Quiz Entry - updated: 2026.07.14
In the classic Alice/Bob/Eve attacker model, what more than passive eavesdropping could Eve attempt?
Modify messages, inject forged messages, replay an old message later, delete messages entirely, or impersonate Alice or Bob.
The point of listing these is that "confidentiality" alone isn't enough — a system has to defend against an active adversary too.
| Threat | Defense category |
|---|---|
| Eavesdropping | Confidentiality (encryption) |
| Modification | Integrity (MAC, signature) |
| Forgery / injection of fake message | Authenticity (MAC, signature) |
| Replay (capture & resend later) | Freshness (nonces, timestamps, sequence numbers) |
| Deletion / suppression | Availability (out of scope of pure crypto) |
| Impersonation | Authentication (passwords, certs, challenge-response) |
Tip: Modern protocols like TLS 1.3 are designed to handle all of the active threats at once. Old-fashioned "just encrypt the channel" misses every threat except eavesdropping. CIA triad (Confidentiality, Integrity, Availability) plus Authenticity is the framing most courses use.