Project Grant and Publications

(High tech crime, anti-money laundering and cryptographic key establishment protocols)

Project Grant

2006 UWS Seed Grants for Early Career Researchers (AUD$ 5,787)

• Project: Cryptographic Key Establishment: An Integrated Framework for Specification and Repair

Australian Institute of Criminology Publications

• Kim-Kwang Raymond Choo, Russell G Smith and Rob McCusker. Future directions in technology-enabled crime : 2007–2009. Research and public policy series  no. 78, Australian Institute of Criminology, Canberra, July 2007
     Citations by media / blog:
         -- by Ian Grayson / ZDNet.com.au 
       (Is the world ready to fight cybercrime? - 10 Jul 2008)
         -- by Jeimy J. Cano / Estéganos International Group 
       (Cibercrimen y ciberterrorismo- dos amenazas emergentes - 2008) 
         -- by Australian Financial Review 
       (Cyber cop wants in to your PC - 25 Mar 2008) 
         -- by Australia Security Magazine (March Issue) 
         (Action needed on cyber crime - Mar 2008)  
        -- by Future directions in technology-enabled crime: 2007–09 
         (METASECURITY: Security of Virtual Worlds Blog - Mar 2008) 
         -- by Australia Security Magazine (February Issue) 
         (Combating the $100 billion high-tech "black economy" - Feb 2008) 
         -- by Ninemsn 
       (Hackers turn to online merchants - 12 Feb 2008) 
        -- by Security Solutions magazine (Issue 50) 
         (As a matter of fact ... - Nov / Dec 2007) 
         -- by Royal Canadian Mounted Police (RCMP) Gazette magazine (Vol. 69, No. 3) 
         (Latest research in law enforcement - 22 Nov 2007)  
        -- by Australian IT 
         (Website pitch too good to be true - 23 Oct 2007)  
        -- by International Academy for Security Management 
         (The Hidden Dangers of Offshore Outsourcing - 7 Oct 2007)  
        -- by Bruce Arnold 
         (Identity crime (Presentation to Management of Serious Crime program, Australian Federal Police College) - 2 Oct 2007) 
       -- by Safeguarding Australia 
         (Newsletter [Technology-enabled crime] - 28 Sep 2007) 
        -- by Professional Security Magazine 
         (Technology misuse - 25 Sep 2007) 
        -- by Australian Financial Review 
         (Cybercrime bid to back the hackers - 24 Sep 2007)    
        -- by SPAMfighter 
         (Hackers Likely to Target Federal Government’s Access Cards - 18 Sep 2007)  
        -- by Policy Hub, UK 
         (Technology-enabled crime - 17 Sep 2007) 
        -- by eHealthRisk Blog 
         (Future Directions in Technology-Enabled Crime - 17 Sep 2007) 
        -- by Cyprus-Lawyers 
         (New crimes in a technology-enabled environment - 17 Sep 2007)
        -- by Forum of Incident Response and Security Teams (FIRST) 
         (Future directions in technology-enabled crime : 2007-09 - 11 Sep 2007) 
        -- by Civil Liberties Australia 
         (Crime tops the card as technology mushrooms - 10 Sep 2007)     
       -- by Office of the Inspector of Custodial Services, Western Australia 
         (What's news in corrections research and news - 6 Sep 2007)
        -- by Sydney Morning Herald 
         (Cyber crime will spread: study - 6 Sep 2007)
        -- by The Age 
         (Access card 'more secure than Medicare' - 6 Sep 2007)
        -- by ABC Online 
         (National access cards a target for hackers: report - 6 Sep 2007) 
        -- by CQ Extra 
         (New technology abetting new crimes: Australian Government - 6 Sep 2007)
        -- by Australian Health Information Technology 
         (It is a Dangerous World Out There! - 6 Sep 2007)  
        -- by RMAA - Records Management Association of Australasia 
         (Media Article - New crimes in a technology enabled environment - 6 Sep 2007)  
        -- by The Fifth Estate (InBrief) Media analysis by RMIT Journalism 
         (Online Security to Slip- 6 Sep 2007) 

• Gregor Urbas and Kim-Kwang Raymond Choo. Resource materials on technology-enabled crime. Technical and background paper series no. 28, Australian Institute of Criminology, Canberra, 2008

• Kim-Kwang Raymond Choo, Russell G Smith and Rob McCusker. The future of technology-enabled crime in Australia. Trends and Issues in Crime and Criminal Justice  no. 341: 1-6, Australian Institute of Criminology, Canberra, July 2007

