1. Authentication protocols. A large Appalachian research university wants to implement a central sign-on facility where users authenticate themselves to an official site then receive a token that confirms their identity to all other campus sites (a) Assuming the protocol is competently implemented and deployed, how might deploy- ing this service improve security on campus? Under the same assumptions, how might it hurt security? Suppose the sign-on protocol proceeds as follows: When the user visits site A, which requires authentication, site A redirects the user to the central sign-on site. Following authentication, the central sign-on site redirects the user's browser back to a standardized HTTPS URL at site A with the following parameters: u, the user's username, and Sign(u), a digital signature produced with the sign-on site's private key. (Assume that the corresponding public key is widely known.) The site checks that the signature is valid for u, and considers the user authorized if so (c) If site A is controlled by an attacker, how can it trivially impersonate the user to other sites that trust the sign-on protocol? (d) Propose a simple change to the protocol that would fix the problem identified in (c). Professor Vuln would like to provide a simple mechanism to allow members of his massive research group to authenticate to each other before they exchange confidential data. He decides to distribute a shared secret key k that will allow the group members to mutually authenticate each other. His protocol is given below