Otway–Rees protocol

Otway–Rees protocol

The Otway–Rees protocol is a computer network authentication protocol designed for use on insecure networks (eg. the Internet). It allows individuals communicating over such a network to prove their identity to each other while also preventing eavesdropping or replay attacks and allowing for the detection of modification.

The protocol can be specified as follows in security protocol notation, where Alice is authenticating herself to Bob using a server S (M is a session-identifier, NA and NB are nonces):

  1. A \rightarrow B: M,A,B,\{N_A,M,A,B\}_{K_{AS}}
  2. B \rightarrow S: M,A,B,\{N_A,M,A,B\}_{K_{AS}},\{N_B, M,A,B\}_{K_{BS}}
  3. S \rightarrow B: M,\{N_A,K_{AB}\}_{K_{AS}},\{N_B,K_{AB}\}_{K_{BS}}
  4. B \rightarrow A: M,\{N_A,K_{AB}\}_{K_{AS}}

Note: The above steps do not authenticate B to A.

Attacks on the protocol

There are a variety of attacks on this protocol currently published.

One problem with this protocol is that a malicious intruder can arrange for A and B to end up with different keys. Here is how: after A and B execute the first three messages, B has received the key KAB. The intruder then intercepts the fourth message. He resends message 2, which results in S generating a new key K'AB, subsequently sent to B. The intruder intercepts this message too, but sends to A the part of it that B would have sent to A. So now A has finally received the expected fourth message, but with K'AB instead of KAB.

Another problem is that although the server tells B that A used a nonce, B doesn't know if this was a replay of an old message. Specifically, an intruder could discover an older nonce. The older nonce could be reused to authenticate against B.

See also


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Otway-Rees protocol — The Otway Rees protocol is a computer network authentication protocol designed for use on insecure networks (eg. the Internet). It allows individuals communicating over such a network to prove their identity to each other while also preventing… …   Wikipedia

  • Otway — may refer to: People John Otway (b. 1952), British singer, songwriter, and humorist Arthur John Otway (1822–1891), Member of Parliament Robert Otway (1770 1846), British admiral Thomas Otway (1652 1685), English dramatist Lee Otway, British… …   Wikipedia

  • Rees — is a Welsh name that traces back to the ancient Celts known as the Britons. The surname was first recorded in Carmarthenshire, and is derived from the personal name Rhys.It may refer to one of these people:* Abraham Rees (1743 ndash;1825),… …   Wikipedia

  • Needham–Schroeder protocol — The term Needham–Schroeder protocol can refer to one of two communication protocols intended for use over an insecure network, both proposed by Roger Needham and Michael Schroeder.[1] These are: The Needham–Schroeder Symmetric Key Protocol is… …   Wikipedia

  • Neuman–Stubblebine protocol — The Neuman–Stubblebine protocol is a computer network authentication protocol designed for use on insecure networks (e.g., the Internet). It allows individuals communicating over such a network to prove their identity to each other. This protocol …   Wikipedia

  • Needham-Schroeder protocol — The term Needham Schroeder protocol can refer to one of two communication protocols intended for use over an insecure network, both proposed by Roger Needham and Michael Schroeder.Citation | last1=Needham | first1=Roger | last2=Schroeder | first2 …   Wikipedia

  • Wide Mouth Frog protocol — The Wide Mouth Frog protocol is a computer network authentication protocol designed for use on insecure networks (the Internet for example). It allows individuals communicating over a network to prove their identity to each other while also… …   Wikipedia

  • Challenge-response authentication — For the spam filtering technique, see Challenge response spam filtering. For other uses, see CRAM (disambiguation). In computer security, challenge response authentication is a family of protocols in which one party presents a question (… …   Wikipedia

  • Topics in cryptography — This article is intended to be an analytic glossary , or alternatively, an organized collection of annotated pointers.Classical ciphers*Autokey cipher *Permutation cipher*Polyalphabetic substitution **Vigenère cipher*Polygraphic substitution… …   Wikipedia

  • Needham-Schroeder-Protokoll — Das Needham Schroeder Protokoll ist ein Protokoll für sicheren Datenaustausch in einem dezentralen Netzwerk. Es vereint Schlüsselaustausch und Authentifikation mit dem Ziel, eine sichere Kommunikation zwischen zwei Parteien in einem dezentralen… …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”