Kim-Kwang Raymond Choo. Zombies and botnets. Trends and Issues in Crime and Criminal Justice  No. 333: 1-6, Australian Institute of Criminology, Canberra, March 2007

• Australian Institute of Criminology. Online child grooming laws. High Tech Crime Brief No. 17, April 2008. 
• Australian Institute of Criminology. The risk of criminal exploitation of online auctions. High Tech Crime Brief No. 15, June2007. 
• Australian Institute of Criminology. New methods of transferring value electronically. High Tech Crime Brief No. 14, March 2007.
     Media / blog report:
        -- by Australian Financial Review 
  (Credit card PINs to increase online fraud - 08 Oct 2007)  
        -- by Australian Financial Review 
  (Prepaid cards a gift to criminals: paper - 25 Sep 2007)   

• Australian Institute of Criminology. Acquiring high tech crime tools. High Tech Crime Brief No. 13, August 2006.
• Australian Institute of Criminology. High tech crime tools. High Tech Crime Brief No. 12, August 2006.

Ph.D. Thesis / 博士論文

Thesis Title: Key Establishment: Proofs and Refutations.
(http://adt.library.qut.edu.au/adt-qut/public/adt-QUT20060928.114022/)

Awarded the 2007 FIT Executive Dean’s outstanding thesis commendation

Thesis accepted for publication in Springer's "Advances in Information Security" Book series, volume 41, 2009

• Internal Examiners (Passed 02 February 2006)
  • Professor Colin Boyd -- Deputy Director of Information Security Institute [DBLP Entry]
  • Professor Colin Fidge -- School of Software Engineering and Data Communications [DBLP Entry]
  • Dr. Greg Maitland -- School of Software Engineering and Data Communications [DBLP Entry]
• External Examiners (Passed 26 April 2006 -- No Further Revisions / Modifications Required)
  • Dr. Feng Bao [DBLP Entry]
    Agency For Science, Technology And Research (A*STAR)/ Institute for Infocomm Research (I²R)- Singapore 
  • Professor David Pointcheval  [DBLP Entry]
    CNRS / École Normale Supérieure – Paris, France

Book Chapter (In preparation)

• Colin Boyd, Kim-Kwang Raymond Choo. Formal Models for Key Establishment. In Wenbo Mao and Markus Jakobsson, editors, Cryptographic Protocols, 2008 (In preparation)

Book Reviews

• Kim-Kwang Raymond Choo. Book review: "Handbook of database security: Applications and Trends". ACM Computing Reviews(Online 18 August 2008) 
• Kim-Kwang Raymond Choo. Book review: "Vulnerability analysis and defense for the Internet". ACM Computing Reviews (Online 15 July 2008) 
• Kim-Kwang Raymond Choo. Book review: "Introduction to modern cryptography". ACM Computing Reviews (Online 1 February 2008) 
• Kim-Kwang Raymond Choo. Book Review: "Privacy on the Line: The Politics of Wiretapping and Encryption, Updated and Expanded Edition". The Computer Journal, Oxford University Press (online first version available http://comjnl.oxfordjournals.org/cgi/reprint/bxn026)
• Kim-Kwang Raymond Choo. Book review: "Phishing and countermeasures: understanding the increasing problem of electronic identity theft". ACM Computing Reviews (Online 13 September 2007) 
• Kim-Kwang Raymond Choo. Book review: "Essential computer security: everyone’s guide to email, Internet, and wireless security". ACM Computing Reviews (Online 14 December 2007) 

