LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

Beyond secrecy, what three security requirements might a system need, and why is encryption said to stop only one of eight attacks?

The three requirements are confidentiality (secrecy), data authenticity (integrity + proof of origin), and user authenticity (proving who you're talking to). In the classic Alice–Eve–Bob model there are eight distinct attacks, and encryption defeats only one of them — eavesdropping.

Three participants and the eight attacks, grouped by who mounts them

* Eve mounts six wire attacks; the two repudiation attacks come from Alice and Bob themselves. *

Real applications need different mixes of the three:

Application Confidentiality Data auth. User auth.
Pay-TV access
Traffic-light control
ATM cash withdrawal
Remote-controlling a drone (maybe)
Uploading a race GPS track

The eight attacks in the sender→network→receiver picture are: eavesdropping, modification, insertion, replay, deletion, masquerade, repudiation of origin, and repudiation of receipt. Encryption addresses only the first — a sobering reminder that it is neither the only nor the most important mechanism.

The subtle point everyone misses: Eve on the wire is not the only threat. The two repudiation attacks come from the legitimate parties themselves — the sender denying they sent a message (origin) and the receiver denying they got it (receipt) — and an insider like Alice could mount most of the others too. This is why non-repudiation (via digital signatures) exists at all, and why the trend is that user authentication keeps growing in importance (cars, IoT, access control) rather than raw encryption.

Go deeper:

From Quiz: KRYPTOG / Key Sizes and Conclusion | Updated: Jul 14, 2026