Assume that A and B share a long-term 256-bit AES key K. Our key exchange protocol has two goals: (1) let A and B agree on a new fresh session key Ks to be used for a current session, and (2) perform mutual authentication. Nb is a nonce and Ks is a new session key generated by B. Assume that Ks and Nb are of the same bit-length and both are always chosen at random. EK(.) denotes AES encryption of everything inside () with key K. HMACK(.) denotes SHA2-based HMAC of everything inside () using key K. Protocol:
1.A −→ B: EK(A, B, "Hello")
2.B −→ A: EK(Ks, Nb, HMACK(A, B, "Hello"))
3.A −→ B: HMACK(Ks, Nb, 1)
What (if any) are the vulnerabilities of this protocol? If there are any, how can you fix them? For fix, you need to show modification of the protocol. Limit each answer (vulnerabilities and their fixes separately) to 10 lines

a  social news website  is an  internet  website  that features  user-posted stories. such stories are ranked based on popularity, as voted on by other users of the site or by website administrators. users typically comment online on the news posts and these comments may also be ranked in popularity. since their emergence with the birth of  web 2.0, social news sites have been used to link many types of information, including news, humor, support, and discussion. all such websites allow the users to submit content and each site differs in how the content is moderated. on the  slashdot  and  fark  websites,  administrators  decide which articles are selected for the front page. on  reddit  and  digg, the articles that get the most votes from the community of users will make it to the front page. many social news websites also feature an online comment system, where users discuss the issues raised in an article. some of these sites have also applied their voting system to the comments, so that the most popular comments are displayed first. some social news websites also have a  social networking  function, in that users can set up a user profile and follow other users' online activity on the website.