Refereed Conference and Workshop Papers / 國際会议論文

• Kim-Kwang Raymond Choo and Russell G Smith. Criminal exploitation of online systems by organised crime groups. In Narayanan Ganapathy and Mark Craig, editors, Organised Crime in Asia: Governance and Accountability, (pp.  152 - 174), National University of Singapore, 28-29 June 2007 [Proceedings available fromQUT ePrints Archive]
• Raphael C.-W. Phan, Kim-Kwang Raymond Choo, Swee-Huay Heng. The Security of Leakage-Resilient Protocols for Key Establishment and Mutual Authentication. In Willy Susilo, Joseph K. Liu and Yi Mu, editors, International Conference on Provable Security 2007 (ProvSec 2007), Wollongong, Australia, Volume 4784 of Lecture Notes in Computer Science (pp. 169-177), Springer-Verlag, 31 October - 2 November 2007
  [Acceptance Rate = 17/51 = 33.33%]
• Sherman SM Chow, Kim-Kwang Raymond Choo. Strongly-Secure Identity-based Key Agreement and Anonymous Extension. In Juan Garay, editor, 10th Information Security Conference 2007 (ISC 2007), Valparaiso, Chile, Volume 4779 of Lecture Notes in Computer Science (pp. 203-220), Springer-Verlag, 9-12 October 2007
  [Acceptance Rate = 28/116 = 24.14%]
• Byoungcheon Lee, Kim-Kwang Raymond Choo, Jeongmo Yang and Seungjae Yoo. Secret Signatures: How to Achieve Business Privacy Efficiently?. In Sehun Kim, Moti Yung and Hyung-Woo Lee, editors, 8th International Workshop on Information Security Applications (WISA 2007), Jeju Island, Korea, Volume 4867 of Lecture Notes in Computer Science (pp. 30-47), Springer-Verlag, 27-29 August 2007 
  [Acceptance Rate = 27/95 = 28.42%]
• Kim-Kwang Raymond Choo. Refuting Security Proofs for Tripartite Key Exchange with Model Checker in Planning Problem Setting. In Joshua Guttman, editor, 19th IEEE Computer Security Foundations Workshop - CSFW 2006, (pp.  297 - 308), Venice, Italy, IEEE Computer Society Press, 5-7 July 2006
  [CITESEER Estimated impact and ranking = 1.96 in impact (3.11%) and 38th out of 1200 venues based on citation frequency]  
• Colin Boyd, Kim-Kwang Raymond Choo, Anish Mathuria. An Extension to Bellare and Rogaway (1993) Model: Resetting Compromised Long-Term Keys. In Lynn Batten and Rei Safavi-Naini, editors, 11th Australasian Conference on Information Security and Privacy - ACISP 2006 , Melbourne, Australia, Volume 4058/2006 of Lecture Notes in Computer Science (pp. 371 - 382), Springer-Verlag, 3-5 July 2006 [Full version http://eprints.qut.edu.au/archive/00004421/]
  [Acceptance Rate = 35/133 = 26.32%]  
• Qiang Tang, Kim-Kwang Raymond Choo. Secure Password-based Authenticated Group Key Agreement for Data-Sharing Peer-to-Peer Networks. In Jianying Zhou, Moti Yung, and Feng Bao, editors, 4th International Conference on Applied Cryptography and Network Security - ACNS 2006 , Singapore, Volume 3989/2006 of Lecture Notes in Computer Science (pp. 162 – 177), Springer-Verlag, 6-9 June 2006
  [Acceptance Rate = 33/218 = 15.14%]
• Jared Ring, Kim-Kwang Raymond Choo, Ernest Foo, Mark Looi. A New Authentication Mechanism and Key Agreement Protocol for SIP Using Identity-based Cryptography. In Andrew Clark, Mark McPherson and George Mohay, editors, AusCERT Asia Pacific Information Technology Security Conference (AusCERT2006): Refereed R&D Stream (pp. 57 – 72), Gold Coast, Australia, University of Queensland Publication, ISBN: 1-86499-853-9, 21 - 26 May 2006 [Paper available from http://www.isi.qut.com/events/auscert2006/proceedings/]
• Rong Du, Ernest Foo, Colin Boyd, Kim-Kwang Raymond Choo. Formal Analysis of Secure Contracting Protocol for E-Tendering. In Rei Safavi-Naini, Chris Steketee and Willy Susilo, editors, ACSW Frontiers 2006 - Fourth Australasian Information Security Workshop (AISW-NetSec 2006), Hobart, Australia, Volume 54 - ACSW Frontiers 2004 of the ACS Conferences in Research and Practice in Information Technology (CRPIT) series (pp. 155 - 164), Australian Computer Society, ISBN 1-920-68236-8, 16 - 19 Jan 2006
• Kim-Kwang Raymond Choo, Colin Boyd, Yvonne Hitchcock. Errors in Computational Complexity Proofs for Protocols. In Bimal Roy, editors, Advances in Cryptology - Asiacrypt 2005, Chennai, India, Volume 3788/2005 of Lecture Notes in Computer Science (pp. 624 - 643), Springer-Verlag, ISBN 3-540-30684-6, 4 - 8 Dec 2005 [Full version available from IACR Cryptology ePrint Archive: Report 2005/351 ]
  [Acceptance Rate = 37/237 = 15.61%]

