Exercise 2. [12 points] Consider the following public-key protocol for two entities A and B. The protocol assumes that A and B know each other's public key Ka and KB, respectively. The protocol aims to establish a shared secret key between A and B. 1. A chooses a nonce Na and encrypts (Na.A) with the public key KB of B, where A is the identifier of A. The ciphertext Ci is sent to B. 2. B uses its private key S, to decrypt the received ciphertext G, and obtains N. Also, B is 3. A uses its private key SA to decrypt the received ciphertext C2, and obtains N. Also, A 4. A and B each computes k-XOR(Na, N), which is used as the shared secret key. They chooses a nonce N, and encrypts (Na,N) with the public key KA of A. The ciphertext C sent to A. encrypts N, with the public key KB of B, and sends the ciphertext C3 toB. encrypt their communications with k in a symmetric key encryption scheme.) Please answer the following questions. 1. 13 points] What is the purpose of ciphertext C in the third step of the protocol? 2. 15 points] The protocol presented above has a security vulnerability that is similar to a man- in-the-middle attack. The protocol allows a third party P to impersonate A to communicate with B. Thus, at the end of the attack, B thinks that he is talking to A, but he is actually talking to F. sc This can happen when A tries to communicate with P (for some legitimate request) as fol- lows. A chooses a nonce Na and encrypts (Na A) with the public key Kp of P. P then impersonates A to start the above protocol with B. Please describe the rest of the attack by showing step-by-step the messages exchanged among A, B and the attacker P. We assume that the public key of anyone is known to the public. The attacker P has the following capabilities: eavesdropping on the communication channel and intercepting ciphertext, participating in the protocol (initiating and carrying out communications), and sending messages with forged IP source address for impersonation 3. 15 points] How would you change the second step of the protocol to fix the