SecureICA

Secure ICA Technical Overview
Back to Secure ICA Section

The SecureICA Implementation

This section details the SecureICA implementation.

The SecureICA encryption modules use the RC5 algorithm to encrypt ICA packets. A random RC5 key is generated for each MetaFrame session. The Diffie-Hellman key agreement algorithm is used to generate the session key on the MetaFrame client and the MetaFrame server.

SecureICA Technical Overview
The Secure ICA Implementation
The RC5 Algorithm
Encryption Strength
SecureICA Performance
Other Security Concerns

SecureICA Protocol Architecture

The Independent Computing Architecture (ICA) is a modular architecture. The encryption layer is negotiated at connect time between the MetaFrame server and MetaFrame client.

The ICA Protocol and Transport Layers

Beneath the ICA data packets, there are several optional protocol driver layers. Their existence and use is negotiated during the ICA handshaking that occurs at the start of a session. Since these layers sit below ICA, they can be removed or replaced. Additional protocol drivers can also be added. The SecureICA encryption module is inserted at this layer.

The following diagram shows an expanded view of the ICA protocol layer.

What is encrypted

SecureICA encryption is applied to the entire ICA packet. Except for a small encryption header, all of the ICA commands and data are encrypted. This includes:

Keystrokes

Mouse data

Graphic information

Client drive data

Client printer data