  Note: Cited by the Japanese Government agency, Cryptography Research and Evaluation Committees (CRYPTREC) in their Cryptography Research and Evaluation Committees Report 2005 - Report of the Cryptographic Technique Monitoring Subcommittee. (Publication available for download from http://www.cryptrec.jp/english/report.html)

• Kim-Kwang Raymond Choo, Colin Boyd, Yvonne Hitchcock. Examining Indistinguishability-Based Proof Models for Key Establishment Protocols. In Bimal Roy, editors, Advances in Cryptology - Asiacrypt 2005, Chennai, India, Volume 3788/2005 of Lecture Notes in Computer Science (pp. 585 - 604), Springer-Verlag, ISBN 3-540-30684-6, 4 - 8 Dec 2005 [Full version available from IACR Cryptology ePrint Archive: Report 2005/270 ]
  [Acceptance Rate = 37/237 = 15.61%]
• Colin Boyd, Kim-Kwang Raymond Choo. [Invited Paper] Security of Two-Party Identity-Based Key Agreement. In Ed Dawson and Serge Vaudenay, editors, 1st International Conference on Cryptology in Malaysia - Mycrypt 2005, Kuala Lumpur, Malaysia, Volume 3715/2005 of Lecture Notes in Computer Science (pp. 229 - 243), Springer-Verlag, ISBN 3-540-28938-0, 28 Sep - 01 Oct 2005
• Kim-Kwang Raymond Choo, Colin Boyd, Yvonne Hitchcock. On Session Key Construction in Provably-Secure Key Establishment Protocols. In Ed Dawson and Serge Vaudenay, editors, 1st International Conference on Cryptology in Malaysia - Mycrypt 2005, Kuala Lumpur, Malaysia, Volume 3715/2005 of Lecture Notes in Computer Science (pp. 116 - 131) , Springer-Verlag, ISBN 3-540-28938-0, 28 Sep - 01 Oct 2005 [Pre-print available from IACR Cryptology ePrint Archive: Report 2005/206]
  [Acceptance Rate = 19/90 = 21.11%]

• Note: Proposed key derivation function method is recently cited by the special publication of NIST (Special Publication: SP 800-56A -- Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography), March 2006. (Publication available for download from http://csrc.nist.gov/publications/nistpubs/index.html)

• Kim-Kwang Raymond Choo, Yvonne Hitchcock. [Best Student Paper Award] Security Requirements for Key Establishment Proof Models: Revisiting Bellare--Rogaway and Jeong--Katz--Lee Protocols. In Colin Boyd and Juan Manuel Gonzalez Nieto, editors, 10th Australasian Conference on Information Security and Privacy - ACISP 2005, Brisbane, Australia, Volume 3574/2005 of Lecture Notes in Computer Science (pp. 429 - 442) , Springer-Verlag, ISBN 3-540-26547-3, 04 - 06 Jul 2005
  [Acceptance Rate = 45/185 = 24.32%]
  

  Note: The fixed 3PKD protocol was used by Agre, Chen, Refaei, Sonalker, Zhu, & Yuan (2005) in phase 2 of the Key Exchange in Distributed Mode in their SnowMesh proposal (to the IEEE 802.11, The Working Group Setting the Standards for Wireless LANs) (Available from http://www.ieee802.org/11/DocFiles/05/11-05-0596-00-000s-11-05-0596-00-000s-snowmesh-doc.doc and http://www.flacp.fujitsulabs.com/publications.php)

• Richard Au, Kim-Kwang Raymond Choo, Mark Looi. A Secure Anonymous Authorisation Architecture for E-commerce. IEEE International Conference on e-Technology, e-Commerce and e-Service - EEE 2005, Hong Kong, China, (pp. 106 - 111), IEEE Computer Society Press, ISBN: 0-7695-2073-1, 29 March - 1 Apr 2005
  [Acceptance Rate = 74/300 = 24.66%]
• Richard Au, Harikrishna Vasanta, Kim-Kwang Raymond Choo, Mark Looi. A User-Centric Anonymous Authorisation Framework in E-commerce Environment. In Marijn Janssen, Henk G. Sol, and René W. Wagenaar, editors, 6th International Conference on Electronic Commerce - ICEC 2004, Delft, The Netherlands, (pp. 138 - 147), ACM Press, ISBN: 1-58113-930-6, 25 - 27 Oct 2004
• Kim-Kwang Raymond Choo, Colin Boyd, Yvonne Hitchcock, Greg Maitland. On Session Identifiers in Provably Secure Protocols: The Bellare-Rogaway Three-Party Key Distribution Protocol Revisited. In Blundo Carlo and Stelvio Cimato, editors, 4th Conference on Security in Communication Networks - SCN 2004, Amalfi, Italy, Volume 3352/2005 of Lecture Notes in Computer Science (pp. 352 - 367), Springer-Verlag, ISBN: 3-540-24301-1, 8 - 10 Sep 2004 [Full version available from IACR Cryptology ePrint Archive: Report 2004/345]
  [Acceptance Rate = 25/79 = 31.64%]
• Kim-Kwang Raymond Choo, Colin Boyd, Yvonne Hitchcock, Greg Maitland. Complementing Computational Protocol Analysis with Formal Specifications. In Theo Dimitrakos and Fabio Martinelli, editors, IFIP TC1 WG1.7 2nd International Workshop on Formal Aspects in Security and Trust - FAST 2004, Toulouse, France, Volume 173/2005 of IFIP International Federation for Information Processing Series, Springer-Verlag (pp. 129 - 144) , ISBN: 0-387-24050-0, 26 - 27 Aug 2004

