University of Melbourne · FACULTY OF COMPUTER SCIENCE

COMP30023 · Computer Systems

- one subject, every graph, every model, every mark
Computer Science14 Chapters8-page Bible
Our own words - no uploaded lecturer files
Updated for this semester
Chapter 6 of 13 · COMP30023

Cryptography and Secure Communication

Week 5 is the security bridge between the two halves: symmetric versus asymmetric encryption, cryptographic hashes and digital signatures, and how certificates and a public-key infrastructure defeat a man-in-the-middle attack (TLS itself is flagged non-examinable). Describing the MITM key-substitution attack and how certificates stop it, and stating what a digital signature does and does not provide, are flagship exam questions.

In this chapter

What this chapter covers

  • 01The three goals: confidentiality, integrity and authentication; Kerckhoffs' principle (secrecy in the key, not the algorithm)
  • 02Symmetric encryption (one shared key, fast, e.g. AES) vs asymmetric/public-key (key pair, e.g. RSA, slow) and hybrid encryption
  • 03Cryptographic hash functions: fixed-length digest, collision resistance and one-way (pre-image) resistance
  • 04Message integrity: MAC (shared secret, integrity only) vs digital signature (private-key sign, public-key verify)
  • 05What a digital signature provides: integrity and non-repudiation — but not confidentiality
  • 06Authenticated encryption: encrypt-then-MAC gives confidentiality AND integrity with two keys
  • 07The man-in-the-middle problem on unauthenticated key exchange and why it works
  • 08Digital certificates and Certificate Authorities: signing the (identity, public key) binding; root certificates and the chain of trust
Worked example · free

A man-in-the-middle attack on an unauthenticated key exchange

Q [5 marks]. Alice wants to talk securely to Bob and starts by sending her public key in the clear so they can set up a shared symmetric key. Mallory sits on the wire and can read, delete and inject messages. Describe how Mallory can read everything without either party noticing, and state the fix. (5 marks)
  • +1Alice sends 'here is my public key K_A_pub' toward Bob. Mallory intercepts it and instead forwards her own public key K_M_pub to Bob, so Bob now believes K_M_pub belongs to Alice.
  • +1Bob generates a symmetric session key K_s and encrypts it under what he thinks is Alice's public key (actually K_M_pub), then sends it. Mallory intercepts the message and decrypts K_s with her own private key — she now holds the session key.
  • +1Mallory re-encrypts K_s under Alice's real public key K_A_pub and forwards it to Alice. Alice decrypts it with her private key and recovers K_s. Alice and Bob now share K_s — but so does Mallory.
  • +1Every subsequent payload is encrypted under K_s. Mallory intercepts each one, decrypts and reads it (and may silently alter it), then re-encrypts and forwards it, so both endpoints see a working, apparently secure channel while Mallory eavesdrops transparently.
  • +1The root cause is that the initial public key was sent without authentication — nothing bound the key to Bob's or Alice's identity. The fix is a digital certificate: a trusted Certificate Authority signs the binding (identity, public key), so Alice can verify with the CA's public key that a key really belongs to Bob and reject Mallory's substituted key.
Mallory swaps her own public key for Alice's when it crosses the wire, so Bob encrypts the session key K_s to Mallory; Mallory decrypts K_s, re-encrypts it under Alice's real key, and relays it — now all three share K_s and Mallory transparently reads/alters every message. It works because the public key was sent unauthenticated. Certificates (a CA signing the identity-to-key binding) fix it by letting each side verify the other's key really belongs to them.
Sia tip — State the root cause explicitly — 'the key was exchanged without authentication' — because that sentence is where the marks and the fix meet. Track which key is used at each encrypt/decrypt step so the relay is unambiguous. Ask Sia to re-run the attack with different party names and check that your certificate-based fix actually blocks Mallory's substitution.
Glossary

Key terms

Symmetric vs asymmetric encryption
Symmetric uses one shared secret key to encrypt and decrypt (fast, e.g. AES) but needs a secure way to exchange the key. Asymmetric (public-key) uses a key pair — encrypt with the public key, decrypt with the private key (e.g. RSA) — solving key distribution but far slower, so it is used to exchange a symmetric session key (hybrid encryption).
Cryptographic hash function
A function producing a fixed-length digest from arbitrary input, with collision resistance (hard to find two inputs with the same digest) and one-wayness (hard to invert). Used inside MACs and signatures. Examples: SHA-2, SHA-3.
Message Authentication Code (MAC)
A tag computed over a message with a shared secret key that lets the receiver detect tampering. It gives integrity but not confidentiality (the message travels in plaintext) and not non-repudiation (both parties share the key).
Digital signature
A tag produced by signing a message (or its hash) with a private key and verified with the matching public key. It provides integrity and non-repudiation (only the key owner could have signed) but not confidentiality, since the message itself is not encrypted.
Man-in-the-middle (MITM) attack
An attacker intercepts an unauthenticated public-key exchange, substitutes their own key, and relays messages so both endpoints share a key the attacker also holds — enabling transparent eavesdropping and tampering. It is defeated by authenticating the public key via certificates.
Digital certificate / Certificate Authority (CA)
A certificate is a CA's signature over the binding (identity, public key), so anyone trusting the CA's public key can verify the key belongs to the named party. Root certificates are self-signed and pre-loaded in the OS/browser, forming a chain of trust.
FAQ

