COMP30023 · Computer Systems
Cryptography and Secure Communication
Week 5 is the security bridge between the two halves: symmetric versus asymmetric encryption, cryptographic hashes and digital signatures, and how certificates and a public-key infrastructure defeat a man-in-the-middle attack (TLS itself is flagged non-examinable). Describing the MITM key-substitution attack and how certificates stop it, and stating what a digital signature does and does not provide, are flagship exam questions.
What this chapter covers
- 01The three goals: confidentiality, integrity and authentication; Kerckhoffs' principle (secrecy in the key, not the algorithm)
- 02Symmetric encryption (one shared key, fast, e.g. AES) vs asymmetric/public-key (key pair, e.g. RSA, slow) and hybrid encryption
- 03Cryptographic hash functions: fixed-length digest, collision resistance and one-way (pre-image) resistance
- 04Message integrity: MAC (shared secret, integrity only) vs digital signature (private-key sign, public-key verify)
- 05What a digital signature provides: integrity and non-repudiation — but not confidentiality
- 06Authenticated encryption: encrypt-then-MAC gives confidentiality AND integrity with two keys
- 07The man-in-the-middle problem on unauthenticated key exchange and why it works
- 08Digital certificates and Certificate Authorities: signing the (identity, public key) binding; root certificates and the chain of trust
A man-in-the-middle attack on an unauthenticated key exchange
- +1Alice sends 'here is my public key K_A_pub' toward Bob. Mallory intercepts it and instead forwards her own public key K_M_pub to Bob, so Bob now believes K_M_pub belongs to Alice.
- +1Bob generates a symmetric session key K_s and encrypts it under what he thinks is Alice's public key (actually K_M_pub), then sends it. Mallory intercepts the message and decrypts K_s with her own private key — she now holds the session key.
- +1Mallory re-encrypts K_s under Alice's real public key K_A_pub and forwards it to Alice. Alice decrypts it with her private key and recovers K_s. Alice and Bob now share K_s — but so does Mallory.
- +1Every subsequent payload is encrypted under K_s. Mallory intercepts each one, decrypts and reads it (and may silently alter it), then re-encrypts and forwards it, so both endpoints see a working, apparently secure channel while Mallory eavesdrops transparently.
- +1The root cause is that the initial public key was sent without authentication — nothing bound the key to Bob's or Alice's identity. The fix is a digital certificate: a trusted Certificate Authority signs the binding (identity, public key), so Alice can verify with the CA's public key that a key really belongs to Bob and reject Mallory's substituted key.
Key terms
- Symmetric vs asymmetric encryption
- Symmetric uses one shared secret key to encrypt and decrypt (fast, e.g. AES) but needs a secure way to exchange the key. Asymmetric (public-key) uses a key pair — encrypt with the public key, decrypt with the private key (e.g. RSA) — solving key distribution but far slower, so it is used to exchange a symmetric session key (hybrid encryption).
- Cryptographic hash function
- A function producing a fixed-length digest from arbitrary input, with collision resistance (hard to find two inputs with the same digest) and one-wayness (hard to invert). Used inside MACs and signatures. Examples: SHA-2, SHA-3.
- Message Authentication Code (MAC)
- A tag computed over a message with a shared secret key that lets the receiver detect tampering. It gives integrity but not confidentiality (the message travels in plaintext) and not non-repudiation (both parties share the key).
- Digital signature
- A tag produced by signing a message (or its hash) with a private key and verified with the matching public key. It provides integrity and non-repudiation (only the key owner could have signed) but not confidentiality, since the message itself is not encrypted.
- Man-in-the-middle (MITM) attack
- An attacker intercepts an unauthenticated public-key exchange, substitutes their own key, and relays messages so both endpoints share a key the attacker also holds — enabling transparent eavesdropping and tampering. It is defeated by authenticating the public key via certificates.
- Digital certificate / Certificate Authority (CA)
- A certificate is a CA's signature over the binding (identity, public key), so anyone trusting the CA's public key can verify the key belongs to the named party. Root certificates are self-signed and pre-loaded in the OS/browser, forming a chain of trust.
Cryptography and Secure Communication FAQ
What is the difference between symmetric and asymmetric encryption?
Symmetric encryption uses a single shared secret key for both encryption and decryption; it is fast and good for bulk data, but the parties must first exchange the key securely, and it scales as N(N−1)/2 keys for N users. Asymmetric (public-key) encryption gives each party a public/private key pair — you encrypt with the recipient's public key and only their private key decrypts — which removes the key-exchange problem and scales as 2N keys, but it is far slower. Real systems use hybrid encryption: asymmetric to exchange a symmetric session key, then symmetric for the payload.
What does a digital signature guarantee, and what does it not?
Signing a message with your private key provides integrity (any change makes verification fail) and non-repudiation (only you hold the signing key, so a valid signature under your public key proves you signed it). It does not provide confidentiality, because the message itself is sent in plaintext — anyone can read it, they simply cannot alter it undetected. A MAC also gives integrity but not non-repudiation, because both parties share the key.
How does a certificate stop a man-in-the-middle attack?
The MITM attack works because a public key sent in the clear is not tied to an identity, so an attacker can substitute their own key. A certificate is a trusted Certificate Authority's signature over the binding (identity, public key). When Bob presents a CA-signed certificate, Alice verifies the CA's signature with the CA's public key, confirming the key really belongs to Bob. Any key the attacker substitutes will not carry a valid CA signature for Bob's identity, so Alice rejects it.
Why do we trust a Certificate Authority's public key?
Because a chain of trust anchors at root certificates that are self-signed and shipped pre-loaded with your operating system and browser. You verify Bob's certificate with an intermediate CA's key, the intermediate's certificate with the root CA's key, and you trust the root because it came from a trusted source built into your system. If the CA's key were not trusted, an attacker could forge a certificate binding their own key to Bob's name.
Can AI help me with the cryptography topic in COMP30023?
Yes, as a study aid. Sia can walk through the man-in-the-middle attack and the certificate fix, explain encrypt-then-MAC versus encrypt-and-MAC, or contrast a MAC with a digital signature step by step, checking your reasoning. Note TLS itself is flagged non-examinable in this subject. Sia helps you understand the method and rehearse; it does not do your graded MST, exam, quizzes or projects, and University of Melbourne academic-integrity rules apply.
Exam move
Cryptography is Week 5, so it falls in both the operating-systems-half mid-semester test and the final exam, and it is heavy on precise conceptual answers rather than arithmetic. Build a two-column symmetric-vs-asymmetric comparison (key model, speed, key-distribution problem, scaling N(N−1)/2 vs 2N) and be able to state the hybrid-encryption punchline. Rehearse the flagship man-in-the-middle trace as a numbered step list naming the key used at each encrypt/decrypt, ending with the root cause (unauthenticated key) and the certificate/CA fix. Memorise what each primitive provides — encryption = confidentiality, hash = fixed digest, MAC = integrity (shared key), signature = integrity + non-repudiation, encrypt-then-MAC = both — and remember that TLS is flagged non-examinable so you can down-weight it. Practise these as boxed short answers; confirm the MST and exam dates on Canvas, and note steady work here protects your WAM.
Working through Cryptography and Secure Communication in COMP30023? Sia is AskSia’s AI Computer Science tutor — ask any COMP30023 Cryptography and Secure Communication question and get a clear, step-by-step explanation grounded in how COMP30023 is taught and assessed. Read this chapter free, then take your hardest questions to Sia.