■

£1

■• . RESTRICTED

PRODUCTINFORMATION

NARROW RAND SECURE

SPENDEX 40

i. ■

RESTRICTED

IntroductionGeneralThe Spendex 40 is a stand aloneterminal offering high grade securevoice over narrow band transmissionpaths, such as private, military, PTT orpublic switched telephone systems orradio links. The terminal is compact andself contained, and requires only simpletwo-wire connection to military or publicPTT telephone networks. There is noneed for conduit-protected cable runsinto the telephone system. The Spendex40 operates at a data rate of2400 bits/s. The terminal is of modularconstruction and has been designed fordesktop use.

Secure point to point callsThe Spendex 40 can be used for alllevels of classified traffic, to send voiceand data in a totally secure, high-gradedigitally encrypted form to any othersimilar or equivalent terminal.

Secure dataThe operation mode of Spendex 40 caneasily be changed from secure voice tosecure data. A data port (CCITT V24/V28- RS232C) for processing synchronousdigital data of 2400 bits/s is providedfor connecting data equipment, such asfacsimile.

DescriptionMain sub-systemsThe main sub-systems within theSpendex 40 terminal are:• telephone functions (dialling etc.)• speech processing (vocoder)• key generator (crypto)• key variables (Key Cube, Net, KDC)• wireline modem (2400 bits/s data)• power supply

TelephonyThe telephony part takes care of:generation of dialling, selection ofprecedence level and signalling tones,

A terminal without CIK operates in clear mode.

recognition of calling and pre-emptionsignals and off/on hook transition,detection of the press-to-talk signal andline protection circuits.

VocoderThe Spendex 40 terminal contains amicroprocessor controlled vocoder toconvert analogue speech into a digitalbit stream at 2400 bits/s using alinear predictive code of the tenth order(LPC10), complying with STANAG 4198.The pitch extraction is achieved using areal-time harmonic sieve principle in thefrequency range 50 to 400 Hz. Thefrequency analysis is performed by aDFT processor, and the componentextraction and harmonic patternrecognition are carried out by amicroprocessor configuration.Due to the excellent performance of thepitch extraction process, synthesis afterdecryption, provides decrypted plainsignals which are fed to the telephoneearpiece. There the analogue signal isheard as a clear voice of a high quality.The quality of the received, decryptedsignal is very good, so much so, that ifthe connected parties know one another,voice recognition is possible.

Key generatorThe bit stream from the vocoder(2400 bits/s) is automaticallyenciphered by means of a key series

Plugging-in the CIK module.

which is generated by a high grade(SAVILLE algorithm) key generator. Thegeneration of a key series is determinedexclusively by the key variable and thecrypto logic.

Key variablesSpendex 40 has available a number ofkey variable systems, each of which istotally different from other key systems.In the basic configuration Net keyvariables and KDC key variables(for operation with the STU-II terminalTSEC/KY-71) are available.Optionally the Key Cube key variables areavailable.

Wireline modemThe enciphered digital signal is fed tothe modulator of the modem andprocessed in such a way that the digitalsignal can be transmitted in the form ofan analogue signal over thetransmission path.Starting procedures and synchronisationare completely automatic. The modemat the receiving terminal transforms thereceived analogue signal in itsdemodulator into a digital bitstream. This is decipheredin the key generator,with the same keysetting as thetransmitting keygenerator, andfed to the vocoder.

I,

RESTRICTED

RESTRICTED

Operational aspectsMode of useOnce communication is establishedbetween the two parties, when theSpendex 40 is in plain voice mode, theycan verify that both terminals are set tothe same key variable system. If so, thecaller presses the 'Secure' button on histerminal. This transmits asynchronisation pattern to the distantterminal. Once synchronisation isestablished, an automatic 'handshaking' process taking a few seconds,an indication in the display on eachterminal shows that both terminals arein-phase and that secure conversationcan begin.

The secure use of a Spendex 40 terminalwill in no way prevent its use fornormal, ordinary, clear voice telephonecalls, when security is not required, orto telephone subscribers not having aSpendex 40 terminal.

End to end securityThe system provides end to endencryption between the terminals. Thereis no necessity for approved, protectedcircuits. Unauthorised tapping,interception or recording will beabsolutely secure against decryption:only an apparently random stream ofdigital data in an analogue form, that istotally meaningless, will have beenintercepted.

Terminal securityThe key variables used with thecryptographic algorithm (SAVILLE), analgorithm of very high grade, areprotected by an overall zeroise circuit.This zeroing circuit can be initiated by azeroise buttonw h i c h w i l l / "

This CIK is physically removable fromthe terminal, thereby decreasing theclassification of the terminal andpermitting the installation of the terminalin a lower class security location.

Alarm circuits have been fitted tomonitor the cryptographic circuits, todetect operational malfunctions, andunauthorised access to the terminal.

Key variable systemsKDC Call variablesCall variables can be providedelectronically, automatically protectedwith the unique variable, on a per-callbasis, by a Key Distribution Centre(KDC, TSEC/CI-9), if the networkprovides such a facility. Storage oftwenty KDC-generated call variables, offrequently-called terminals is possible.This system provides total keycompartmentation.

KC key variables (optional)Key Cube (KC) key variables can bestored for a maximum of 2000subscribers, on the Key Cube principle.These variables are selected,automatically, between the callingterminals, without operator interventionand without a KDC. This systemprovides total key compartmentation.

Net key variablesUp to 20 commonly held Net keyvariables can be stored in each terminalfor end-to-end communication. Net keyvariables can be updated at the terminalby the user. This system provides partialkey compartmentation.

