Paper 2012/118

Stronger Public Key Encryption Schemes Withstanding RAM Scraper Like Attacks

S. Sree Vivek, S. Sharmila Deva Selvi, and C. Pandu Rangan

Abstract

Security of an encryption system is formally established through the properties of an abstract game played between a challenger and an adversary. During the game, the adversary will be provided with all information that he could obtain in an attack model so that the adversary is fully empowered to carry out the break. The information will be provided to the adversary through the answers of appropriately defined oracle queries. Thus, during the game, adversary will ask various oracle queries and obtain the related responses and have them at his disposal to effect a break. This kind of interaction between challenger and adversary is called as training to the adversary. For example, in the lunch time attack model, the adversary may ask encryption as well as decryption oracle queries. The indistinguishability of ciphertext under this model (IND-CCA2 model) is considered to offer strongest security for confidentiality. In the recent past, an adversary could obtain several additional information than what he could normally obtain in the CCA2 model, thanks to the availability of powerful malwares. In order to realistically model the threats posed by such malwares, we need to empower the adversary with answers to few other kinds of oracles. This paper initiates such a research to counter malwares such as RAM scrapers and extend the CCA2 model with additional oracles to capture the effect of RAM scrapers precisely. After discussing the new kind of attack/threat and the related oracle, we show that the transformation in \cite{FujisakiO992cry} that yields a CCA2 secure system does not offer security against RAM scraper based attack. We refer the decryption oracle as glass box decryption oracle. We then propose two new schemes that offer security against glassbox decryption and also establish the formal security proof for the new schemes in random oracle and standard model.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Unknown where it was published
Keywords
Public Key EncryptionCPA-CCA2 TransformationsRandom Oracle modelStandard model.
Contact author(s)
ssreevivek @ gmail com
sharmioshin @ gmail com
History
2012-03-04: received
Short URL
https://ia.cr/2012/118
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/118,
      author = {S.  Sree Vivek and S.  Sharmila Deva Selvi and C.  Pandu Rangan},
      title = {Stronger Public Key Encryption Schemes Withstanding {RAM} Scraper Like Attacks},
      howpublished = {Cryptology {ePrint} Archive, Paper 2012/118},
      year = {2012},
      url = {https://eprint.iacr.org/2012/118}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.