Mitigating Password Database Breaches with Intel SGX Helena Brekalo - - PowerPoint PPT Presentation

mitigating password database breaches with intel sgx
SMART_READER_LITE
LIVE PREVIEW

Mitigating Password Database Breaches with Intel SGX Helena Brekalo - - PowerPoint PPT Presentation

Oct 28, 2023 145 likes •516 views

Mitigating Password Database Breaches with Intel SGX Helena Brekalo Raoul Strackx Frank Piessens imec - Distrinet, KU Leuven December 12, 2016 Brekalo, Strackx , Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 1

slide-1
SLIDE 1

Mitigating Password Database Breaches with Intel SGX

Helena Brekalo Raoul Strackx Frank Piessens

imec - Distrinet, KU Leuven

December 12, 2016

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 1 / 18

slide-2
SLIDE 2

Introduction

Outline

1

Introduction

2

Problem Statement

3

Performance Evaluation

4

Conclusion

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 2 / 18

slide-3
SLIDE 3

Introduction

Passwords: The ugly truth

Passwords are everywhere and heavily depended upon Developers are not always careful . . . nor are users Passwords are often not the most sensitive data

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 3 / 18

slide-4
SLIDE 4

Introduction

Passwords: The ugly truth

Passwords are everywhere and heavily depended upon

Only a password and “security questions” are required I’d like stronger protection for my money

Developers are not always careful . . . nor are users Passwords are often not the most sensitive data

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 3 / 18

slide-5
SLIDE 5

Introduction

Passwords: The ugly truth

Passwords are everywhere and heavily depended upon Developers are not always careful

Sells offensive intrusion and surveillance capabilities 400GB of lost data

. . . nor are users Passwords are often not the most sensitive data

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 3 / 18

slide-6
SLIDE 6

Introduction

Passwords: The ugly truth

Passwords are everywhere and heavily depended upon Developers are not always careful . . . nor are users

BAH: Consulting firm for Homeland Security, . . . MD5-hashes without a salt “123456” appeared 22x in the database

Passwords are often not the most sensitive data

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 3 / 18

slide-7
SLIDE 7

Introduction

Passwords: The ugly truth

Passwords are everywhere and heavily depended upon Developers are not always careful . . . nor are users Passwords are often not the most sensitive data

“Discretion matters” 30M entries Dates of birth, Names, Passwords, Sexual

  • rientations, Website

activity, . . .

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 3 / 18

slide-8
SLIDE 8

Problem Statement

Outline

1

Introduction

2

Problem Statement

3

Performance Evaluation

4

Conclusion

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 4 / 18

slide-9
SLIDE 9

Problem Statement

Attacker Model

Server-side protection Potential malicious cloud provider/compromised kernel Complete password data may be leaked

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 5 / 18

slide-10
SLIDE 10

Problem Statement

Security Properties

Offline attacks:

Focus on stored passwords Computational infeasible to break passwords

Online attacks:

Enforce strong passwords Guess-limit attacker

→ Out of scope Other sensitive data: Out of scope

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 6 / 18

slide-11
SLIDE 11

Problem Statement

Why is this so hard?

“Weaken the attacker, without putting strain on the defender”

PBKDF2: Reduce speed to hash passwords Scrypt: Increase required memory Separate HW: Keep (a part of) the password secret

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 7 / 18

slide-12
SLIDE 12

Problem Statement

Setup

The bad approach

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 8 / 18

slide-13
SLIDE 13

Problem Statement

Setup

The bad approach

passwordstored = SHA1(password)

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 8 / 18

slide-14
SLIDE 14

Problem Statement

Setup

The bad approach

passwordstored = SHA1(password||salt)

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 8 / 18

slide-15
SLIDE 15

Problem Statement

Setup

The bad approach

Problem: Offline bruteforce attacks

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 8 / 18

slide-16
SLIDE 16

Problem Statement

Iteration 1: Intel SGX to the rescue!

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 9 / 18

slide-17
SLIDE 17

Problem Statement

Iteration 1: Intel SGX to the rescue!

passwordstored = HMAC(k, password||salt)

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 9 / 18

slide-18
SLIDE 18

Problem Statement

Iteration 1: Intel SGX to the rescue!

passwordstored = HMAC(k, password||salt) k must never leave the enclave!

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 9 / 18

slide-19
SLIDE 19

Problem Statement

Iteration 1: Intel SGX to the rescue!

passwordstored = HMAC(k, password||salt) Scenario 1: Attacker leaks PWD database

no bruteforce attacks against passwords as k is never leaked. no hash-collisions for the same password

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 9 / 18

slide-20
SLIDE 20

Problem Statement

Iteration 1: Intel SGX to the rescue!

passwordstored = HMAC(k, password||salt) Scenario 2: Attacker creates fake passwords then leaks PWD database

no bruteforce attacks against passwords as salt ensures different

hashes for different users.

