ASF 2.0 Key Deployment

In ASF 1.0, the remote control protocol does not support any form of authentication. As a result, any user could generate an RMCP packet that could reboot the system if its remote control capabilities are enabled. To address these concerns, the specification was updated so security is now an integral part of the remote control functionality.

As part of the security initiative, the ASF 2.0 specification requires a symmetrical key – a long term key that is shared by both the agent and the management console - as well as session keys. It also defines the RSP protocol such that the remote control protocols are now secure. The specification framers, however, were mindful of the fact that there is great diversity among organizations in terms of network security infrastructure and security tolerance. With respect to the key exchange between the agent and the management console, the specification for key deployment is sufficiently broad to support the diversity without compromising security. Officially, key exchange requires “an out-of-band mechanism (e.g. local physical access or remote access via a secured connection”.

Intel’s ASF solution supports a variety of options. The first option is local physical access – placing the keys in each system with an agent and placing the corresponding keys in the management console. Many IT organizations have customized images that they put on new systems upon arrival. As part of this imaging process, organizations may chose to put the ASF key into the system.

However, this option is not suitable for all environments. It does not address the pre-existing systems that do not have keys. If the keys are compromised or lost, the keys must be replaced. It does not scale very well – the effort to get keys to a thousand systems or more is nontrivial. The Intel ASF solution provides a mechanism to do key exchange between the agent and the management console over network. These mechanisms are supported at the WMI layer so they may be invoked from a remote machine. To limit access, the standard WMI security model is used - users are authenticated by their username and password prior to gaining access to WMI. Keys are dynamically generated at the management console and the encrypted keys are sent over the network to the agent system. The agent system decrypts the keys and stores them. Once the keys are available at the agent and the management console, the remote control functions can be performed securely.

Alternatively, organizations may wish to use a secure connection such as those afforded by a public key infrastructure to exchange keys or a secure shell connection. When used in conjunction with Intel’s ASF key generation and load/store functionality, organizations can define a key exchange model for ASF that suits their needs.