Modern software ecosystem is data-centric. Data exfiltration due to the attacks of Memory Scraper type malwares is an emerging threat. In this paper, we set up an appropriate mathematical model capturing the threat such attacks pose to Identity-Based Cryptosystems (IBE). Following the formalism, we demonstrate an attack on popular Boneh-Franklin CCA2 secure IBE construction that compels us to relook the fact of CCA2 being the de-facto standard of security. We offer two constructions, one identity based and another public-key based (PKE) encryption schemes capable of withstanding Ram Scraper attacks. Our design assumes a hybrid system equipped with a bare minimal 'Trusted Platform Module' (TPM) that can only perform group exponentiation operation. Building systems to implement our IBE/PKE protocols should be feasible as well as efficient from practical standpoint.
↧