-=-=-=-=-=-=-=-=-=-=-=-=-=-= Practical COMSEC Equipment for protecting YOUR privacy. -=-=-=-=-=-=-=-=-=-=-=-=-=-= written by -Q- =============== This file is a brief overview of the field of advanced COMSEC pertaining specifically to data communications. COMSEC is technical jargon for those in the field of security, and it is an acronym for COMmunications SECurity. Another important term to know is COMPUSEC (which is an acronym for COMPUter SECurity). I will not get into great details in this message (if you want details I have a 250 page(900k) article on COMSEC, which you can get by request from my e-mail address [see below] I shall cut to the chase in this article and tell you straight out... how to secure your communications... The answer is quite simple... CRYPTOGRAPHY!.. You already know that, you might be saying to yourself. Even though most people have heard about cryptography, they dont really know the advanced details of it, nor do they know where they can get the equiptment for securing communications. ANALOG ENCRYPTION You might have seen various telephone scramblers on the market popping up in various catalogs... Things such as encrypted cordless phones that claim to have 56,000 security codes.. To put it in simple terms.. those new scrambled phones are just garbage.. They are based on 1940's and 1950's technology. (and I say this with all honesty, it is the truth) The author has personally cracked, several of these new so-called scrambled phones. Any audio technician or person familiar with crypto, can quite easily crack these new scrambled phones because they all use a primitive form of "frequency inversion" which is an analog version of scrambling..... Frequency inversion is basically the same as a polyalphabetic cipher (which any amateur crypto enthusiast knows is a piece of cake to crack.) Then their is the next step-up... and that is advanced analog scrambling. Analog scrambling in general, is no where near as secure as digital encryption. (I wont go into why, as it involves algorithms, which I dont want to get into in this brief article). Advanced analog scramblers are the type sold in spy supply stores or from spy supply catalogs... They run approximately $500, and have 1 million possible codes. These advanced scramblers also use frequency inversion, however the key size is much bigger, and the inversion is performed on several more bands increasing the factor of security by 10X - 20X. The most famous analog phone scrambler sold in many spy catalogs is a device simply called "The Scrambler" (It is $499 - $599) and insures fair security for voice communications. (I recommend this device for use on cellular or cordless, and even corded phones, when all you want to do is discourage casual eavesdroppers or wiretappers.. Or even if you want to keep your conversations private from law-enforcement. DO NOT! however, use this if your discussing truly secret information. A step up from traditional split band inversion scramblers, is "rolling code" scramblers. Their are a number of different rolling code type units, some are better than others. The better ones utilize public key cryptography to transmit a random rolling code many times per second and the cheaper units simply use a pre-set rolling code scheme. I should also point out that their are a bunch of tiny integrated chips (actually small circuit boards) on the market right now that use advanced analog scrambling, and they are smaller than a beeper. These circuit boards can be installed in ANY type of device in which you want COMSEC. You can install these tiny devices inside radio transmitters such as: Walki-talkies, Phones, CB Radios, HAM Radio's, "Bugs", etc.. It only requires 4 simple connections.. 2 Inputs from the microphone, and 2 outputs to the circut. Various companies including but not limited to: Transcrypt International, Meridian Technologies, etc.. sell these small circuits for between $100 - $300. DIGITAL SCRAMBLING Digital scrambling is where the real security is at.. Digital scrambling systems start at a minimum of $1,200 and go up into the range of $15,000 for a 16 multi-line ACSU MUI Fractional Synchronous or Asynchronous T1-T3 Packet Channel Data Encryptor. (if the preceding few terms bedazzle you ... that is just the tip of the iceberg... It gets real complex!!!) I'll skip all of the fancy shit, I'm not going to try to impress you with fancy terminology, network & encryption standard protocols or algorithms that you've never even heard of.... Rather, I'll just tell you what digital scrambling units would be usefull for your personal data security, wether you be a SysOp, SysAdmin, or an ordinary user. ------------------------------------------------------------------ MOTOROLA: Motorola Secured Government Telecommunications Divison, manufactures the industry standard in data/voice/fax encryption devices. This is perhaps the biggest de-facto standard in the United States. Motorola makes the infamous line of SECTEL phones (SECTEL is another security industry acronym which stands for SECured TELephone) which is often referred to as the STU III line of phones. The STU phones come in a variety of models which are divided into "TYPES (1-4)" based on their security