Quiz Entry - updated: 2026.03.01
Why is encryption alone insufficient for protecting traffic light control systems or car remote keys?
Because an attacker can capture and replay an encrypted command without knowing its content — you need authentication, not just secrecy.
This is the classic replay attack problem:
Traffic light example:
- Even if the control signal is encrypted, an attacker can record the encrypted "switch to green" command
- They can replay it later without ever decrypting it
- Encryption provides no protection here — you need authentication to verify the command is fresh and from a legitimate source
Car keyless entry example:
- Keyless systems send low-frequency signals that can be intercepted
- A relay attack extends the signal range — one thief stands near the car, another near the key owner
- Simply encrypting the signal doesn't help; you need mutual authentication (challenge-response) before the car executes any command
The lesson: Always analyze which security property you actually need. Encryption (confidentiality) protects content. Authentication protects against impersonation and replay. Many systems mistakenly use only encryption when they really need authentication — or both.