Protecting Password Databases using Trusted Hardware Klaudia Krawiecka, Andrew Paverd, N. Asokan Aalto University, Finland This work was supported by the Cloud Security Services (CloSer) project funded by Tekes - the Finnish Funding Agency for Innovation, and the Intel Collaborative Research Institute for Secure Computing.
Storing Passwords salt (s) f(p,s), s password (p) =? f Browser [secure channel] Web Server 2
Storing Passwords salt (s) f(p,s), s password (p) =? f Browser [secure channel] Web Server 3
Storing Passwords salt (s) f(p,s), s password (p) =? f Browser [secure channel] Web Server attacks out of scope attacks in scope 4
Trusted Execution Environments TEE Hardware-enforced isolation Application Application - Isolated execution Operating System TEE - Sealed storage - (Remote attestation) Hardware 5
Storing Passwords Securely salt (s) f(k,p,s), s password (p) =? (k) f Browser [secure channel] key (k) Web Server 6
Storing Passwords Securely salt (s) f(k,p,s), s password (p) =? (k) f Browser [secure channel] key (k) Web Server Requires side-channel resistant design 7
Prototype PHPass integration PHP-C++ binding C++ library SGX enclave 8
Prototype PHPass integration - Key generation or import - Key sealing (MRENCLAVE) PHP-C++ - Keyed one-way function binding - CMAC from sgx_tcrypto library - 128 bit key C++ library - AES-NI hardware acceleration - Lines of code: 60 SGX enclave (+ Intel trusted libraries) 9
Prototype PHPass integration - Enclave initialization - Sealed data storage/retrieval PHP-C++ binding C++ library SGX enclave 10
Prototype PHPass integration - PHP-CPP “C++ library for writing PHP extensions” - PHP-C++ binding http://www.php-cpp.com/ C++ library SGX enclave 11
Prototype PHPass integration - Used by WordPress, Joomla, etc. - Default: multi-round MD5 (!) PHP-C++ binding - Enhanced to use our SGX enclave C++ library SGX enclave 12
Prototype Setup: Intel Core i5 6500 3.2 GHz, 8 GB RAM, Ubuntu 14.04 WordPress 4.5.3, PHP 5.5.9, Apache 2.4.7 13
Performance single threaded Initialization: 2.74 ms Scalability: 442 k ops/s Latency: 3.74 µs salt (s) f(k,p,s), s password (p) =? (k) f Browser [secure channel] key (k) Web Server Setup: Intel Core i5 6500 3.2 GHz, 8 GB RAM, Ubuntu 14.04 14
Performance WordPress Login Unmodified: 151.1 ms With SGX: 153.6 ms salt (s) f(k,p,s), s POST =? (k) f Browser response key (k) ACK Web Server Setup: Intel Core i5 6500 3.2 GHz, 8 GB RAM, Ubuntu 14.04 WordPress 4.5.3, PHP 5.5.9, Apache 2.4.7 15
Work in Progress Compromised web server salt (s) f(k,p,s), s password (p) =? (k) f Browser key (k) Web Server Attacker learns passwords immediately 16
Work in Progress Browser-verified attestation and secure channel directly to enclave salt (s) f(k,p,s), s attestation =? (k) f Browser password (p) key (k) Web Server Back to offline password guessing attack 17
Work in Progress Browser-verified attestation and secure channel directly to enclave salt (s) f(k,p,s), s attestation =? (k) f Browser password (p) key (k) How to verify this and Web Server indicate this to users? How to rate-limit Back to offline password guessing attack internally? 18
Work in Progress Other uses for this design: - Payment card data Personal data - … - attestation (k) f Browser password (p) key (k) Highly scalable Web Server attestation? c.f. Lyle & Martin. "Engineering attestable services" TRUST , 2010. 19
Conclusion PHPass integration PHP-C++ - TEEs can help to protect password databases binding - Can be integrated into existing systems C++ library - Performance is sufficient SGX enclave - Some challenges still remain - Potential for future work salt (s) f(k,p,s), s password (p) =? (k) f Browser [secure channel] key (k) Web Server 20
Recommend
More recommend
