Discuss the following:

When using a public cryptographic hash function, how to add a shared key

into message to compute a hash value so that it is resilent to mod$-$ ification

attack?

How to do encryption and signature respectively using RSA? When both

encryption and signature are needed, which should go first, why?

$[12$ points$]$ This problem is about the security services each protocol pro$-$

vides. Let us consider four security services: Confidentiality $($C$),$ Integrity $($I$),$

sender Authentication $($A$),$ and Non$-$Repudiation $($NR$).$ Notes: assume that

the public key $($and its private key$)$ cannot be forged and is authentic. So$,$ if a

signature of a message can be verified via the corresponding public key, the

sender will not be able to deny having sent the message. Suppose the

following notations are used: $k_1,k_2$ : keys shared between a sender $S_{{?}_{?}}$

and a receiver $R$;$E_k(x)$ : $($symmetric or asymmetric$)$ encryption of $x$ under $k$;$SI{G}_k(x)$ :

signature on $x$ under $k$; $x_p$ : private key of entity $x$;$x_{\text{p}\text{u}\text{b}}$ : pub$-$ lic key of entity $x$;$H$ : a public

secure cryptographic hash function such as SHA$-1$;$PRN{G}_s$ : a binary stream from a pseudo$-$

random number generator seeded with $s$; II: simple concatenation; and $M$ : the message. For

each of the following protocols, use C$,$ I, A$,$ and$/$or NR to represent the service$($s$)$ a protocol

provides. If a protocol can not provide any service, use "None".

$($a$)$ Sgeneratesarandomsessionkeys andsends $E_{S_{\text{p}\text{u}\text{b}}}(s_k)||E_{R_{\text{p}\text{u}\text{b}}}(s_k)||(Mo+PRN{G}_{s_k})$ to $R.$

$($b$)S$ sends $y=E_{k_1}(x||H(k_2||x))$ to $R.$

$($c$)S$ sendsy$==E_{R_{\text{p}\text{u}\text{b}}}(x||SI{G}_{S_{\text{p}\text{v}\text{i}}}(H(x)))$ to $R.$

$($d$)S$ generates a new symmetric key $s_k$ and sends

$y=E_{S_{\text{p}\text{u}\text{b}}}(s_k)||E_{R_{\text{p}\text{u}\text{b}}}(s_k)||SI{G}_{S_{\text{p}\text{w}\text{i}}}(s_k)||E_{s_k}(x)$ to $R.$