Secure Telephone Unit STU-III
The SECTEL 2500 was a secure telephone manufactured by Motorola
in Seguin (Texas, USA) around 1990. It was intended for US
government use, and is capable of utilizing two different encryption
algorithms for secure communication.
When used as an
NSA Type 2 product
it uses a classified algorithm and is STU III
It is also possible to use the SECTEL 2500 as an
NSA Type 3 product,
in which case it uses the NIST Standard DES algorithm
The algorithm is selected by the information contained
on the Key Storage Device (KSD) which is inserted at the right.
If the inserted KSD is a Crypto Ignition Key (CIK), the SECTEL 2500
will go secure using
Type 2 encryption.
If the inserted KSD is a
Terminal Activation Key (TAK) or a Security Activation Key (SAK),
Type 3 encryption
will be selected.
The image on the rights shows a typical SECTEL 2500 unit. Its
case is virtually identical to that of the other SECTEL models
and so are the controls and connections.
The Motorola SECTEL 2500 was typically used by US Government agencies,
such as the FBI, DEA, ATF, etc. It was also used by the US Military,
Canadian defense agencies and some (approved) foreign government agencies.
The SECTEL 2500 itself in an unclassified device, but when used in
combination with a valid KSD,
it is classified to the level of the key.
All key material is usually generated externally and loaded into
the SECTEL 2500 by means of a so-called Key Storage Device (KSD),
such as the KSD-64A
or the later PK-64KC
manufactured by Datakey Inc.
These KSDs look like a
plastic toy key, and act like the ignition key of a car.
The KSD is entered into a so-called keyceptacle at the
right of the SECTEL unit, just below the display. Once inserted,
it needs to be rotated 1/4 clockwise, in order to unlock the
secure features of the phone.
The KSD can be used for a variety of different purposes.
For example: (Master) Crypto Ignition Key (CIK), FILL Key (FK),
Terminal Activation Key (TAK), Security Activation Key (SAC),
➤ More about the KSD-64
The SECTEL 2500 can be used in three different encryption modes, depending
on the requirements and the local possibilities. When using the STU-III
compatible mode, all key material is generated externally.
The following modes are available:
The SECTEL 2500 is used in Type 2 encryption mode.
The required key material needs to be obtained from a COMSEC authority,
using the NSA-endorsed
FIREFLY protocol for
- Public Key
All key material is generatel locally by the crypto custodian,
using the special Motorola KCA-3000 portable computer.
In this mode the device uses Type 3 encryption.
- Custom Mode
All key material is generated locally by the user on the phone's keypad.
It is then stored on a KSD in order to be transferred to other SECTEL
2500 phones. In this mode the device uses Type 3 encryption.
At 2400 baud, the SECTEL 2500 uses a 2.4 kbps Linear Predictive Coding
algorithm known as Enhanced LPC-10. It is based on the
or STANAG-4198 standard that is also used with the
Philips PNVX crypto phone.
It is suitable for both half and full duplex.
At 4800 baud, Code-Exited Linear Predictive Coding or CELP
is used in full-duplex, providing better audio quality.
At the highest speed, 9600 baud, an even better algorithm, called
Modified Residual Exited Linear Predictive Coding or MRELP,
is used in full duplex.
The SECTEL 2500 has a built-in V.24/V.32 modem that can also be used
for computer data at baud rates ranging from 75 to 9600 baud.
It is tested and compliant with most telephone systems around the world.
If the quality of the (foreign) telephone line is below average, the
system gracefully degrades to a lower speed, but maintains its Type 2 or 3
To suit the various customers and their safety requirements, different
SECTEL models were manufactured.
They all use the same enclosure and operation is more or less identical.
The diagram below shows the positioning of the various
The SECTEL 1500 phone is powered by an external Power Supply Unit (PSU)
that provides three different voltages: +5V (1.75 A), +12V (250 mA) and
-12V (210 mA). The PSU is connected to the 7-pin (or 8-pin) 270° DIN
socket at the rear of the unit. The socket has the following pinout:
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?|
© Crypto Museum. Created: Sunday 11 July 2010. Last changed: Saturday, 24 February 2018 - 15:01 CET.