Cryptography and Secure Communication FAQ

What is the difference between symmetric and asymmetric encryption?

Symmetric encryption uses a single shared secret key for both encryption and decryption; it is fast and good for bulk data, but the parties must first exchange the key securely, and it scales as N(N−1)/2 keys for N users. Asymmetric (public-key) encryption gives each party a public/private key pair — you encrypt with the recipient's public key and only their private key decrypts — which removes the key-exchange problem and scales as 2N keys, but it is far slower. Real systems use hybrid encryption: asymmetric to exchange a symmetric session key, then symmetric for the payload.

What does a digital signature guarantee, and what does it not?

Signing a message with your private key provides integrity (any change makes verification fail) and non-repudiation (only you hold the signing key, so a valid signature under your public key proves you signed it). It does not provide confidentiality, because the message itself is sent in plaintext — anyone can read it, they simply cannot alter it undetected. A MAC also gives integrity but not non-repudiation, because both parties share the key.

How does a certificate stop a man-in-the-middle attack?

The MITM attack works because a public key sent in the clear is not tied to an identity, so an attacker can substitute their own key. A certificate is a trusted Certificate Authority's signature over the binding (identity, public key). When Bob presents a CA-signed certificate, Alice verifies the CA's signature with the CA's public key, confirming the key really belongs to Bob. Any key the attacker substitutes will not carry a valid CA signature for Bob's identity, so Alice rejects it.

Why do we trust a Certificate Authority's public key?

Because a chain of trust anchors at root certificates that are self-signed and shipped pre-loaded with your operating system and browser. You verify Bob's certificate with an intermediate CA's key, the intermediate's certificate with the root CA's key, and you trust the root because it came from a trusted source built into your system. If the CA's key were not trusted, an attacker could forge a certificate binding their own key to Bob's name.

Can AI help me with the cryptography topic in COMP30023?

Yes, as a study aid. Sia can walk through the man-in-the-middle attack and the certificate fix, explain encrypt-then-MAC versus encrypt-and-MAC, or contrast a MAC with a digital signature step by step, checking your reasoning. Note TLS itself is flagged non-examinable in this subject. Sia helps you understand the method and rehearse; it does not do your graded MST, exam, quizzes or projects, and University of Melbourne academic-integrity rules apply.

Study strategy

Exam move

Cryptography is Week 5, so it falls in both the operating-systems-half mid-semester test and the final exam, and it is heavy on precise conceptual answers rather than arithmetic. Build a two-column symmetric-vs-asymmetric comparison (key model, speed, key-distribution problem, scaling N(N−1)/2 vs 2N) and be able to state the hybrid-encryption punchline. Rehearse the flagship man-in-the-middle trace as a numbered step list naming the key used at each encrypt/decrypt, ending with the root cause (unauthenticated key) and the certificate/CA fix. Memorise what each primitive provides — encryption = confidentiality, hash = fixed digest, MAC = integrity (shared key), signature = integrity + non-repudiation, encrypt-then-MAC = both — and remember that TLS is flagged non-examinable so you can down-weight it. Practise these as boxed short answers; confirm the MST and exam dates on Canvas, and note steady work here protects your WAM.

Working through Cryptography and Secure Communication in COMP30023? Sia is AskSia’s AI Computer Science tutor — ask any COMP30023 Cryptography and Secure Communication question and get a clear, step-by-step explanation grounded in how COMP30023 is taught and assessed. Read this chapter free, then take your hardest questions to Sia.

A+Everything unlocked
Unlocks this Bible + all 14 of your University of Melbourne subjects - and 1,000+ Bibles across every Australian university.
Sia - your COMP30023 tutor, unlimited, worked the way the exam marks it
The full 8-page Bible + practice bank with worked solutions
Chrome extension - sync your LMS so Sia knows your deadlines
Bilingual EN / Chinese on every Bible and every Sia answer
$25/ month
30-day money-back · cancel in one tap · how it works
Unlock the full COMP30023 Bible + 14 University of Melbourne subjects解锁完整 COMP30023 Bible + University of Melbourne 14 门科目
$25/mo