This is one of the questions that needs paraphrasing and the rest are on the file below:
4. Bob designed another new scheme to detect whether a message is modified by an attacker (protecting data
integrity). The scheme is to append to each message a SHA-256 hash of that message, then encrypt the whole appended message using AES with a known key to the public. Explain the vulnerability of Bobâ€™s design?
Bob designed a new scheme to detect whether a message is modified by an attacker. He used the scheme in which each message is appended to SHA-256 hash of that message and then encrypt the whole message using AES with known key which is known to the public.
There is a vulnerability in Bob Design, he append each message using SHA-256 which is very string algorithm but then he uses AES algorithm which is also a very strong algorithm but he uses public key to encrypt not the private key. AES algorithm have two keys: public and private key, the key which is known to everyone is called the public key and the key which is known between parties only the sender and receiver is called the private key. So, Bob is using the public key for encrypting the whole message, the public key is available to everyone. So, anyone who is having the public key can decrypt that message and read the message and can change the message as well. So, many dangerous attacks can happen like MITM (Man in the Middle) attack can happen in which the conversation between two person is taking place and attacker sites in the middle and can change the conversation taking place and many more.
So, Bob should use private key instead of public key so that only the sender and receiver could have the keys to encrypt and decrypt the messages.