What is Secure ICA? Secure ICA provides advanced, end-to-end encryption of the ICA data stream. MetaFrame today includes a basic level of data encryption in the base product. Though this base level is satisfactory for most MetaFrame users, some customers have asked for more cryptographically secure methods of protecting the information that is sent between the MetaFrame client and server. Secure ICA provides this advanced level of encryption. What level of encryption is being offered in Secure ICA? Secure ICA is being offered in three different levels of encryption or key lengths - a 40-bit key, 56-bit key and 128-bit key. The purpose of providing these three different levels is:
What is Key Length? The reference to key length when describing the strength of encryption refers to the number of bits that need to be accurately aligned or flipped when encrypting or decrypting data. The easiest way to envision the level of security gained by a given key length is to picture a house or car key. Each of the notches in the key needs to be aligned perfectly to gain access to the house or to start the car. The wrong key, will not turn because it's notches do not align with the pins (or bits) of the lock. A longer key such as a 128bit key is comparable to a house or car key that has 128 pins to align. The longer the key, the more difficult it would be for a person to pick the lock. The same holds true for encryption. The longer the key the less likely it is that someone would be able to break the code. How strong is 128-bit encryption? Many educational institutions and large corporations, as well as the US government have done studies on cracking encryption. The net result is that cracking the code is a function of available processing power. Processing power is simply a function of money. The more processing power (money) available to attack the encryption, the faster the encryption will be broken. The following table illustrates the amount of time and money necessary to break an encrypted file in a brute-force attack against various key lengths using processor power pricing data from 1995.
What does this table mean? Using $1,000,000,000,000 of processing power against a 128-bit encrypted file it would take 1,000,000,000,000 years to break the code. Will Secure ICA impact MetaFrame systems performance? Is the key length a factor on system performance? An individual user should not see a measurable change in response time when using Secure ICA. But encryption does require processing power on both the client and the server. Depending on the application, customers may want to increase system resources (memory and processor) when running this advanced encryption. Key length is not a factor in the impact on system performance. There will be no difference in performance using a 40-bit key versus a 128-bit key. Will Secure ICA work with any protocol and any connection type? Yes, Secure ICA will operate properly over all MetaFrame supported protocols and connections including RAS and direct ASYNC ICA connections. Some users may choose to turn the encryption off on the PPP RAS connection during an ICA session to reduce overhead. Does Secure ICA work for all client platforms? Secure ICA includes clients for DOS, Win16 and Win32. Web clients (NS plugin and ActiveX control) are also included. Will ICA thin client devices support Secure ICA? Secure ICA is architected to work with any client that supports the ICA protocol stack. Devices such as Wyse WinTerms or Boundless TCs are capable of using Secure ICA. ICA device vendors will have to supply the client-side protocol drivers for encryption, meaning that they will have to flash their ROM. |
|