For wisdom will enter your heart, and knowledge will be pleasant to your soul.

Yingjiu Li

Li, Yingjiu

Associate Professor of Information Systems

School of Information Systems (SIS)

Singapore Management University (SMU)

Room 80 04 049
80 Stamford Road
Singapore 178902







My research interests: RFID Security and Privacy, Mobile and System Security, Applied Cryptography and Cloud Security, Data Application Security and Privacy

Research Publications

Research Projects

Professional Services

Teaching Courses

Curriculum Vitae

Research Assistants

Academia Ancestors

Photos and Links


Announcements and highlights:


1.      Position Openings for Research Engineers, Postdocs, and PhD Students. [details]


2.      “Hack-Proofing Our Devices” in ACM TechNews December 28, 2016 edition. [headlines, full article, snapshot on 1Jan17]


3.      “Permission based Android security: Issues and countermeasures” in Quora as must read (top 30) in cybersecurity. [link, snapshot on 1Jan17]


4.      Recent Book Authored (Springer 2015)

·         Yingjiu Li, Qiang Yan, Robert H. Deng: Leakage Resilient Password Systems. 64 pages, ISBN 978-3-319-17502-7, Springer Briefs in Computer Science, Springer, April 2015. [buy this book at Springer]


5.      Recent Book Authored (Morgan & Claypool 2013)

·         Yingjiu Li, Robert H. Deng, Elisa Bertino: RFID Security and Privacy. 158 pages, ISBN-13: 978-1627053259, Synthesis Lectures on Information Security, Privacy, & Trust, Morgan & Claypool Publishers, December 2013. [purchase hardcopy at Amazon] [purchase softcopy at M&C]


6.      Distinguished Collaboration Project Award (Huawei 2016)

A Distinguished Collaboration Project Award was given to our project “Advanced System-Level Vulnerability Discovery and Defense on Android” by Huawei on August 11, 2016.

7.      Android Security Flaws Fixed (Google 2016)

We discovered a series of Android framework vulnerabilities and attacks on Android 5.1.0 and 4.4.4 and reported to Google in November 2015. Google acknowledged our findings in its Android Security Acknowledgements – 2016 and in its Nexus Security Bulletin - March 2016. In particular, our finding on Information Disclosure Vulnerability in Telephony is given a common vulnerabilities and exposures (CVE) number CVE-2016-0831.

·         [Google Security Bulletin]

·         [Google acknowledgments]

·         [SMU report]

·         [CIO-Asia]

·         [Computerworld]

·         [Public News]

·         [Newstaggr]

8.      Potentially High Value Patents (Huawei 2015-2016)

·         Secure Permission Control on Android Techniques, Huawei Technologies Co., Ltd., October 2015.

·         System and Method for Determining a Security Classification of an Unknown Application, Huawei Technologies Co., Ltd., June 2016.

9.      FaceLive (CCS 2015)

We developed a liveness detection mechanism for facial authentication on mobile phones.

§  [Channel News Asia] 

§  [Today news] 

§  [Research paper] Yan Li, Yingjiu Li, Qiang Yan, Hancong Kong, Robert H. Deng: Seeing Your Face is Not Enough: An Inertial Sensor-Based Liveness Detection for Face Authentication. The 22nd ACM Conference on Computer and Communications Security (CCS), pages 1558-1569, Denver, US, 12-16 October 2015.

10.  iOS Security Flaws Fixed (Apple 2013)

We identified seven attacks which can be performed by third-party applications on iOS 5 and iOS 6 (see our ACNS paper below). We reported our findings to Apple's security team in October 2012. Three attacks, which include passcode cracking (CVE-2013-0957), interference with or control of telephony functionality (CVE-2013-5156) and sending tweets without the user’s awareness and permission (CVE-2013-5157), were rectified by Apple in its release of iOS 7 in Sept 2013.

·         [Apple announcement]

·         [SMU report]

·         [Today news]

·         [Research paper] Jin Han, Su Mon Kywe, Qiang Yan, Feng Bao, Robert Deng, Debin Gao, Yingjiu Li, Jianying Zhou: Launching Generic Attacks on iOS with Approved Third-Party Applications. 11th International Conference on Applied Cryptography and Network Security (ACNS), pages 272-289, Alberta, Canada, June 25-28, 2013.


11.  Distinguished Paper Award (NDSS 2012).

·         Qiang Yan, Jin Han, Yingjiu Li, Robert Deng: On Limitations of Designing Usable Leakage-Resilient Password Systems: Attacks, Principles and Usability. 19th Network & Distributed System Security Symposium (NDSS), San Diego, California, USA, February 5-8, 2012.


12.  RFID Security Lab at SIS, SMU

13.  Mobile Security Projects at SIS, SMU

Recent program committee members and other professional services:


·         The 13th China International Conference on Information and Cryptology (Inscrypt), 2017.

·         The 13th International Conference on Security and Privacy in Communication Networks (SECURECOMM), 2017.

·         The 22nd European Symposium on Research in Computer Security (ESORICS), 2017.

