@inproceedings{SUC10,
	Abstract = {We consider a new form of authenticated key exchange which we call \emph{multi-factor password-authenticated key exchange}, where session establishment depends on successful authentication of multiple short secrets that are complementary in nature, such as a long-term password and a one-time response, allowing the client and server to be mutually assured of each other's identity without directly disclosing private information to the other party.

Multi-factor authentication can provide an enhanced level of assurance in higher-security scenarios such as online banking, virtual private network access, and physical access because a multi-factor protocol is designed to remain secure even if all but one of the factors has been compromised.

We introduce a security model for multi-factor password-authenticated key exchange protocols, propose an efficient and secure protocol called $\MFPAK$, and provide a security argument to show that our protocol is secure in this model.  Our security model is an extension of the Bellare-Pointcheval-Rogaway security model for password-authenticated key exchange and accommodates an arbitrary number of symmetric and asymmetric authentication factors.},
	Author = {Douglas Stebila and Poornaprajna Udupi and Sheueling Chang},
	Booktitle = {Eighth Australasian Information Security Conference (AISC 2010)},
	Editor = {Colin Boyd and Willy Susilo},
	Keywords = {multi-factor authentication, passwords, key exchange, cryptographic protocols},
	Month = {January},
	Note = {Full version available as \cite{SUC10full}},
	Organization = {Australian Computer Society},
	Pages = {56--66},
	Series = {Conferences in Research and Practice in Information Technology},
	Title = {Multi-Factor Password-Authenticated Key Exchange},
	Url = {http://crpit.scm.uws.edu.au/abstracts/CRPITV105Stebila.html},
	Volume = {105},
	Year = {2010}}