Abstract: A data security apparatus has an analog component and control circuitry. The control circuitry receives an incoming digital message and converts it to or from encrypted form using the analog component. The control circuitry drives the analog component with drive signals and receives back a digital representation of what the analog component's sensor outputs. It uses this in making a digital keystream. In operation, the control circuitry makes the drive signals by encrypting a nonce-based value with a key. It can encrypt the digital representation of the sensor outputs that resulted from the drive signal, with the same key. The control circuitry also can also encrypt the nonce-based value with a different key, and then combine this with the encrypted sensor output to generate the digital keystream that is uses in the conversion.

Abstract: A data security apparatus includes an analog component. The analog component operates internally with a high degree of entropy. This high degree of entropy resides in the interactions between its internal components in response to an external driving signal. The interactions within the analog component have a level of entropy that is high enough to make digital simulation of the analog component impractical. Because the analog component is impractical to digitally simulate it is referred to as being digitally unclonable. The data security apparatus processes data by encrypting plaintext data into ciphertext and/or decrypting data from ciphertext into plaintext. Part of the conversion between plaintext and ciphertext uses the analog component.

Abstract: There is provided an encryption device to ensure strong security without using a random number in a white-box model. The encryption device includes: an encryption part configured to encrypt an input value using a black-box model in which input/output values are able to be recognized from the outside and an intermediate value is not able to be recognized from the outside; and a key generation part configured to encrypt the input value to the encryption part to generate a cryptographic key of the encryption part using a white-box model in which the input/output value and the intermediate value are able to be recognized from the outside.

Abstract: There is provided an encryption device that is secure against a side channel attack, and can suppress a processing load. The encryption device includes a data encryption part in which at least part of a plurality of round functions for successively performing encryption processing on an input value is tabulated to be encrypted using a white-box model in which input/output values of the round function is able to be recognized from the outside. Each of the round functions includes a tabulated encryption function for encrypting an input value using a black-box model in which the input/output values are able to be recognized from the outside and an intermediate value is not able to be recognized from the outside, and the encryption function is updated with a random number.

Abstract: A data security apparatus includes an analog component. The analog component operates internally with a high degree of entropy. This high degree of entropy resides in the interactions between its internal components in response to an external driving signal. The interactions within the analog component have a level of entropy that is high enough to make digital simulation of the analog component impractical. Because the analog component is impractical to digitally simulate it is referred to as being digitally unclonable. The data security apparatus processes data by encrypting plaintext data into ciphertext and/or decrypting data from ciphertext into plaintext. Part of the conversion between plaintext and ciphertext uses the analog component.

Abstract: There is provided an encryption device that is secure against a side channel attack, and can suppress a processing load. The encryption device includes a data encryption part in which at least part of a plurality of round functions for successively performing encryption processing on an input value is tabulated to be encrypted using a white-box model in which input/output values of the round function is able to be recognized from the outside. Each of the round functions includes a tabulated encryption function for encrypting an input value using a black-box model in which the input/output values are able to be recognized from the outside and an intermediate value is not able to be recognized from the outside, and the encryption function is updated with a random number.

Abstract: A data security apparatus includes an analog component. The analog component operates internally with a high degree of entropy. This high degree of entropy resides in the interactions between its internal components in response to an external driving signal. The interactions within the analog component have a level of entropy that is high enough to make digital simulation of the analog component impractical. Because the analog component is impractical to digitally simulate it is referred to as being digitally unclonable. The data security apparatus processes data by encrypting plaintext data into ciphertext and/or decrypting data from ciphertext into plaintext. Part of the conversion between plaintext and ciphertext uses the analog component.

Abstract: There is provided an encryption device to ensure strong security without using a random number in a white-box model. The encryption device includes: an encryption part configured to encrypt an input value using a black-box model in which input/output values are able to be recognized from the outside and an intermediate value is not able to be recognized from the outside; and a key generation part configured to encrypt the input value to the encryption part to generate a cryptographic key of the encryption part using a white-box model in which the input/output value and the intermediate value are able to be recognized from the outside.

Abstract: There is provided an encryption device including a data encryption unit configured to conduct encryption on the basis of a white box model in which at least a part of a plurality of round functions for sequentially conducting encryption processing on an input value is tabulated, and input and output values of the round function are recognizable from an outside. The plurality of round functions each have an encryption function that is tabulated and encrypts an input value in a black box model in which input and output values are recognizable from the outside and an intermediate value is not recognizable from the outside.

Abstract: A data security apparatus includes an analog component. The analog component operates internally with a high degree of entropy. This high degree of entropy resides in the interactions between its internal components in response to an external driving signal. The interactions within the analog component have a level of entropy that is high enough to make digital simulation of the analog component impractical. Because the analog component is impractical to digitally simulate it is referred to as being digitally unclonable. The data security apparatus processes data by encrypting plaintext data into ciphertext and/or decrypting data from ciphertext into plaintext. Part of the conversion between plaintext and ciphertext uses the analog component.

Abstract: There is provided an encryption device including a data encryption unit configured to conduct encryption on the basis of a white box model in which at least a part of a plurality of round functions for sequentially conducting encryption processing on an input value is tabulated, and input and output values of the round function are recognizable from an outside. The plurality of round functions each have an encryption function that is tabulated and encrypts an input value in a black box model in which input and output values are recognizable from the outside and an intermediate value is not recognizable from the outside.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for detecting security exposures of Voice over Internet Protocol (VOIP) devices. One of the methods includes obtaining data identifying a source Internet Protocol (IP) address associated with a communication device that has been provisioned with configuration files for VOIP services; determining that a VOIP phone configuration interface is exposed over an untrusted network at the source IP address; and determining that the communication device associated with the source IP address has a security exposure based at least in part on determining that the VOIP phone configuration interface is exposed over the untrusted network at the source IP address.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for detecting security exposures of Voice over Internet Protocol (VOIP) devices. One of the methods includes obtaining data identifying a source Internet Protocol (IP) address associated with a communication device that has been provisioned with configuration files for VOIP services; determining that a VOIP phone configuration interface is exposed over an untrusted network at the source IP address; and determining that the communication device associated with the source IP address has a security exposure based at least in part on determining that the VOIP phone configuration interface is exposed over the untrusted network at the source IP address.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for detecting security exposures of Voice over Internet Protocol (VOIP) devices. One of the methods includes obtaining data identifying a source Internet Protocol (IP) address associated with a communication device that has been provisioned with configuration files for VOIP services; determining that a VOIP phone configuration interface is exposed over an untrusted network at the source IP address; and determining that the communication device associated with the source IP address has a security exposure based at least in part on determining that the VOIP phone configuration interface is exposed over the untrusted network at the source IP address.