Visible to the public Using Intel SGX to Protect Authentication Credentials in an Untrusted Operating System

TitleUsing Intel SGX to Protect Authentication Credentials in an Untrusted Operating System
Publication TypeConference Paper
Year of Publication2018
AuthorsCondé, R. C. R., Maziero, C. A., Will, N. C.
Conference Name2018 IEEE Symposium on Computers and Communications (ISCC)
Date Publishedjun
Keywordsauthentication, authentication credentials, authorisation, BIOS, BIOS Security, computational security, Encryption, Hardware, Human Behavior, Intel SGX, Metrics, OS kernel, PAM authentication framework, password, password file protection scheme, private memory regions, privileged code, Program processors, pubcrawl, Resiliency, Scalability, security of data, sensitive applications, SGX enclave, software architecture, Software Guard Extensions, TCB, telecommunication security, Trusted Computing, trusted computing base, UniSGX, Unix, Unix systems, untrusted operating system
AbstractAn important principle in computational security is to reduce the attack surface, by maintaining the Trusted Computing Base (TCB) small. Even so, no security technique ensures full protection against any adversary. Thus, sensitive applications should be designed with several layers of protection so that, even if a layer might be violated, sensitive content will not be compromised. In 2015, Intel released the Software Guard Extensions (SGX) technology in its processors. This mechanism allows applications to allocate enclaves, which are private memory regions that can hold code and data. Other applications and even privileged code, like the OS kernel and the BIOS, are not able to access enclaves' contents. This paper presents a novel password file protection scheme, which uses Intel SGX to protect authentication credentials in the PAM authentication framework, commonly used in UNIX systems. We defined and implemented an SGX-enabled version of the pam\_unix.so authentication module, called UniSGX. This module uses an SGX enclave to handle the credentials informed by the user and to check them against the password file. To add an extra security layer, the password file is stored using SGX sealing. A threat model was proposed to assess the security of the proposed solution. The obtained results show that the proposed solution is secure against the threat model considered, and that its performance overhead is acceptable from the user point of view. The scheme presented here is also suitable to other authentication frameworks.
DOI10.1109/ISCC.2018.8538470
Citation Keyconde_using_2018