LASS Security (Windows Embedded CE 6.0)
1/6/2010
LASS supports application-independent and authentication mechanism-independent user authentication, while LAPs enable application-independent user authentication to devices. Therefore, compromising the security of either the LASS or a LAP will have a direct effect on the security of your sensitive resources.
This section provides security considerations for working with LASS and LAPs. As you do when working with any Windows Embedded CE functionality, you should always use secure coding and authentication techniques. For more information about Windows Embedded CE security services, see Enhancing the Security of a Device.
Best Practices for LASS
Use a two-tier trust model to enhance security
LASS is dependent on a trust model. Without the trust model, LASS can be disabled by any running application. To enhance the security that you get from LASS, you must use a two-tier trust model, or make sure that you do not allow applications, created by application developers, to run on your operating system. For more information about creating a trusted environment, see Trusted Environment Creation.
Best Practices for a LAP
Understand the enrollment behavior of the LAP before having the application call VerifyUser for the first time
The password LAP that is available in Windows Embedded CE is currently configured to return TRUE on application calls to VerifyUser until an enrollment has completed. Since this behavior can potentially compromise your device, the application must always enroll with the LAP before the first call to VerifyUser.
Implement the LASS Exponential Backoff mechanism
If your LAP is vulnerable to brute force attacks, it is good practice to have the LAP implement the LASS Exponential Backoff mechanism. This mechanism is designed to deter brute force attacks that rapidly try several authentications on a LAP by introducing an exponentially increasing time delay between unsuccessful consecutive application attempts to call VerifyUser. For more information about the exponential backoff mechanism, see LASS Exponential Backoff.
Use discretion when you assign trust levels to third-party applications
The password LAP that is available in Windows Embedded CE uses the SetPassword and GetPasswordActive functions, and therefore can be interfered by a privileged application.
Default Registry Settings
When working with LASS and LAPs, you should be aware of the registry settings that impact security. If a value has security implications, you will find a Security Note in the registry settings documentation. For LASS-related registry information, see LASS Registry Settings.
Ports
No specific ports are used for LASS.
See Also
Reference
Concepts
Trusted Environment Creation
LASS Exponential Backoff
Other Resources
Local Authentication Subsystem (LASS)
Enhancing the Security of a Device