older systems, the code used to encrypt message traffic was loaded into the secure communications device in a physical form such as a punch card or paper tape with a pattern of holes punched in it. If this type code is compromised, an intercepted message can be deciphered.  Any code material that is in physical form is susceptible to compromise.

Advanced technology now makes it possible to generate a new traffic encryption code electronically at the time each secure call is made. The traffic encryption code only exists in electronic form. Since it did not exist prior to the call and disappears when the call is terminated, it is extremely unlikely that an adversary will be able to obtain the code. Even if that did happen, the code could only be used to decipher that one message, since a new traffic encryption code is generated for each call.

What is the greatest risk associated with the STU-III? It is the supposedly unclassified chitchat that goes on before the STU-III is switched to secure mode. A defector from one of the intelligence services that intercepts U.S. communications reports that the encrypted STU-III conversations are unbreakable, but the discussions before the STU-III encryption is activated, and sometimes after it is deactivated, are a bonanza of valuable information. It is not difficult for communications intercept personnel to identify the phone numbers associated with  STU-IIIs. Since the same numbers are also used for unencrypted conversations, these numbers are high priority targets.

The STU-III instrument itself is not classified. It may be installed and used in any room in which classified conversations are permitted. Special rules do apply to protecting the CIK that turns the STU-III from a regular telephone into a secure telephone. The CIK that activates the secure mode of the STU-III looks similar to a car key, but it contains an electronically erasable programmable read-only memory chip (EEPROM). The physical device is called a KSD-64A. When used as a CIK, the KSD-64A stores an electronic password which allows you to use the secure features of a particular STU-III. A KSD-64A can also be programmed to store other information. The rules for protecting it  vary depending upon what information is stored on it at the time.

When the KSD-64A is programmed to serve as a standard crypto-ignition key (CIK), for converting the STU-III from a normal telephone to a secure telephone, it should be  protected as  follows:

1) When the CIK and the STU-III are kept in the same room, the CIK must be protected at the highest classification level of the information that the STU-III is authorized to transmit. When not kept in the same room as the STU-III, however, the CIK may be protected as anyone would a high value item of personal property, such as a credit card.  It may be stored in a locked cabinet or desk. It may also be kept in the personal possession of the authorized holder.

2) Most users of the STU-III will handle only the standard crypto-ignition key. When the KSD-64A is programmed as a seed key for initial loading of the STU-III unit or as an operational key or master key, it must be protected as follows:

a) Seed Key: Protect by the best means available, up to the classification level that it may be used for. It may be simply locked in a file cabinet if that is the best means available at a given facility.
b) Master Key: Protect as classified at the level the phone operates.
c) Operational Key: Protect as CRYPTO material in addition to classification level involved.

Any unauthorized use or loss of the KSD-64A must be reported.


Motorola STU-III Secure Telephones (SECTEL) are secure voice/data telephone terminals. The STU-III/A is a version of the STU-III family designed for use within the NATO community. It contains all the basic STU-III functions and capabilities, while adding the STU-III modes of operation. The STU-III SECTEL models are black in color and incorporate the capability to store 17 net keying variables compared to the storage of one net keying variable with the Limit Rate Initial Production model. The STU-III models have two and four wire adapters built into the terminal.

The STU-III SECTELs operate at 2400, 4800, and 9600 bps full duplex secure voice. Secure digital data transmission is possible at 75, 110, 300, 600, and 1200 bps in the asynchronous mode. In the synchronous mode, digital data can be securely transmitted at 2400, 4800 and 9600 bps.

The STU-III is capable of being keyed in three different ways. For STU-III interoperability, the first uses the FIREFLY II key concept where all keys are in electronic form and initial keying can be done locally or by access to the Key Management Central Facility. No per call access is required. For STU-III interoperability, the second and third way uses the Bellfield Key Distribution Center (KDC) concept with per call access or commonly held NET key.

Motorola SECTEL 1500. Both the Motorola and AT&T phones used digitized and scrambled voice at 4800 bps using Code Excited Linear Prediction called CELP. Keying had to be done every three months. (Photo courtesy Motorola)

The Motorola STU-III SECTEL serves as two wire and four wire switched telephone systems used in the continental United States and Overseas. They are approved for use at all classification levels. The authorized vendor is Motorola, Inc. The cost for a STU-III Sectel is $3,795.

It was the Motorola STU-III that President George Bush used to receive and place calls from the Florida public school classroom on September 11, 2001.

AT&T STU-III 1100/1150

The AT&T STU-III Secure Voice/Data Terminal model 1100 single line terminal, and model 1150 multi-line terminal provide secure voice and data communications between two sites. Secure communications can be established with any U.S. Government approved STU-III device. In the "clear" voice mode, the 1100/1150 series operate like any convention telephone.

In the secure data mode, the 1100/1150 can communicate with other STU-III devices at 2400 bps, 4800 bps, and 9600 bps in both synchronous and asynchronous data cells. It supports full duplex communications at all of these rates, and half duplex synchronous communications at the 2400 bps rate. Crypto ignition keys are used to activate the STU-III for secure communications.

The AT&T STU-III 1100/1150 are used to secure data and voice communication. This product is approved for the use at all classification levels. The authorized vendor is AT&T Secure Communications Products. The cost is $1,300.

AT&T STU-III 1900/1910

The AT&T STU-III Secure Data Terminal models 1900 and 1910 provide secure digital data communication between two sites. Secure data transfers can be established with any U.S. Government approved STU-III device. The 1900 model can communicate with other STU-III devices at 2400 bps, 4800 bps, and 9600 bps in both synchronous and asynchronous full duplex communications. In addition to the data rate of the model 1900, the model 1910 operates at a maximum of 14400 bps. Asynchronous operation is not available at 2400 bps half duplex. Crypto-ignition keys are used to activate the STU-III for secure communications.

The AT&T STU-III 1900/1910 series are approved for use at all classification levels. The STU-III is a replacement of the STU-III 1900. The authorized vendor is AT&T Secure Communications Products. The cost for the 1900 series is $1,300 and the 1910 series is $2,000.



Back To Menu Page
Aug 2/04