[2646] in cryptography@c2.net mail archive
STE and STU III (was: Director of CIA)
daemon@ATHENA.MIT.EDU (Rick Smith)
Sun May 10 19:08:54 1998
In-Reply-To: <19980430232008.A4143@die.com>
Date: Fri, 8 May 1998 18:04:12 -0500
To: die@die.com, "Arnold G. Reinhold" <reinhold@world.std.com>,
koontz@netapp.com (David Koontz), cme@acm.org
From: Rick Smith <rick_smith@securecomputing.com>
Cc: cryptography@c2.net
I finally got around to looking at the STE web sites. I've tended to
suspect that the STU III was the most successful product ever attributed to
NSA. I've also suspected that it was some sort of fluke. The STE briefings
support my suspicions.
They're taking a phone that costs $2000, works on analog phone lines, and
can be administered (painfully) by a poorly paid security officer, and
they're replacing it with a $3200 phone that is *incredibly* more
complicated to take care of.
The old STUs had the plastic CIKs. The new STEs have CIKs, too, it's just
that they're "virtual" CIKs. Tom, my officemate, put it best:
The STU put the crypto into the phone and the CIK in the key you carry
around.
The STE put the CIK in the phone and the crypto into a PC card you carry
around.
Of course, there's also your personal certificate material, which is also
in the Fortezza card. Even without the burden of Fortezza certificate
management, the CIK manipulations look much worse than what's required for
the STUs.
The STU CIKs looked just like keys and you could wear them around your neck
along with your ID badge. Even though Bill Bialick used to carry around an
"ID badge" that was a Fortezza card with his face printed on it, we're
probably not going to see people wearing those heavy things around their
necks.
>On Thu, Apr 30, 1998 at 05:33:45PM -0400, Arnold G. Reinhold wrote:
>> Indeed. The STE sets and Fortezza cards can each be programmed to enforce a
>> variety of usage controls. Given the versatility of STE, I am suprised that
>> e-mail isn't built in.
The Fortezza card is also used with e-mail software for the Defense Message
System, when and if that finally takes off. There are various pieces of
software out there that will do MSP style e-mail security using the
Fortezza capabilities.
At 11:20 PM -0400 4/30/98, Dave Emery wrote:
> Does anybody know whether the KOV-14 actually implements key
>escrow such that a third party with access to all the private key
>components supplied by NSA could intercept the contents of a secure call ?
>Can NSA do this to other government departments (they appear to have
>legal authority for such as part of their INFOSEC mission) ? Is there
>some equivalent of the Clipper LEAF field in each call setup ? Or is the
>backdoor just based on the use of a unique to the particular KOV-14
>public key supplied and known by NSA to encrypt the session keys
>negotiated. Is there any way a STE user could communicate without
>escrow ?
Originally, Fortezza cards included the classic CAPSTONE implementation
that included the Escrowed Encryption Standard (same as the old Clipper
chip). However, they've shut down all the escrow support for EES and they
pulled the EES processing code out of the Fortezza cards a couple of years
ago.
In any case, all keyed Fortezza Plus cards come from NSA's central keying
facility, so they could in theory keep a copy of all "private" keys.
Conventional Fortezza doesn't give you an interface for directly specifying
a binary crypto key to use, and I suspect the same is true in Fortezza
Plus. "Data" is generally encrypted using a symmetric algorithm, but the
key is generated on the card and only exported after being tightly wrapped
using the Key Exchange Algorithm (KEA). Inbound symmetric keys must be KEA
"protected" or they won't be used.
About a year ago I gave up on the Fortezza Plus as being dead. But I see
they actually managed to deliver some in February.
Rick.
smith@securecomputing.com