Refereed Journal Papers / 國際期刊論文

• Kim-Kwang Raymond Choo. Politically exposed persons (PEPs): risks and mitigation. Journal of Money Laundering Control, Emerald Publishing. (Accepted for publication)
• Kim-Kwang Raymond Choo. Prepaid – primed for crime. Money Laundering Bulletin issue 155: 9-13, July/August 2008
• Kim-Kwang Raymond Choo. Organised crime groups in cyberspace: a typology. Trends in Organized Crime, Springer New York. (Online first version: http://dx.doi.org/10.1007/s12117-008-9038-9)
• Kim-Kwang Raymond Choo. Money laundering and terrorism financing risks of prepaid cards instruments?. Asian Journal of Criminology, Springer Netherlands. (Online first version: http://www.springerlink.com/content/v527275173264134/)
• Kim-Kwang Raymond Choo and Russell G Smith. Criminal exploitation of online systems by organised crime groups. Asian Journal of Criminology, Vol. 3(1): 37--59, Springer Netherlands, June 2008.
• Kim-Kwang Raymond Choo. An Integrative Framework to Protocol Analysis and Repair: Bellare--Rogaway Model + Planning + Model Checker. INFORMATICA, Vol. 18(4): 547--568, IOS Press, December 2007. 
• Kim-Kwang Raymond Choo. A Proof of Revised Yahalom Protocol in the Bellare and Rogaway (1993) Model. The Computer Journal, Oxford University Press, 50(5): 591-601, September 2007
  Pre-print available from http://eprint.iacr.org/2007/188 [Awarded the "The Computer Journal Wilkes Award 2008"] 
• Kim-Kwang Raymond Choo. Refuting the Security Claims of Mathuria and Jain (2005) Key Agreement Protocols. International Journal of Network Security,Vol. 7(1): 15--24, July 2008.
• Kim-Kwang Raymond Choo. On the Security Analysis of Lee, Hwang, & Lee (2004) and Song & Kim (2000) Key Exchange / Agreement Protocols. INFORMATICA, Vol. 16(4): 467--480, IOS Press,  December 2006.
• Kim-Kwang Raymond Choo, Colin Boyd, Yvonne Hitchcock. The Importance of Proofs of Security for Key Establishment Protocols: Formal Analysis of Formal Analysis of Jan--Chen, Yang--Shen--Shieh, Kim--Huh--Hwang--Lee, Lin--Sun--Hwang, & Yeh--Sun Protocols. Journal of Computer Communications, Vol. 29(15): 2788--2797, Elsevier Publisher, September 2006. 
  

• Kim-Kwang Raymond Choo. On the (In)Security of Lee, Kim, Kim, & Oh (2005) Key Agreement Protocol. International Journal of Network Security,Vol. 3(1): 85--94, July 2006. 
• Kim-Kwang Raymond Choo. Issue Report on Business Adoption of Microsoft Passport. Information Management & Computer Security, Vol. 14(3): 218--234, Emerald Publisher, Jun 2006.

• Kim-Kwang Raymond Choo. Revisiting Lee, Kim, & Yoo (2005) Authenticated Key Agreement Protocol. International Journal of Network Security, Vol. 2(1): 64--68, Jan 2006.
• Kim-Kwang Raymond Choo. Revisit Of McCullagh--Barreto Two-Party ID-Based Authenticated Key Agreement Protocols. International Journal of Network Security, Vol. 1(3):  154--160, Nov 2005.