John McMaster Explains Crypto Ignition Phone Keys and How to Reproduce Them December 2, 2019
News

When you’re a nation state, secure communications are key to protecting your sovereignty and keeping your best laid plans under wraps. For the USA, this requirement led to the development of a series of secure telephony networks over the years. John McMaster found himself interested in investigating the workings of the STU-III secure telephone, and set out to replicate the secure keys used with this system.

An encryption key in a very physical, real sense, the Crypto Igntion Key was used with the STU-III to secure phone calls across many US government operations. The key contains a 64KB EEPROM that holds the cryptographic data.

[John] had a particular affinity for the STU-III for its method of encrypting phone calls. A physical device known as a Crypto Ignition Key had to be inserted into the telephone, and turned with a satisfying clunk to enable encryption. This physical key contains digital encryption keys that, in combination with those in the telephone, are used to encrypt the call. The tactile interface gives very clear feedback to the user about securing the communication channel. Wishing to learn more, John began to research the system further and attempted to source some hardware to tinker with.

As John explains in his Hackaday Superconference talk embeded below, he was able to source a civilian-model STU-III handset but the keys proved difficult to find. As carriers of encryption keys, it’s likely that most were destroyed as per security protocol when reaching their expiry date. However, after laying his hands on a broken key, he was able to create a CAD model and produce a mechanically compatible prototype that would fit in the slot and turn correctly.

Due to the rarity of keys, destructive reverse engineering wasn’t practical, so other methods were used. Thanks to the use of the STU-III in military contexts, the keys have a National Stock Number that pointed towards parallel EEPROMs from AMD. Armed with the datasheet and X-rays of encryption keys from the Crypto Museum, it was possible to figure out a rough pinout for the key. With this information in hand, a circuit board was produced and combined with an EEPROM and a 3D print to produce a key that could replicate the functionality of the original.

With the key inserted into the handset and turned, calls could be secured at the touch of the button across standard analog phone lines.

Like most projects, it didn’t work first time. The printed key had issues with the quality of the teeth and flushing of the support material, which was solved by simply removing them entirely and relying on the circuit board to index to the relevant pins. Testing was performed using a PKS-703 key reader, which itself was an incredibly rare piece of hardware. In combination with a logic analyzer, it revealed …read more

Source:: Hackaday