|
|
|
|
Hagelin Phone
PSTN Phone Encryptor
The HC-2203 is a PSTN telephone encryptor, developed by
Crypto AG (Hagelin)
in Switzerland and was introduced in the early 2000s.
It can be connected between any ordinary telephone set and an analogue line
and comes with PTT-approval for most countries.
It is compatible with the HC-24x3 secure GSM phone.
The HC-2203 is still available from Crypto AG today (2017).
|
The image on the right shows a typical HC-2203 unit. It is a fairly compact
device, housed in a sturdy die-cast aluminium enclosure. It needs an external
power supply unit (PSU) between 12 and 32 Volt and is connected in between
a standard analogue telephone set and the line.
The HC-3302 features a rubber key pad with 17 buttons, 3 status LEDs and a
clear 4-line LCD display.
Inside the unit is a Crypto AG security module,
which consists of a PCMCIA card with custom-made crypto hardware.
At the front is a slot for a standard smart-card (shown here).
|
|
|
The HC-2203 can handle secure data transmissions at speeds between 2400
and 19200 baud with RTS/CTS handshaking. For full-duplex voice calls,
a data speed between 2400 and 9600 baud is automatically selected, depending
on the quality of the analogue phone line. At 9600 baud, speech legibility
is extremely good. Unlike the older HC-3300 crypto phone,
the HC-2203 is suitable for use over satellite,
allowing as much as two hops in each direction.
It is extremely easy to install an HC-2203 as it can be used with virtually
any existing analogue setup.
All connections are at the rear of the unit.
From left to right, there are connectors for AUX (firmware updates),
DATA (V.24 serial port), POWER (24V DC), LINE (analogue PSTN) and PHONE.
|
Key material for the HC-2203 can be handled in a variety of ways.
For large organisations, keys are usually managed with the KHC-2000 Key Handling
Center (KHC). Alternatively, a CSC-1000 smart card can be used to transfer
or clone the keys from another HC-2203 unit.
Furthermore, all keys can also be entered by the user directly on the keypad.
|
For encryption, the proprietary HCA-480 crypto algorithm is used in combination
with Customer Managed Profiling (CMP),
offering a variety of over 10506.
The Communication Key (CK) is 128 bits long and is used to generate a key
stream with a period of more than 1028 years. A total of 999
CKs can be stored in the unit's memory.
In case of an emergency or compromise, the keys can be deleted from memory,
by raising the metal flap at the rear of the unit
and pressing the emergency button with a sharp object.
|
|
|
The HC-2203 can handle keys in three different ways. First of all, it handles
classic direct symmetrical keys, in which case the key for encryption and
decryption is identical and the full key needs to be distributed.
In addition, the so-called derived symmetrical key is supported, in which case
a valid key is calculated from a simpler key or pass-phrase. On top of that,
it also supports the more modern asymmetrical keys, commonly referred to as
Public Key Encryption (PKE).
|
All cryptographic functions are handled by a purpose-built tamper-free
security module that is hidden inside the HC-2203. This security module
takes the shape of a standard PCMCIA card that is mounted in a suitable
slot on the HC-2203's mother board.
The image on the right shows a HCM-2000 security module.
At the heart of this module is Crypto AG's proprietary Security Processor.
Classified data never leaves the security module and all crypto keys are stored
encrypted, using a unique Tamper Resistant Key (TRK).
|
|
|
The HC-2203 is a state-of-the-art product that is extremely well-built.
After removing the outer plastic shell,
a metal enclosure is revealed.
After removing a series of bolts, the unit can be separated
in two halves. The bottom part
contains the analogue interfaces (line, phone and data),
whilst the other half contains the logic
and the controls.
|
The motherboard (or: Management Board as it is called) has components
at both sides. The top surface contains the
Motorola 68000 central processing unit (CPU)
and two DSPs: one for transmission and one for
reception (full-duplex).
These DSPs are used for the unit's vocoder. They are implemented as two
identical daughter cards that are plugged into the mother board.
At the underside of the mother board,
is the PCMCIA slot for the MCM-2000 Security Module and a XILINX
Field-Programmable Gate Array (FPGA) containing most of the logic circuitry.
|
|
|
The PCB is designed in such a way that it can hold a total of 4 DSPs
and 2 security modules. This is clearly visible on an
older version of the HC-2203 mother board, that has
two PCMCIA slots at the bottom.
The upper side of that mother board has
connectors for 4 DSPs (only two are fitted here).
It is possible that a fully populated unit could be used on two lines
simultanously.
|
For large companies, foreign office operations, embassies, politicians, etc.,
travelling around the world, Crypto AG developed this mobile office that
allowed the small HC-2203 to be used over Inmarsat BGAN satellite links.
The system is packed in a strong Peli Case®, together with an
Inmarsat BGAN terminal, antenna's, cables, etc.
The image on the right shows an example of a BGAN satellite link with an
HC-2203 at its heart. Also in this setup is a
HC-2423 Secure GSM
and a breakout box to create a small PSTN network.
Photograph kindly donated by the Belleque Organization [2].
Note that the HC-2423 Secure GSM phone
has been discontinued and
is no longer available from Crypto AG (2016).
|
|
|
In August 2011, we acquired a set of HC-2033 PSTN phone encryptors.
For exhibitions, we would like to be able to use the set and demonstrate
what an evesdropper would hear.
Although both units appear to be operational, we don't know how to
operate the units, as we don't have a manual. If you know more about this
device, or if you have a manual available, please contact us.
|
-
Permission is given for non-commercial use, provided that copyright is
credited to the owner of the image (Copyright 2017, Belleque Organization).
|
|
|
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Sunday 21 August 2011. Last changed: Sunday, 14 June 2020 - 13:42 CET.
|
 |
|
|
|