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 9 / 18

slide-21
SLIDE 21

Problem Statement

Iteration 1: Intel SGX to the rescue!

passwordstored = HMAC(k, password||salt) Problem: In the cloud the enclave will have to move to a different VM

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 9 / 18

slide-22
SLIDE 22

Problem Statement

Iteration 2: Migratable Enclaves

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 10 / 18

slide-23
SLIDE 23

Problem Statement

Iteration 2: Migratable Enclaves

Option 1: Dedicated server to keep k + Easy

  • Single point of failure
  • Active defense mechanisms (e.g., guess limiting) need to

communicate with the server

1Strackx and Lambrigts. “Idea: State-Continuous Transfer of State in

Protected-Module Architectures”. 2015. Engineering Secure Software and Systems

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 11 / 18

slide-24
SLIDE 24

Problem Statement

Iteration 2: Migratable Enclaves

Option 2: End-to-end transfer of state-continuous enclave state + No single point of failure

  • Both endpoints need to be active at the same time
  • Active defense mechanisms (e.g., guess limiting) pose a

challenge1

1Strackx and Lambrigts. “Idea: State-Continuous Transfer of State in

Protected-Module Architectures”. 2015. Engineering Secure Software and Systems

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 11 / 18

slide-25
SLIDE 25

Problem Statement

Iteration 2: Migratable Enclaves

Option 3: True P2P network of enclaves + No single point of failure + Flexible

  • Harder to implement
  • Active defense mechanisms (e.g., guess limiting) pose an

(unsolved) challenge

1Strackx and Lambrigts. “Idea: State-Continuous Transfer of State in

Protected-Module Architectures”. 2015. Engineering Secure Software and Systems

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 11 / 18

slide-26
SLIDE 26

Problem Statement

Iteration 2: Migratable Enclaves

Problem: Preventing an attacker to move the enclave to her own machine

1Strackx and Lambrigts. “Idea: State-Continuous Transfer of State in

Protected-Module Architectures”. 2015. Engineering Secure Software and Systems

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 11 / 18

slide-27
SLIDE 27

Problem Statement

A Modified Attestation Scheme

General idea:

1

Provide each VM with a cloud provider’s enclave

2

Check during attestation that the password enclave is executing

  • n the same machine as one of those particular enclaves

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 12 / 18

slide-28
SLIDE 28

Problem Statement

A Modified Attestation Scheme

An attacker should not be able to create a cloud provider’s

enclave: keep SKCP securely sealed

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 13 / 18

slide-29
SLIDE 29

Performance Evaluation

Outline

1

Introduction

2

Problem Statement

3

Performance Evaluation

4

Conclusion

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 14 / 18

slide-30
SLIDE 30

Performance Evaluation

Performance Evaluation

Overhead is caused by: HMAC uses 2 SHA3 calls Entering/exiting the enclave is time consuming Without SGX SGX Algorithm SHA3 SHA3-HMAC Time (ms) 0.006788 0.046023

Table: Performance measures of the creation of passwords with and without the use of SGX.

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 15 / 18

slide-31
SLIDE 31

Conclusion

Outline

1

Introduction

2

Problem Statement

3

Performance Evaluation

4

Conclusion

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 16 / 18

slide-32
SLIDE 32

Conclusion

Conclusion

Yes SGX is a prime candidate to harden password mechanisms That can be implemented with minimal effort But it’s a short-term solution SGX’ sealing and attestation mechanism makes it ideal for 2FA: Proof that you possess 1 or multiple devices, secure from malware on these devices

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 17 / 18

slide-33
SLIDE 33

Conclusion

Questions?

raoul.strackx@cs.kuleuven.be

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 18 / 18

slide-34
SLIDE 34

Providing Active Defense Mechanisms

Outline

5

Providing Active Defense Mechanisms

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 1 / 3

slide-35
SLIDE 35

Providing Active Defense Mechanisms

Iteration 3: Active defense mechanisms

Easy to implement: Enforcing strong passwords No re-using passwords . . . Hard to implement:

  • Max. number of password guess

Increasing timeout per guess

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 2 / 3

slide-36
SLIDE 36

Providing Active Defense Mechanisms

Iteration 3: Active defense mechanisms

Potential attacks: Rolling back state of the password enclave Forking multiple instances of the enclave

→ State-continuity: Once a password is provided, the enclave should

continue execution based on that input, or never advance at all. How do you do this in a distributed environment?

Brekalo, Strackx, Piessens (KU Leuven) Mitigating Password Database Breaches December 12, 2016 3 / 3