Kerberos is a well-known network authentication mechanism. Based upon Kerberos' model, Sun and Yeh proposed three user authentication and key establishment (UAKE) protocols with perfect forward secrecy (PFS). However, due to the use of public-key cryptosystem to implement UAKE, their protocols are not suitable for mobile devices, which have computational, power and storage constraints. Therefore, in this paper, we propose three UAKE protocols with PFS that are efficient and practical for mobile devices. And because our protocols are based on one-way hash functions and exclusive-or (XOR) operations, the computation loads and the power requirements are less than those in Sun and Yeh's protocols.