Abdalla et al. proposed a gateway-oriented password-based authenticated key exchange (GPAKE) protocol among a client, a gateway, and an authentication server, where a password is only shared between the client and the authentication server. The goal of their scheme is to securely establish a session key between the client and the gateway by the help of the authentication server without revealing any information on the password to the gateway. Recently, Byun et al. showed that Abdalla et al.'s GPAKE is insecure against undetectable on-line password guessing attacks. They also proposed a modified version to overcome the attacks. In this letter, we point out that Byun et al.'s modified GPAKE protocol is still insecure against the same attacks. We then make a suggestion for improvement.

Hirose and Yoshida proposed an authenticated key agreement protocol based on the intractability of the Computational Diffie-Hellman problem. Recently, Hirose and Matsuura pointed out that Hirose and Yoshida's protocol is vulnerable to Denial-of-Service (DoS) attacks. And they proposed two key agreement protocols which are resistant to the DoS attacks. Their protocols are the first authenticated key agreement protocols resistant to both the storage exhaustion attack and the CPU exhaustion attack. In this paper we show that Hirose and Matsuura's DoS-resistant key agreement protocols and Hirose and Yoshida's key agreement protocol are vulnerable to impersonation attacks. We make suggestions for improvements.

Recently, Choi et al. proposed an ID-based authenticated group key agreement with bilinear maps. Subsequently, Zhang and Chen showed that the protocol does not provide authenticity as claimed by replaying transcripts of the past session. To prevent those replay attacks, they suggest adding a time parameter to the message being signed. However, despite of such a modification, we show that the protocol is still insecure against insider colluding attacks without replaying transcripts of the past session.

Johnston and Gemmell proposed an authenticated key exchange protocol based on the difficulty of the q-th root problem. They showed that it is provably secure against man-in-the-middle attacks. In this paper we show that the protocol is insecure against an unknown key-share attack and does not achieve forward secrecy.