Quiz Entry - updated: 2026.07.14
What is the difference between an insider and an outsider attacker in the classic crypto model?
An insider is a legitimate participant (Alice or Bob) who behaves dishonestly; an outsider (Eve) is a third party attacking the communication channel.
Outsider (Eve) can perform:
- Eavesdropping, Modifying, Inserting, Replaying, Deleting, Masquerade
Insider attacks — only a participant can do these:
- Alice can deny having sent a message (non-repudiation of origin)
- Bob can deny having received a message (non-repudiation of receipt)
This distinction matters because insider attacks require fundamentally different countermeasures. You can't protect against a dishonest sender with a symmetric shared secret — both parties know the key. This is exactly why digital signatures (asymmetric) exist: they provide non-repudiation that symmetric MACs cannot.
Go deeper:
Non-repudiation — why a dishonest insider needs signatures, not a shared secret.