Stronger public key encryption system withstanding RAM scraper like attacks

The indistinguishability of ciphertext under the chosen ciphertext attack (IND-CCA2) is often considered to offer the strongest security notion for a public key encryption system. Nowadays, because of the availability of powerful malwares, an adversary is able to obtain “more” information than what he could obtain in the CCA2 security model. In order to realistically model the threats posed by such malwares, we need to empower the adversary to obtain additional information. This paper initiates a research to counter malwares such as RAM scrapers and extend the CCA2 model with oracles providing additional information to capture the effect of RAM scrapers precisely. We call this more stronger security notion as glass box decryption. After discussing the new kind of attack/threat and the related oracle, we show that almost all CCA2 secure systems are vulnerable to this kind of attack. We then propose a new system that offers security against glass box decryption and provide the formal security proof for the new system in the standard model. Copyright © 2016 John Wiley & Sons, Ltd.