1993-07-14 - Re: Secure comm program, Sockets + LINK

Header Data

From: wcs@anchor.ho.att.com (Bill_Stewart(HOY002)1305)
To: pmetzger@lehman.com
Message Hash: f60cd6f1bf2bd140d365040de3e76fb3f2d401dc5c0db27dae5a0b6d39774c7a
Message ID: <9307142023.AA01586@anchor.ho.att.com>
Reply To: N/A
UTC Datetime: 1993-07-14 21:06:02 UTC
Raw Date: Wed, 14 Jul 93 14:06:02 PDT

Raw message

From: wcs@anchor.ho.att.com (Bill_Stewart(HOY002)1305)
Date: Wed, 14 Jul 93 14:06:02 PDT
To: pmetzger@lehman.com
Subject: Re: Secure comm program, Sockets + LINK
Message-ID: <9307142023.AA01586@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text


> > How do STU-III phones work then?  Do they have some key in rom?

I don't remember the details (and if I did I'd have to kill you :-),
but they use a little plastic key-shaped dongle that's got some memory in it,
probably EEPROM, which contains keying information.  
Each key works in only a few phones, and each phone only supports a few keys.
The keying information tells it what level of classification the 
phone is authorized for when the key is in it, and phone calls
negotiate that when they set up.  If the phone decides it doesn't like something,
it's able to zero out the key's memory.

> I dunno enough about STU-III phones. Maybe they don't care about man
> in the middle, or maybe they use fixed conventional of some sort for
> authentication. I have a vague memory of someone telling me that some
> of them have code keys.

When you're making a TOP SECRET phone call, you *do* care about man 
in the middle, just as you care about being in a soundproofed room.
The session key exchange is done with Diffie-Hellman with authentication;
I'm not sure if the authentication uses public-key or secret-key technology,
but my guess is it's basic secret-key stuff.  The military version of the phone 
uses classified secret-key algorithms, so presumably the key handling does too.

				Bill




Thread