which secure channel?

In a group VPN the members rekey with the server using the Unicast PUSH method. This rekey mechanism is protected by which secure channel?

In a group VPN the members rekey with the server using the Unicast PUSH method. This rekey mechanism is protected by which secure channel?

A.
KEK

B.
IPSec SA

C.
TEK

D.
IKE SA

Show Hint

Leave a Reply 4

Your email address will not be published. Required fields are marked *

dalby

dalby

the mechanism happens within a vpn, so multiple answers are possible?

Reply

hisham

hisham

there is three type of rekey methods:

pull methods: using IKE SA and no need for KEK

unicast push methods:using KEK with Ack mechanism

multicast push methods: KEK without Ack mechanism

Reply

Sajid

Sajid

Answer: D (IKE SA)

It’s true that Key Encryption Key (KEK) is used to encrypt rekey messages. But in the same time GDOI exchanges in Phase 2 must be protected by ISAKMP Phase 1 Sas. And GDOI groupkey – push exchange is one of the two types of GDOI exchanges: groupkey-pull and groupkey-push.

Reply

mr_tienvu

mr_tienvu

I have the same idea. A

Reply