Part 3: RFID with exclusive or Consider the following simple protocol intended to allow an RFID reader to authenticate an RFID tag. The protocol assumes that the tag can store a 32-bit secret key 's', shared with the reader, perform XOR operations, and receive and transmit 32-bit values. The reader generates a random 32-bit challenge 'x' and transmits y = X s to the tag. The tag computes z = ys and sends it to the reader. The reader authenticates the tag if z-x. Q3.1 Show that a passive eavesdropper that observes a single execution of the protocol can recover key s and impersonate the tag. Demonstrate this by recovering the key s from y 0x3344ffac and z0x1100ddod. Now consider the following variation of the protocol. The reader and the tag share two different secret keys: si and s2. The reader sends to the tag a challenge yx s, and the tag responds with z = x s2 after recovering x = yS1. Q3.2 Can a passive eavesdropper learn the secret keys from observing a single execution of the protocol? Q3.3 Does the answer change if the attacker can observe multiple executions of the protocol? Briefly justify all your answers. Note: "" denotes a bitwise XOR of two binary numbers. For two bits bi and b2, we have XOR(bi,b2) O if bi b2 and XOR(bi,b2) - 1 if b b2. Part 3: RFID with exclusive or Consider the following simple protocol intended to allow an RFID reader to authenticate an RFID tag. The protocol assumes that the tag can store a 32-bit secret key 's', shared with the reader, perform XOR operations, and receive and transmit 32-bit values. The reader generates a random 32-bit challenge 'x' and transmits y = X s to the tag. The tag computes z = ys and sends it to the reader. The reader authenticates the tag if z-x. Q3.1 Show that a passive eavesdropper that observes a single execution of the protocol can recover key s and impersonate the tag. Demonstrate this by recovering the key s from y 0x3344ffac and z0x1100ddod. Now consider the following variation of the protocol. The reader and the tag share two different secret keys: si and s2. The reader sends to the tag a challenge yx s, and the tag responds with z = x s2 after recovering x = yS1. Q3.2 Can a passive eavesdropper learn the secret keys from observing a single execution of the protocol? Q3.3 Does the answer change if the attacker can observe multiple executions of the protocol? Briefly justify all your answers. Note: "" denotes a bitwise XOR of two binary numbers. For two bits bi and b2, we have XOR(bi,b2) O if bi b2 and XOR(bi,b2) - 1 if b b2