Otway–Rees
The Otway–Rees protocol[1] is a computer network authentication protocol designed for use on insecure networks (e.g. the Internet). It allows individuals communicating over such a network to prove their identity to each other while also preventing eavesdropping or replay attacks and allowing for the detection of modification.
This article needs additional citations for verification. (January 2021) |
The protocol can be specified as follows in security protocol notation, where Alice is authenticating herself to Bob using a server S (M is a session-identifier, NA and NB are nonces):
Note: The above steps do not authenticate B to A.
This is one of the protocols analysed by Burrows, Abadi and Needham in the paper[2] that introduced an early version of Burrows–Abadi–Needham logic.[3]