What Is Encrypted

Secure ICA encryption is applied to the entire ICA packet. Except for a small encryption header, all of the ICA commands and data are encrypted, including:

• Keystrokes
• Mouse data
• Graphic information
• Client drive data
• Client printer data
• Client audio data
         

ENCRYPTION STRENGTH

The strength of an encryption algorithm is related to two factors. One is the strength of the algorithm itself. The second is the size of the key used with the algorithm. The RC5 algorithm has been extensively examined by RSA Data Security, Inc. as well as outside consultants. The cryptographic community is confident that RC5 is a secure algorithm. The only way to break a secure algorithm is to try every possible key on a sequence of encrypted data.

As the size of the key increases, the time and effort required to guess the correct key increases. Trying every possible key is known as a brute force attack. A key 8 bits long contains 256 possible keys. A brute force attack on this key would be simple. However, the number of possible keys increases exponentially with key size. A 56-bit key contains 2⁵⁶ possible keys. If an attacker tried one million keys a second, it would take 2285 years to try each one. A 64-bit key would take the same attacker 585,000 years. It is estimated that a million dollar parallel processing computer can crack a 128-bit key in 10¹⁸ years.

It is important to evaluate the requirements for encryption. If the data being encrypted is time sensitive, shorter keys can be used. For example, if you are encrypting details of a planned merger, the data must be kept secret for a few months. If an attacker manages to decrypt the data 20 years after the merger is complete, whatever information is gained will be useless.

The RC5 Algorithm
The RC5 algorithm was developed by RSA Data Security, Inc. The Secure ICA Option Pack uses the RC5 algorithm to encrypt ICA packets. RC5 is a chaining block cipher. In a chaining block cipher, each block uses a variable size key combined with the encrypted version of the previous block to encrypt the current block. Rounds denotes the number of times each block is passed through the encryption algorithm. Secure ICA uses a 64-bit block size, 12 rounds, and a 40-, 56-, or 128-bit key size.

A detailed description of the RSA RC5 algorithm is available from RSA at http://www.rsa.com.

RC5 Keys
The RC5 algorithm is a symmetric key algorithm. One key is used to both encrypt and decrypt data. The security of the data depends on keeping the key secret. In order to keep data secure, there must be a method of exchanging the RC5 keys without allowing the keys themselves to be copied. The Diffie-Hellman key agreement algorithm generates the same RC5 key on the ICA client and server without exchanging information that compromises the security of the key. The Secure ICA Services uses a total of four keys during each session.

During user logon, Secure ICA uses two 128-bit keys for enhanced security. One key is used to encrypt ICA packets the server sends to the client. The other key is used for client to server communication.

The Secure ICA Option Pack uses two 40-, 56-, or 128-bit keys to encrypt ICA packets after logon. One key is used when the server is sending data to the client. The other key is used for client-to-server communication. Using two separate keys increases security. The key size to use for the session is specified by the ICA client.

An administrator can specify the minimum key size:

• By connection type, using Citrix Connection Configuration

• By published application, using Published Application Manager (for WinfFrame 1.8 and MetaFrame 1.8 servers only)

• By user, using User Manager for Domains (for WinFrame servers only)

Generating RC5 Keys

Each time a ICA client connects to a Citrix server the four RC5 keys are generated.

The Diffie-Hellman algorithm is used when two people need to establish secret keys but they cannot securely transmit those keys to each other. The Citrix server and the ICA Client establish RC5 session keys using the Diffie-Hellman key agreement algorithm.

The Citrix server periodically generates two numbers (A and B) using the Encryption Service installed by the Secure ICA Option Pack. These numbers are the Diffie-Hellman parameters.

The Citrix server and client follow the steps outlined below to establish a 1024-bit secret key. This secret key is split into two 128-bit keys used during logon and two 128-, 56-, or 40-bit keys used after logon.
  

1. The Citrix server generates a private key K1 each time a ICA client connects.

2. Using the private key K1 and the Diffie-Hellman parameters (A and B), the server generates a public key P1.

3. The Citrix server sends the ICA client A, B, and the server's public key P1.

4. The ICA client generates a private key K2 each time a connection is made to a Citrix server. The client receives A, B, and the server's public key P1.

5. Using the private key K2 and the Citrix server's public key P1, a 1024-bit secret key S is generated.

6. The ICA client generates a public key P2 using its private key K2 and the Diffie-Hellman parameters (A and B).

7. The ICA client sends its public key P2 to the WinFrame server.

8. The Citrix server receives the client's public key P2. Using the client's public key P2, the Diffie-Hellman parameters (A and B), and the server's private key K1, the Citrix server generates the secret key S.

The ICA client and Citrix server both have the same 1024-bit secret key S.

The mathematical steps to generate the secret key are described below.
  

Server

• Generate private key K1
• Use two well known values A and B
• Generate a public key P1 = AK1 mod B
• Send P1, A, and B to the client

Client

• Client receives P1, A, and B
• Client generates a private key K2
• Client uses the public key P1 and its private key K2 to generate a secret key S using the following algorithm: S = P1K2 mod B
• Generate a public key P2 = AK2 mod B
• Send P2 to the server

Server

• Server receives P2

• Server uses the public key P2 and its private key K1 to generate a secret key S using the following algorithm: S = P2K1 mod B

Even if P2, P1, A and B are known by an intruder, S cannot be derived from that information. The algorithm relies on the mathematical property that

(AK1 mod B) K2 mod B = AK1K2 mod B

(AK2 mod B) K1 mod B = AK1K2 mod B