4. (5 Marks) The following protocol is used in fincorp.com The network is comprised of N nodes, and each node X has been assigned a unique master secret key Kx which is shared between that node and the KDC. The key is used to secure communication between the node and the trusted server KDC. That is, a copy of all the keys are stored on the server. A user such as Alice sends a secret message M to Bob using the following protocol 1. A KDC : IDAI IE(KA, IDBI IKs) where Ks is a random 128-bit session key generated by A IDA is Alice's node id and IDB 1s destination's node id (Bob) 2. KDC -A E(KB, Ks) B knows KB, thus decrypts E(KB, Ks) to get Ks and will subsequently use Ks to decrypt E(Ks, M) to get M. Notes: The protocol uses AES in Counter mode (AES-CTR) for confidentiality (E) in aforementioned steps) where 128-bit random IV is sent as the first block of the cipher text The node IDs are known to all N participants and are each 128-bit values. For instance you can think of Alice's ID as the first 128-bit of SHA256 hash of string alice. The protocol must be resistant to insider attack (for instance by Zack who is an employee of fincorp) (a) Clearly state whether this protocol is secure or not (whether M can be recovered by an attacker or not) (b) Justify your answer. 4. (5 Marks) The following protocol is used in fincorp.com The network is comprised of N nodes, and each node X has been assigned a unique master secret key Kx which is shared between that node and the KDC. The key is used to secure communication between the node and the trusted server KDC. That is, a copy of all the keys are stored on the server. A user such as Alice sends a secret message M to Bob using the following protocol 1. A KDC : IDAI IE(KA, IDBI IKs) where Ks is a random 128-bit session key generated by A IDA is Alice's node id and IDB 1s destination's node id (Bob) 2. KDC -A E(KB, Ks) B knows KB, thus decrypts E(KB, Ks) to get Ks and will subsequently use Ks to decrypt E(Ks, M) to get M. Notes: The protocol uses AES in Counter mode (AES-CTR) for confidentiality (E) in aforementioned steps) where 128-bit random IV is sent as the first block of the cipher text The node IDs are known to all N participants and are each 128-bit values. For instance you can think of Alice's ID as the first 128-bit of SHA256 hash of string alice. The protocol must be resistant to insider attack (for instance by Zack who is an employee of fincorp) (a) Clearly state whether this protocol is secure or not (whether M can be recovered by an attacker or not) (b) Justify your