SUBMARINE SATELLITE INFORMATION EXCHANGE SUBSYSTEM

The Submarine Satellite Information Exchange Subsystem (SSIXS) provides the commanding officers of SSN and SSBN submarines with an optional satellite path to complement existing VLF/LF/HF broadcasts. The subsystem provides a rapid exchange of teleprinter information between SSN and SSBN submarines and shore stations.

To use the SSIXS, the submarine must be in a line-of-sight position with a satellite. The submarine must also be in a tactical situation that permits exposure of its mast-mounted antenna.

The SSIXS provides access to a satellite path through a programmable mixture of query-response and broadcast-without-query functions. This type of access provides maximum operational flexibility to the submarine commander.

All transmissions on the SSIXS provide automatic, reliable, long-range, high-data-rate, and cryptographically secure UHF communications between submarines, and between submarines and shore stations.

AUTOMATED VOICE COMMUNICATIONS SYSTEMS

The telephone is and will continue to be a convenient and fast way to communicate. In this section, we will discuss the Secure Telephone Unit Third Generation and the Defense Switched Network (DSN), which is an updated version of the Automatic Voice Network (AUTOVON).

SECURE TELEPHONE UNIT THIRD GENERATION

The Secure Telephone Unit Third Generation (STU-III) is the newest communications system that meets the need for protecting vital and sensitive information over a telephone system. The STU-III is a compact, self-contained desktop unit capable of providing the user with clear and secure voice and data transmissions. The unit is fully TEMPEST protected and is certified by the National Security Agency for use up to and including Top Secret material.

The STU-III is unique in that it works as an ordinary telephone and as a secure telephone network to other STU-III terminals. For secure transmissions, the STUIII uses a unique keying system.

The three manufacturers of the STU-III terminals for the Navy are AT&T, Motorola, and General Electric. Figure 1-3 shows an AT&T STU-III terminal.

The STU-III is operated the same as any telephone. That is, you pick up the handset, wait for a dial tone, then dial the number of the person you want to call. All calls on the STU-III are always initiated in the clear voice mode. Once the party you have called has answered, you have the option of talking to that person in the clear voice mode, clear data mode, secure voice mode, or the secure data mode.

Terminal Setup

The STU-III terminal uses special keys with a designator of KSD-64A. The KSD-64A is a plastic device that resembles an ordinary key. Two types of keys are used with the STU-III, the seed key and the crypto-ignition key (CIK). The seed key is a special keying material used for the initial electronic setup of the terminal. The CIK key is used by the users to activate the secure mode.

Figure 1-3.-AT&T STU-III terminal.

When the STU-III terminal is installed, the STU-III custodian sets up the terminal with the seed key. A seed key is issued to a particular terminal only. The seed key contains a microchip that is embedded electronically with identification information. This information includes the level of security authorized for that terminal.

Once the custodian inserts the seed key into the terminal, the information on the key is transferred to the internal memory of the terminal. At this point, the seed key no longer contains any information and is considered to be "empty."

The information in the terminal is electronically registered with the Key Management Center (KMC) located in Finksburg, Maryland. The KMC is the central authority responsible for controlling the key material and issuing reports of compromised keys. The user can discuss classified information up to the security level that has been keyed to the terminal.

The crypto-ignition keys (CIKs) can now be made for users to activate the secure mode. The CIKs are "empty" keys with no information embedded in the metal strip. When the empty keys are inserted into the terminal, some of the information that is now stored in the terminal from the seed key and other information in the memory is transferred onto the metal strips. This information becomes an electronic "password" on the CIKs for that particular terminal, making the CIKs unusable on other terminals. The terminal maintains a list of authorized CIKs for each key in its memory.

When using a STU-III with remote or dial-in, users parameters will be set according to the Secure Telephone Unit Third Generation (STU-III) COMSEC Material Management Manual (CMS 6) and locally generated instructions.

Levels of security classification, keying instructions, rekey instruction, CIK management will be decided by the user and the user's communications facility. All users must meet the minimum security clearance requirements.

Training on the STU-III will be documented in accordance with CMS 6 and local instructions.

Secure Mode

As we mentioned earlier, the secure mode of the STU-III is activated and deactivated using a CIK. When the CIK (figure 1-3) is inserted into the terminal, the STU-III can be used in the secure mode up to the classification of the keying material. Without the CIK, the STU-III operates as an ordinary telephone.

Calls are always initiated in the clear. To go from a clear to a secure voice transmission, either caller simply presses his or her SECURE VOICE button after the CIK is used to activate the secure mode.

Once a secure link has been initiated, the two STUIII terminals begin exchanging information. The information exchanged includes the identity of the CIK of the distant-end person, the list of compromised CIKS, and the common level of classified security information to which the two callers have access.

When two terminals communicate in the secure mode, each terminal automatically displays the authentication (identification) information of the distant terminal. This information is scrolled through the display window during secure call setup. The first line of the identification information and the classification are displayed for the duration of the secure call.

The information displayed indicates the approved classification level for the call, but does not authenticate the person using the terminal. Each terminal user is responsible for viewing this information to identify the distant party and the maximum security classification level authorized for the call.

STU-III Administration

The STU-III terminals and keys are COMSEC material. The terminals and keys may be administered either through the STU-III custodian or the CMS custodian. Both the terminals and keys are issued to users and must be signed for. Since the seed key is classified, it must be afforded protection for the level of classification in accordance with Secure Telephone Unit Third Generation (STU-III) COMSEC Material Management Manual, CMS 6.

Because CIKs permit the STU-III terminals to be used in the secure mode, the CIKs must be protected against unauthorized access and use. CIKs may be retained by the users who sign for them on local custody. Users must take precautions to prevent unauthorized access and must remember to remove the CIKs from the associated terminals.

When the terminals are unkeyed, they must be provided the same protection as any high-value government item, such as a personal computer. When the terminal is keyed, the terminal assumes the highest classification of the key stored within and must be protected in accordance with the classification of that key.