Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!zaphod.mps.ohio-state.edu!rpi!bu.edu!telecom-request From: roeber@cithe1.cithep.caltech.edu (Frederick Roeber) Newsgroups: comp.dcom.telecom Subject: Dr. Stoll's Secure Phone Calls Message-ID: <72160@bu.edu.bu.edu> Date: 12 Jan 91 14:31:42 GMT Sender: news@bu.edu.bu.edu Organization: California Institute of Technology, Pasadena Lines: 31 Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Volume 11, Issue 30, Message 7 of 10 I believe the confusion over the "secure phone" mentioned in the book, The Cuckoo's Egg, arises from Dr. Stoll describing a few phone calls he received: One day, he answered his phone only to hear a recording "This is not a secure phone..." The person on the other end hung up and tried again, with the same result. After a couple tries, he finally got through, and was able to start questioning Dr. Stoll. Dr. Stoll replied, "This is not a secure phone..." A friend of mine, who does military security work, said this is the result of calling a non-secure phone from the government's secure phone system and trying to initiate a secure call. When making a secure call on this system, one first makes an ordinary phone call -- over any network, FTS, AT&T, or whoever. When the other end has been reached, one presses the `secure' button. This makes each end call the main computer that controls the secure phone system. Through an encrypted conversation, the main computer sends each phone two numbers: a key with which they can communicate with each other (for that conversation only), and a key to be used for the next call to the main computer. Then the main computer drops out, and the phones can send encrypted traffic to each other. Of course, if you hit `secure' when other end is a regular phone, the main computer realizes it can't set up an encrypted link, and plays the warning message. It also logs the attempt. So Dr. Stoll need not have been anywhere near a secure phone to get such a call. Frederick G.M. Roeber | e-mail: roeber@caltech.edu or roeber@vxcern.cern.ch r-mail: CERN/PPE, 1211 Geneva 23, Switzerland | telephone: +41 22 767 31 80