Mitigating Password Database Breaches with Intel SGX

Abstract

In order to prevent rainbow attacks against a stolen password database, most passwords are appended with a unique salt before hashing them as to make the password random and more secure. However, the decreasing cost of hardware has made it feasible to perform brute force attacks by guessing the passwords (even when extended with their salt). Recently Intel has made processors with Intel SGX commercially available. This security technology enables developers to (1) completely isolate code and data running in an SGX enclave from untrusted code running at any privilege layer and (2) prevent data sealed to an enclave from being accessed on any other machine. We propose to add a key to the password (and salt) before they are hashed. By calculating the hash within an enclave, the key never leaves the enclave. This provides much stronger protection; offline attacks are infeasible without knowledge of the key. Online attacks on the other hand are much easier to defend against.