Protecting Password Databases using Trusted Hardware Klaudia - - PowerPoint PPT Presentation

Protecting Password Databases using Trusted Hardware

Klaudia Krawiecka, Andrew Paverd, N. Asokan Aalto University, Finland

This work was supported by the Cloud Security Services (CloSer) project funded by Tekes - the Finnish Funding Agency for Innovation, and the Intel Collaborative Research Institute for Secure Computing.

Storing Passwords

2

Browser Web Server f(p,s), s f password (p) [secure channel] salt (s)

=?

Storing Passwords

3

Browser Web Server f(p,s), s f password (p) [secure channel] salt (s)

=?

Storing Passwords

4

Browser Web Server f(p,s), s f password (p) [secure channel] salt (s)

=?

attacks out of scope attacks in scope

Trusted Execution Environments

5

• Isolated execution
• Sealed storage
• (Remote attestation)

Operating System Application TEE TEE

Hardware-enforced isolation

Application Hardware

key (k)

Storing Passwords Securely

6

Browser Web Server f(k,p,s), s f password (p) [secure channel] salt (s)

=?

(k)

key (k)

Storing Passwords Securely

7

Browser Web Server f(k,p,s), s f password (p) [secure channel] salt (s)

=?

(k)

Requires side-channel resistant design

Prototype

8

SGX enclave C++ library PHP-C++ binding PHPass integration

Prototype

• Key generation or import
• Key sealing (MRENCLAVE)
• Keyed one-way function
• CMAC from sgx_tcrypto library
• 128 bit key
• AES-NI hardware acceleration
• Lines of code: 60

9

SGX enclave C++ library PHP-C++ binding PHPass integration

(+ Intel trusted libraries)

Prototype

• Enclave initialization
• Sealed data storage/retrieval

10

SGX enclave C++ library PHP-C++ binding PHPass integration

Prototype

• PHP-CPP
• “C++ library for writing PHP extensions”

http://www.php-cpp.com/

11

SGX enclave C++ library PHP-C++ binding PHPass integration

Prototype

• Used by WordPress, Joomla, etc.
• Default: multi-round MD5 (!)
• Enhanced to use our SGX enclave

12

SGX enclave C++ library PHP-C++ binding PHPass integration

Prototype

13

Setup: Intel Core i5 6500 3.2 GHz, 8 GB RAM, Ubuntu 14.04 WordPress 4.5.3, PHP 5.5.9, Apache 2.4.7

key (k)

Performance

14

Browser Web Server f(k,p,s), s f password (p) [secure channel] salt (s)

=?

(k) Setup: Intel Core i5 6500 3.2 GHz, 8 GB RAM, Ubuntu 14.04 Initialization: 2.74 ms Scalability: 442 k ops/s Latency: 3.74 µs

single threaded

key (k)

Performance

15

Browser Web Server f(k,p,s), s f POST salt (s)

=?

(k) Setup: Intel Core i5 6500 3.2 GHz, 8 GB RAM, Ubuntu 14.04 WordPress 4.5.3, PHP 5.5.9, Apache 2.4.7 WordPress Login Unmodified: 151.1 ms With SGX: 153.6 ms response ACK

key (k)

Work in Progress

16

Browser Web Server f(k,p,s), s f password (p) salt (s)

=?

(k) Compromised web server Attacker learns passwords immediately

key (k)

Work in Progress

17

Browser Web Server f(k,p,s), s f password (p) salt (s)

=?

(k) Browser-verified attestation and secure channel directly to enclave attestation Back to offline password guessing attack

key (k)

Work in Progress

18

Browser Web Server f(k,p,s), s f password (p) salt (s)

=?

(k) Browser-verified attestation and secure channel directly to enclave attestation Back to offline password guessing attack How to verify this and indicate this to users? How to rate-limit internally?

key (k)

Work in Progress

19

Browser Web Server f password (p) (k) Other uses for this design:

• Payment card data
• Personal data
• …

attestation c.f. Lyle & Martin. "Engineering attestable services" TRUST, 2010. Highly scalable attestation?

Conclusion

• TEEs can help to protect password databases
• Can be integrated into existing systems
• Performance is sufficient
• Some challenges still remain
• Potential for future work

20

SGX enclave C++ library PHP-C++ binding PHPass integration key (k) Browser Web Server f(k,p,s), s f password (p) [secure channel] salt (s)

=?

(k)