Protecting Password Databases using Trusted Hardware Klaudia - PowerPoint PPT Presentation

Protecting Password Databases using Trusted Hardware Klaudia Krawiecka, Andrew Paverd, N. Asokan Aalto University, Finland This work was supported by the Cloud Security Services (CloSer) project funded by Tekes - the Finnish Funding Agency for Innovation, and the Intel Collaborative Research Institute for Secure Computing.

Storing Passwords salt (s) f(p,s), s password (p) =? f Browser [secure channel] Web Server 2

Storing Passwords salt (s) f(p,s), s password (p) =? f Browser [secure channel] Web Server 3

Storing Passwords salt (s) f(p,s), s password (p) =? f Browser [secure channel] Web Server attacks out of scope attacks in scope 4

Trusted Execution Environments TEE Hardware-enforced isolation Application Application - Isolated execution Operating System TEE - Sealed storage - (Remote attestation) Hardware 5

Storing Passwords Securely salt (s) f(k,p,s), s password (p) =? (k) f Browser [secure channel] key (k) Web Server 6

Storing Passwords Securely salt (s) f(k,p,s), s password (p) =? (k) f Browser [secure channel] key (k) Web Server Requires side-channel resistant design 7

Prototype PHPass integration PHP-C++ binding C++ library SGX enclave 8

Prototype PHPass integration - Key generation or import - Key sealing (MRENCLAVE) PHP-C++ - Keyed one-way function binding - CMAC from sgx_tcrypto library - 128 bit key C++ library - AES-NI hardware acceleration - Lines of code: 60 SGX enclave (+ Intel trusted libraries) 9

Prototype PHPass integration - Enclave initialization - Sealed data storage/retrieval PHP-C++ binding C++ library SGX enclave 10

Prototype PHPass integration - PHP-CPP “C++ library for writing PHP extensions” - PHP-C++ binding http://www.php-cpp.com/ C++ library SGX enclave 11

Prototype PHPass integration - Used by WordPress, Joomla, etc. - Default: multi-round MD5 (!) PHP-C++ binding - Enhanced to use our SGX enclave C++ library SGX enclave 12

Prototype Setup: Intel Core i5 6500 3.2 GHz, 8 GB RAM, Ubuntu 14.04 WordPress 4.5.3, PHP 5.5.9, Apache 2.4.7 13

Performance single threaded Initialization: 2.74 ms Scalability: 442 k ops/s Latency: 3.74 µs salt (s) f(k,p,s), s password (p) =? (k) f Browser [secure channel] key (k) Web Server Setup: Intel Core i5 6500 3.2 GHz, 8 GB RAM, Ubuntu 14.04 14

Performance WordPress Login Unmodified: 151.1 ms With SGX: 153.6 ms salt (s) f(k,p,s), s POST =? (k) f Browser response key (k) ACK Web Server Setup: Intel Core i5 6500 3.2 GHz, 8 GB RAM, Ubuntu 14.04 WordPress 4.5.3, PHP 5.5.9, Apache 2.4.7 15

Work in Progress Compromised web server salt (s) f(k,p,s), s password (p) =? (k) f Browser key (k) Web Server Attacker learns passwords immediately 16

Work in Progress Browser-verified attestation and secure channel directly to enclave salt (s) f(k,p,s), s attestation =? (k) f Browser password (p) key (k) Web Server Back to offline password guessing attack 17

Work in Progress Browser-verified attestation and secure channel directly to enclave salt (s) f(k,p,s), s attestation =? (k) f Browser password (p) key (k) How to verify this and Web Server indicate this to users? How to rate-limit Back to offline password guessing attack internally? 18

Work in Progress Other uses for this design: - Payment card data Personal data - … - attestation (k) f Browser password (p) key (k) Highly scalable Web Server attestation? c.f. Lyle & Martin. "Engineering attestable services" TRUST , 2010. 19

Conclusion PHPass integration PHP-C++ - TEEs can help to protect password databases binding - Can be integrated into existing systems C++ library - Performance is sufficient SGX enclave - Some challenges still remain - Potential for future work salt (s) f(k,p,s), s password (p) =? (k) f Browser [secure channel] key (k) Web Server 20