level, which will be described below. STU III (Sectel 1500) - The 1500 model STU is for use by ceartain federal (Type 1 STU) government agencies (but not all), the military, and Canadian Defense Agencies. Also a few Defense Contractors in the US are allowed to purchase type 1500 phones. This phone is rated to handle TOP SECRET information of either fax, modem, or voice communications. Not transportable outside the United States. ($1,800) STU III (Sectel 2500) - The 2500 model STU is for use by most federal (Type 2 STU) government agencies, the military (for non- classified transfers), Canadian defense agencies and also law-encforcement agencies such as the FBI, DEA, ATF, and local law-enforcement, etc.. Also Defense Contractors in the US are allowed to purchase type 2500 phones. This phone is rated to handle SENSITIVE BUT UNCLASSIFIED information of either fax, modem, or voice communications. Not transportable outside the United States. ($2,145) STU III (Sectel 3500) - The 3500 model STU is for use by ordinary legal (Type 3 STU) United States citizens, corporations, and local law-enforcement agencies. This phone is rated to handle NON SENSITIVE/NON UNCLASSIFIED information of either fax, modem, or voice communications. This version cannot be transported outside of the United States of America. ($3,395) STU III (Sectel 9600) - The 9600 STU is for use by the rest of the world (Type 4 STU) (except for ceartain countries on the State Dept's hostile countries list). This phone is rated to handle NON SENSITIVE/NON CLASSIFIED information and is slightly less secure than the SECTEL 3500. This version handles voice, modem & fax encryption. ($4,495) MMT (Sectel 1500) - Same as standard Sectel 1500 type 1 but the MMT model has a few extra frill features such as an access jack for encrypting video. Fed Govt use ONLY! $2,295 MMT (Sectel 3500) - Same as standard Sectel 3500 Type 3 but the MMT model has a few extra frill features such as an access jack for encryptiong video. US Citizen use approved. $1,995 Mini-MMT - This model is no larger than the size of a modem, and in fact is perfect for "on-the-road" secured communications with your notebook computer connecting via telephone to your secured host computer. $1,900 Cellular Sectel - All of the STU phones type 1-4 (1500-9600) are made in a cellular version which comes with a black briefcase. Sectel 1500: $5,745 Sectel 2500: $5,745 Sectel 3500: $5,595 Sectel 9600: $7,495 ------------------------------------------------------------------------ CyLink: This company is in fierce competition with Motorola for the encrypted data market. In my opinion CyLinks products are alot more diverse, more secure, and just better... But they are not quite as popular as Motorolas products simply for the fact that Motorola got the government contract with all the agencies because Motorola can kiss ass better. Cylinks products are however, very popular in the banking industry and are used on secured lines for EFT (Electronic Fund Transfers). Cylink has approximately 30 models of encryptors from very simple to extremely complex 16 Line ACSU MUI Synchronous/ Asynchrounous T1/T3 Fractional Packet Channel Data Encryptors. I will not even bother to describe all of them as that would fill up 50 messages. I'll go over the personal affordable models. SecurePHONE- This is among the most wonderfull models of voice, modem, and fax scramblers on the market. Like the Motorola 3500/9600 STU phones this uses DES as the encrypting algorithm, and uses the SEEK public key algorith to exchange a long random session key more effectively than RSA can. A prorietary algorithm is also a feature and allows even higher security. DES mode allows 10 to the 17th keys... While the proprietary algorithm allows 10 to the 59th possible keys!! Digitizes voices at up to 9600bps, and data up to 4600bps. STM 9600 - This is another wonderfull voice and modem encryptor that is about as small as small as a notebook computer. Uses DES or a more secure proprietary algorithm to encrypt data. Uses the secure SEEK algorithm to tranmit session keys more securely than RSA. This model has an optional RS-232 port which accepts data communications and encrypts it through its own internal modem at up to 9600bps. LSA/LXA - This is a super-mini data encryptor for "on-the-road" use with a notebook computer. This device is no bigger than an ordinary modem and hooks up to the RS-232 port of your notebook computer. 