·         The 31st Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec), 2017.

·         Workshop on Security and Privacy in Cyber-Physical Systems (SPCPS), 2017.


Complete list of professional service

Recent publications



  1. Xingjie Yu, Zhan Wang, Yingjiu Li, Liang Li, Wen Tao Zhu, Li Song: EvoPass: Evolvable Graphical Password against Shoulder-Surfing Attacks. Accepted by Computers and Security, Elsevier, 2017.
  2. Xingjie Yu, Michael Thang Shiwen, Yingjiu Li, Robert H. Deng: Fair Deposits against Double-Spending for Bitcoin Transactions. Accepted by 2017 IEEE Conference on Dependable and Secure Computing (DSC), Taipei, Taiwan, August 7—10, 2017.
  3. Hui Cui, Robert H. Deng, Joseph Liu, Yingjiu Li: Attribute-Based Encryption with Expressive and Authorized Keyword Search. Accepted by the 22nd Australasian Conference on Information Security and Privacy (ACISP), Auckland, New Zealand, July 3-5, 2017.
  4. Bing Chang, Ximing Liu, Yingjiu Li, Pingjian Wang, Wen Tao Zhu, Zhan Wang: Employing Smartwatch for Enhanced Password Authentication. Accepted by the 12th International Conference on Wireless Algorithms, Systems, and Applications (WASA), Guilin, China, June 19-21, 2017.
  5. Hui Cui, Robert Deng, Yingjiu Li, Guowei Wu: Attribute-Based Storage Supporting Secure Deduplication of Encrypted Data in Cloud. Accepted by IEEE Transaction on Big Data (TBD), January 2017.
  6. Yan Li, Yao Cheng, Yingjiu Li, Robert H. Deng: Short Paper - What you see is not what you get: Leakage-resilient password entry schemes for smart glasses. Accepted by ACM Asia Conference on Computer and Communications Security (ASIACCS), Abu Dhabi, UAE, April 2-6, 2017.
  7. Zhi Yuan Poh, Hui Cui, Robert H. Deng, Yingjiu Li: Attribute-Based Secure Messaging in the Public Cloud. Accepted by the 2nd Singapore Cyber Security R&D Conference (SG-CRC), Singapore, February 21-22, 2017.



  1. Yao Cheng, Yingjiu Li, Robert H. Deng, Lingyun Ying, Wei He: A Study on A Feasible No-Root Approach on Android. Accepted by Journal of Computer Security, 2016.
  2. Su Mon Kywe, Yingjiu Li, Kunal Patel, Michael Grace: Attacking Android Smartphone Systems without Permissions. The 14th Annual Conference on Privacy, Security and Trust (PST), Auckland, New Zealand, December 12-14, 2016.
  3. Su Mon Kywe, Yingjiu Li, Jason Hong, Yao Cheng: Dissecting Developer Policy Violating Apps: Characterization and Detection. The 11th IEEE International Conference on Malicious and Unwanted Software (Malcon), Fajardo, Puerto Rico, 18-21 October 2016.
  4. Hongbing Wang, Yingjiu Li, Zongyang Zhang, Yunlei Zhao: Efficient Tag Path Authentication Protocol with Less Tag Memory. The 12th International Conference on Information Security Practice and Experience (ISPEC), pages 255-270, Zhangjiajie, China, November 16-18, 2016.
  5. Hui Cui, Robert H. Deng, Xuhua Ding and Yingjiu Li: Attribute-Based Encryption with Granular Revocation. The 12th EAI International Conference on Security and Privacy in Communication Networks (SecureComm), Guangzhou, China, 10-12 October 2016.
  6. Hui Cui, Robert H. Deng, Yingjiu Li, Baodong Qin: Server-Aided Revocable Attribute-Based Encryption. The 21st European Symposium on Research in Computer Security (ESORICS), pages 570-587, Crete, Greece, September 26-30, 2016.
  7. Hui Cui, Zhiguo Wan, Robert Deng, Guilin Wang, Yingjiu Li: Efficient and Expressive Keyword Search Over Encrypted Data in the Cloud. Accepted by IEEE Transactions on Dependable and Secure Computing (TDSC), 2016.
  8. Yan Li, Yingjiu Li, Ke Xu, Qiang Yan, Robert H. Deng: Empirical Study of Face Authentication Systems under OSNFD Attacks. Accepted by IEEE Transactions on Secure and Dependable Computing (TDSC), 2016.
  9. Ke Xu, Yingjiu Li, Robert H. Deng: ICCDetector: ICC-Based Malware Detection on Android. IEEE Transactions on Information Forensics & Security (TIFS), 11(6): 1252-1264, 2016.
  10. Yao Cheng, Yingjiu Li, Robert H. Deng: A Feasible No-Root Approach on Android. The 21st Australasian Conference on Information Security and Privacy (ACISP), pages 481-489, Melbourne, Australia, 4-6 July 2016 (short paper).


Complete list by research category

More publications on DBLP

Last updated: Jan 2017.