Stronger Public Key Encryption Schemes Withstanding RAM Scraper Like Attacks

Security of an encryption system is formally established through the properties of an abstract game played between a challenger and an adversary. During the game, the adversary will be provided with all information that he could obtain in an attack model so that the adversary is fully empowered to carry out the break. The information will be provided to the adversary through the answers of appropriately defined oracle queries. Thus, during the game, adversary will ask various oracle queries and obtain the related responses and have them at his disposal to effect a break. This kind of interaction between challenger and adversary is called as training to the adversary. For example, in the lunch time attack model, the adversary may ask encryption as well as decryption oracle queries. The indistinguishability of ciphertext under this model (IND-CCA2 model) is considered to offer strongest security for confidentiality. In the recent past, an adversary could obtain several additional information than what he could normally obtain in the CCA2 model, thanks to the availability of powerful malwares. In order to realistically model the threats posed by such malwares, we need to empower the adversary with answers to few other kinds of oracles. This paper initiates such a research to counter malwares such as RAM scrapers and extend the CCA2 model with additional oracles to capture the effect of RAM scrapers precisely. After discussing the new kind of attack/threat and the related oracle, we show that the transformation in [8] that yields a CCA2 secure system does not offer security against RAM scraper based attack. We refer the decryption oracle as glass box decryption oracle. We then propose two new schemes that offer security against glassbox decryption and also establish the formal security proof for the new schemes in random oracle and standard model.