Loading of keysThe Net and the KDC unique keyvariables are loaded with a fill device/keytransfer device (conforming toCSESD 11F). The Key Cube key variablesare loaded with the aid of a Key CubeLoading Recorder in a low-frequencyroll-over replacement schedule.

Crypto Ignition Key (CIK)This CIK provides additional security. Itmust be plugged into the terminal forsecure communication.

destroy all the key variables stored inthe terminal. The Crypto Ignition Key(CIK) must be plugged into the terminalfor secure communication.

The CIK has been made in such a substantial formthat the user is aware that he is carrying it abouthis person, or not.

RESTRICTED

RESTRICTED

Key management systemKey Cube system neutralised by external catastrophe, the • modest initial investment: slidingThe terminals can be equipped with the rest of the system is not only unaffected, deployment according to needunique Key Cube (KC) system which but will not have been compromised in • not dependent upon any centralisedenables a completely decentralised key any way. installation for every callmanagement system to be set up. • no hard copy keying material: keying

Main features: material distributed in electronic formKC is decentralised • end-to-end encryption with 100% under super-encryptionThis powerful system has been compartmentation • automatic updating after every calldeveloped solely by Philips Usfa, and • minimal system and management • easy authentication possibilitieshas many advantages not hitherto overheads • compromise, damage or loss of oneavailable. The KC method enables a • user independent: no manual terminal does not endanger thetotally distributed, decentralised, and influence on key selection security of calls by other terminals inhence, extremely flexible system to be • enhanced flexibility and survivability the networkoperated at minimum overhead. • three-stage protection: transport key, • user-friendly facilities; recall, preLikewise system survivability is zeroise key and a plug-in, personal emption, call transfer, abbreviatedguaranteed. In the event of one, or Crypto Ignition Key (CIK) dialling, line grouping, etc.more, terminals being damaged or

Installation aspectsWireline modemThe secure terminal can be equipped foroperation on military or public switchedtelephone networks with built-in2400 bits/s wireline modems.

A choice can be made between twotypes of internal printed circuit boardwireline modems.

• Type UA 8314: this type has a fixedcompromise equalizer and can beused for 2-wire half duplex (push totalk), or 4-wire full duplex operation(complying with CCITT V26/V26bis).This type of modem is compatible foruse with STU ll/KDC/IVSN.

• Type UA 8343: this type has anautomatic adaptive equalizer and canbe used for 2-wire full duplex (splitband principle) operation. Thiscomplies with CCITT V22 bis and foruse with PTT-lines/the publicswitched telephone network.

The nominated user carries the CIK with him atall times.

RESTRICTED

RESTRICTED

Telephone service required• Standard Voice Grade Lines

Full Duplex (4-wire)Full Duplex (2-wire)Half Duplex (2-wire)

• Touchtone or Rotary Dial SwitchCompatible

• Certified to meet the technicalinterface requirements for a NationalSecurity Exemption to FCC, Part 68• Automatic or Manual PBX Interface

InstallationThe terminal is easy to install. Unplugthe post office telephone set and plug inthe Spendex 40 terminal. As a resultthere are no installation costs becausethere is no need for approved circuits.

Controls and indicators8 digit Alpha-numeric displayClear/secure indicatorOn/Off switchVoltage selector16 button key padSecure mode buttonCIKZeroise-buttonPress-to-talk switchOn hook/off hook switch

Connectors- to telephone line- to additional external modem (for HF

transmission)- to mains- to security earth- to data device (facsimile)- to fill gun- to CIK- to handset

Physical dataDimensions of terminal:

26 x 37 x 15/23 cmWeight: 12 kg approx.Power: 110 V or 220 V, ± 15%,45-65 Hz max., 45 wattBattery for retaining key variables for upto two years: Type Penlight 3 V(IEC R6/ANSI AA)Operating temperature: - 10° to + 50°CStorage temperature: - 40° to + 70°C

MTBF: 8000 hoursMTTR: 30 min

Climatic dataAtmospheric pressure: up to 10000 mRelative humidity: 95%Withstands environmental conditions asdefined in DEF-STAN-07-55

The data port will accept, for encryption and transmission, signals from facsimile and-other similarequipment.

MaintenanceAutomatic self testBuilt-in-test equipment (BITE)Modular construction

ConfigurationA complete Spendex 40 installation inits basic form comprises:- Terminal unit- CIK- Handset- Mains cable- Line connection cable

Electromagnetic emanationsThe emitted radiation (TEMPEST) of thesystem complies with the requirementsofAMSG720B.

The equipment meets the EMrequirements of MIL-STD-461B. Thesystem is therefore not affected by EMP,lightning and other electromagneticphenomena.

OptionsKey management system Key Cube.Key Cube key variables fordecentralized key management.Storage of an optional large numberof KC-key variables can be provided.Wireline-Modem (PCB) typeUA 8343.Two wire full duplex modem (split-band principle), complying withCCITT V22 bis.Wireline-Modem (PCB) type UA 8314.Two wire half duplex or four wire fullduplex modem, complying withCCITT V26/V26bis.Mounting for mobile use.HF radio-Modem (STANAG 4197).For interoperability with tactical NBSVequipment via an external modem foruse with HF-radio.Transport case.

■.

I

'

: '!

:

■

For overnight security the terminal can be lockedaway.

RFSTRIPTFn

=1

S— I

RESTRICTED

Dimensions (n mm

HtdE