This letter points out some flaws in the previous works on UKS (unknown key
-share) attacks. We show that Blake-Wilson and Menezes' revised STS-MAC (St
ation-to-Station Message Authentication Code) protocol [4]. which was propo
sed to prevent UKS attack, is still vulnerable to a new UKS attack. Also. H
irose and Yoshida's key agreement protocol [8] presented at PKC'98 is shown
to be insecure against public key substitution UKS attacks. Finally, we di
scuss countermeasures for such UKS attacks.