2 Models are available including a DES version and a proprietary version of Cylinks design for even greater security. Encrypts data up to 19,2k baud for synchronous communications. SEEK public session key exchange. SecureFX- This is a secured Group 3 fax machine encryptor. Uses DES and/ or proprietary algorithm. SEEK public key exchange. Hooks up to your fax machine through a standard RJ-11 telephone plug and jack. TripleDES- Cylink has a brand new data encryptor for securing computer data communications to the ultimate limit allowed by law. (meaning triple DES is probably the best type of algorithm, that you can actually purchase.. Hooks up to your computers RS-232 port, and encrypts data through its own internal 19,2k baud modem. This model uses Triple-DES which encrypts data for 150 rounds instead of the normal 52 rounds in CFB, or CBC mode. NOTE: I have once seen an encryption unit that used the IDEA algrithm, but it was very expensive and I dont think that it is in production anymore.. Their are of course better algorithms than Triple-DES, but the NSA usually doesnt allow companies to produce anything better than DES^3. Technically companies can use any algorithm they want in their products so long as the algorithm is not classified or is not under a "secrecy order" issued by the US Patent Office (with NSA's input of course). Normally, big companies like CYLINK and MOTOROLA work very closely with the NSA, and as such, you should always consider these companies to be "tainted" and to view their products with a slight bit of skeptiscism. Why do these companies work with the NSA? Well, the answer to that requires an entire thesis.. Mainly, it is because if they dont "play ball" with the NSA, then the NSA will not approve the various permits that the State Dep't issues for export of crypto equipment, and these companies would be out tens of millions of dollars if they couldnt sell their products overseas to foreign countries. In addtion, the NSA often patronizes the CEO's of these companies and gives them the old speech about "National Security" wheras the NSA scams these companies into believing that it is necessry for the NSA to be able to "break" encoded transmissions, and thusly these companies employ algorithms in their products which are of questionable integrity. Cylink has 2 dozen more extremely complex models, but I ceartainly doubt that any of us BBS'ers can afford that exotic stuff. ------------------------------------------------------------------------ CyComm: Manufacturer of various small personal voice encryption products. TPU100 - Small device the size of a computer modem that hooks between your phone base and the wall by RJ-11 jack, and encrypts the phones conversation by analog method with automatic random session key gereration. HPU100 A rather "old style" cellular phone with a built in analog encryptor. CPU100 This small device simply connects to your own cellular phone via the small jack at the bottom of every cell phone. Encrypts data via analog speech inversion. HPU355 This small encryption unit interfaces with the Motorola Micro-TAC model of handheld cellular phone. Encrypts data via advanced duplex frequency inversion with random generation of session keys. TFS200 This small device the size of a modem, connects between your fax machine and the wall via RJ-11 jack. Encrypts fascimile data via frequency inversion up to 9600bps. For Group 3 Faxes. ------------------------------------------------------------------------ TransCrypt International: TransCrypt makes a variety of low-end voice encryption products.. Some are on small circuit boards the size of beeper, others are pre-packaged inside cell phones, etc.. SC20-460 - Small circuit board provides extreme security for a mid-range device using analog frequency inversion scrambling. SC20-406 Provides high security analog scrambling on a chip. SC20-410 Provides medium security analog scrambling on a chip. SC20-406 provides moderate security analog scrambling on a chip. SC20-400 provides maderate security analog scrambling on a chip. DME-9600 a self contained voice scrambling unit about the size of a beeper, and connects between your phone base and the wall. PX Series An analog scrambler built right into a motorola flip-top cellular phone. Uses high security analog scrambling. CX Series A small beeper sized device for analog encryption. Connects to your own cellular phone by the little jack at the bottom of the cell phone. ------------------------------------------------------------------------ Meridian Technologies: Meridian makes a wide variety of very small circuits which can encrypt data in an analog fashion using frequency inversion. These small circuits can be simply added into any other electronic product such as a: walki-talkie, HAM radio, CB radio, phone, etc.. VPU-1 Full duplex speech inversion scrambler VPU-2 Subminiature tunable speech inversion scrambler VPU-7 Ultra-small simplex inversion scrambler VPU-8 Ultra-small duplex/half-duplex selectable inversion scrambler VPU-10 Full duplex rolling code scrambler. ------------------------------------------------------------------------ Electronic Securities Ltd: ESL is an authorized reseller for several of the above companies. and sells over 40 types of modem/data/voice encryptors. You can contact the author with any specific questions you may have on various models. ------------------------------------------------------------------ For more information on a full line of modem/fax/voice encryptors contact: Electronic Securities Ltd. PO BOX 519 Shoreham, NY 11786 If you have any technical questions on data encryptors, or if you'd like specifications on the cost of data/voice encryptors, etc.. You can e-mail me for a consultation.. I'd be happy to answer any questions: --- written by: --- --------------------------------------------- --- -Q- SysAdmin of The Code Breakers BBS --- ------- sahoffman@dockmaster.ncsc.mil ------- ---------------------------------------------