LOGBOOK

HELP

Quiz Entry - updated: 2026.03.01

Why is encryption alone insufficient for protecting traffic light control systems or car remote keys?

Because an attacker can capture and replay an encrypted command without knowing its content — you need authentication, not just secrecy.

This is the classic replay attack problem:

Traffic light example:

  • Even if the control signal is encrypted, an attacker can record the encrypted "switch to green" command
  • They can replay it later without ever decrypting it
  • Encryption provides no protection here — you need authentication to verify the command is fresh and from a legitimate source

Car keyless entry example:

  • Keyless systems send low-frequency signals that can be intercepted
  • A relay attack extends the signal range — one thief stands near the car, another near the key owner
  • Simply encrypting the signal doesn't help; you need mutual authentication (challenge-response) before the car executes any command

The lesson: Always analyze which security property you actually need. Encryption (confidentiality) protects content. Authentication protects against impersonation and replay. Many systems mistakenly use only encryption when they really need authentication — or both.

From Quiz: KRYPTOG / Introduction to Cryptology | Updated: Mar 01, 2026