Using the STU-III

Classified information shall not be discussed over unsecured telephone lines. The STU-III is a special telephone instrument that can be switched to a secure mode for discussion of classified information. The abbreviation STU-III stands for Secure Telephone Unit -- third generation.

If you need to discuss classified information, you can use the STU-III in non-secure mode to place a call to another party who also has a STU-III. After the connection is made, you ask the party receiving the call to "go secure." You and the other party then put your crypto-ignition keys (CIKs) into the phone terminal, turn them on and press the SECURE button. It may take about 15 seconds for the secure connection to be established. When the secure connection is activated, the display screen on the unit shows the highest classification level at which discussion is authorized. After hanging up, wait at least two seconds before removing the CIK.

Rules regarding use of the STU-III and protection of the CIK that activates the encryption system are much less restrictive and cumbersome than rules governing older encryption systems. In older systems, the code used to encrypt message traffic was loaded into the secure communications device in a physical form such as a punch card or paper tape with a pattern of holes punched in it. If this type code is compromised, an intercepted message can be deciphered. (It was this type of code material that the Walker spy ring sold to the Soviet Union.) Any code material that is in physical form is susceptible to compromise.

Advanced technology now makes it possible to generate a new traffic encryption code electronically at the time each secure call is made. The traffic encryption code only exists in electronic form. Since it did not exist prior to the call and disappears when the call is terminated, it is extremely unlikely that an adversary will be able to obtain the code. Even if that did happen, the code could only be used to decipher that one message, since a new traffic encryption code is generated for each call.

What is the greatest risk associated with the STU-III? It is the supposedly unclassified chitchat that goes on before the STU-III is switched to secure mode. A defector from one of the intelligence services that intercepts U.S. communications reports that the encrypted STU-III conversations are unbreakable, but the discussions before the STU-III encryption is activated, and sometimes after it is deactivated, are a bonanza of valuable information. It is not difficult for communications intercept personnel to identify the phone numbers associated with STU-IIIs. Since the same numbers are also used for unencrypted conversations, these numbers are high priority targets.

The STU-III instrument itself is not classified. It may be installed and used in any room in which classified conversations are permitted. Special rules do apply to protecting the CIK that turns the STU-III from a regular telephone into a secure telephone.


The CIK that activates the secure mode of the STU-III looks similar to a car key, but it contains an electronically erasable programmable read-only memory chip (EEPROM). The physical device is called a KSD-64A. When used as a CIK, the KSD-64A stores an electronic password which allows you to use the secure features of a particular STU-III. A KSD-64A can also be programmed to store other information. The rules for protecting it vary depending upon what information is stored on it at the time.

When the KSD-64A is programmed to serve as a standard crypto-ignition key (CIK), for converting the STU-III from a normal telephone to a secure telephone, it should be protected as  follows:

  • When the CIK and the STU-III are kept in the same room, the CIK must be protected at the highest classification level of the information that the STU-III is authorized to transmit.
  • When not kept in the same room as the STU-III, however, the CIK may be protected as you would a high-value item of personal property, such as a credit card.  It may be stored in a locked cabinet or desk. It may also be kept in the personal possession of the authorized holder.

Most users of the STU-III will handle only the standard crypto-ignition key. When the KSD-64A is programmed as a seed key for initial loading of the STU-III unit or as an operational key or master key, it must be protected as follows:

  • Seed Key: Protect by the best means available, up to the classification level that it may be used for. It may be simply locked in a file cabinet if that is the best means available at a given facility.
  • Master Key: Protect as classified at the level the phone operates.
  • Operational Key: Protect as CRYPTO material in addition to classification level involved.

Any unauthorized use or loss of the KSD-64A must be reported.

Related Topic: Intercepting Your Communications

Introduction to the Secure Telephone Unit III, October 1997, and STU-III Handbook for Industry, October 1994, both published by Department of Defense Security Institute. Also Wayne Lund, No Funny STU-III Stories, Security Awareness Bulletin 3, 1994, Department of Defense Security Institute.




The Chroma Group, Ltd.