Key exchange protocol is fundamental for establishing secure communication channels over public networks. Password-based key exchange protocols allow parties to share secret key in an authentic manner based on an easily memorizable password. Recently, a passwordbased group key agreement based on Joux';s tripartite key agreement is proposed to improve the performance when users join or leave the group. In this paper, we employ an online dictionary attack on this protocol to show that such kind of modification cannot achieve the basic security of password based group key agreement. With this method, an adversary can test several passwords in one session, which leads the key space reduces greatly to the potential adversaries. To fill the gaps, we propose an improved protocol, which can avoid this attack. Finally, we prove the security of our protocol under the random oracle and ideal cipher model.

• 出版日期2012