For wisdom will enter your heart, and
knowledge will be pleasant to your soul.
My research interests: RFID Security
and Privacy, Mobile and
System Security, Applied
Cryptography and Cloud Security, Data
Application Security and Privacy
Announcements and highlights:
Position Openings for Research
Engineers, Postdocs, and PhD Students. [details]
“Hack-Proofing Our Devices” in ACM TechNews
December 28, 2016 edition. [headlines,
“Permission based Android security: Issues and
countermeasures” in Quora as must read (top 30) in cybersecurity.
Recent Book Authored (Springer 2015)
Yingjiu Li, Qiang
Yan, Robert H. Deng: Leakage
Resilient Password Systems. 64 pages, ISBN 978-3-319-17502-7, Springer
Briefs in Computer Science, Springer, April 2015. [buy this book at Springer]
Recent Book Authored (Morgan & Claypool 2013)
Yingjiu Li, Robert
H. Deng, Elisa Bertino: RFID Security and
Privacy. 158 pages, ISBN-13: 978-1627053259, Synthesis Lectures on
Information Security, Privacy, & Trust, Morgan & Claypool Publishers,
December 2013. [purchase
hardcopy at Amazon] [purchase softcopy at
Distinguished Collaboration Project Award (Huawei
Collaboration Project Award was given to our project “Advanced System-Level
Vulnerability Discovery and Defense on Android” by Huawei on August 11, 2016.
Android Security Flaws Fixed (Google 2016)
We discovered a
series of Android framework vulnerabilities and attacks on Android 5.1.0 and
4.4.4 and reported to Google in November 2015. Google acknowledged our findings
in its Android Security Acknowledgements – 2016 and in its Nexus Security
Bulletin - March 2016. In particular, our finding on Information Disclosure
Vulnerability in Telephony is given a common vulnerabilities and exposures
(CVE) number CVE-2016-0831.
[SMU report] https://www.smu.edu.sg/news/2016/07/04/smu-researchers-boost-security-googles-android-mobile-systems
[Public News] http://www.publicnow.com/view/8FB80EFA3FA55776B95DABCA88E59FCC263B10D8?2016-07-04-03:00:58+01:00-xxx1606
Potentially High Value Patents (Huawei 2015-2016)
Control on Android Techniques, Huawei Technologies Co., Ltd., October 2015.
System and Method
for Determining a Security Classification of an Unknown Application, Huawei Technologies Co., Ltd., June 2016.
FaceLive (CCS 2015)
We developed a
liveness detection mechanism for facial authentication on mobile phones.
§ [Channel News Asia] http://www.channelnewsasia.com/news/singapore/phone-users-to-get-better/2428186.html
§ [Today news] http://www.todayonline.com/singapore/phone-users-get-better-protection-hackers
§ [Research paper] Yan Li, Yingjiu Li, Qiang Yan, Hancong Kong,
Robert H. Deng: Seeing Your Face is Not Enough: An Inertial Sensor-Based
Liveness Detection for Face Authentication. The 22nd ACM Conference on Computer
and Communications Security (CCS), pages 1558-1569, Denver, US, 12-16
10. iOS Security Flaws
Fixed (Apple 2013)
We identified seven attacks which can be performed by
third-party applications on iOS 5 and iOS 6 (see our ACNS paper below). We
reported our findings to Apple's security team in October 2012. Three attacks,
which include passcode cracking (CVE-2013-0957), interference with or control
of telephony functionality (CVE-2013-5156) and sending tweets without the
user’s awareness and permission (CVE-2013-5157), were rectified by Apple in its
release of iOS 7 in Sept 2013.
[SMU report] http://sis.smu.edu.sg/news/2013/10/02/astar-smu-researchers-first-discover-ios-security-flaws
[Today news] http://www.todayonline.com/tech/local-researchers-help-fix-ios-security-flaws
paper] Jin Han, Su Mon Kywe, Qiang Yan, Feng Bao, Robert Deng, Debin Gao,
Yingjiu Li, Jianying Zhou: Launching Generic Attacks on iOS with Approved
Third-Party Applications. 11th
International Conference on Applied Cryptography and Network Security (ACNS),
pages 272-289, Alberta, Canada, June 25-28, 2013.
Distinguished Paper Award (NDSS
Yan, Jin Han, Yingjiu Li, Robert Deng: On Limitations
of Designing Usable Leakage-Resilient Password Systems: Attacks, Principles and
Usability. 19th Network
& Distributed System Security Symposium (NDSS), San Diego, California,
USA, February 5-8, 2012.
RFID Security Lab
at SIS, SMU
Projects at SIS, SMU
Recent program committee members and other professional services:
European Symposium on Research in Computer Security (ESORICS), 2017.
Annual IFIP WG 11.3 Working Conference on Data and Applications Security and
Privacy (DBSec), 2017.
on Security and Privacy in Cyber-Physical Systems (SPCPS), 2017.
Complete list of
- Hui Cui, Robert Deng, Yingjiu
Li, Guowei Wu: Attribute-Based Storage
Supporting Secure Deduplication of Encrypted Data in Cloud. Accepted by IEEE Transaction on Big Data (TBD),
- Yan Li, Yao Cheng, Yingjiu Li, Robert H. Deng: Short Paper: What you see is not what
you get: Leakage-resilient password entry schemes for smart glasses. Accepted
by ACM Asia Conference on Computer and
Communications Security (ASIACCS), Abu Dhabi, UAE, April 2-6, 2017.
- Zhi Yuan Poh,
Hui Cui, Robert H. Deng, Yingjiu Li: Attribute-Based Secure Messaging in
the Public Cloud. Accepted by the 2nd Singapore
Cyber Security R&D Conference (SG-CRC), Singapore, February 21-22,
- Yao Cheng, Yingjiu Li, Robert
H. Deng, Lingyun Ying, Wei He: A Study on A Feasible No-Root Approach on Android. Accepted by Journal
of Computer Security, 2016.
- Su Mon Kywe,
Yingjiu Li, Kunal Patel, Michael Grace:
Attacking Android Smartphone Systems without Permissions. The 14th Annual Conference on Privacy,
Security and Trust (PST), Auckland, New Zealand, December 12-14, 2016.
- Su Mon Kywe,
Yingjiu Li, Jason Hong, Yao Cheng: Dissecting Developer Policy Violating
Apps: Characterization and Detection. The 11th IEEE International
Conference on Malicious and Unwanted Software (Malcon),
Fajardo, Puerto Rico, 18-21 October 2016.
- Hongbing Wang, Yingjiu Li, Zongyang Zhang, Yunlei Zhao:
Efficient Tag Path Authentication Protocol with Less Tag Memory. The 12th
International Conference on Information Security Practice and Experience
(ISPEC), pages 255-270, Zhangjiajie, China,
November 16-18, 2016.
- Hui Cui, Robert H. Deng, Xuhua Ding and Yingjiu Li: Attribute-Based Encryption
with Granular Revocation. The
12th EAI International Conference on Security and Privacy in Communication
Networks (SecureComm), Guangzhou, China,
10-12 October 2016.
- Hui Cui, Robert H. Deng,
Yingjiu Li, Baodong Qin: Server-Aided Revocable Attribute-Based
21st European Symposium on Research in Computer Security (ESORICS),
pages 570-587, Crete, Greece, September 26-30, 2016.
- Hui Cui, Zhiguo Wan, Robert
Deng, Guilin Wang, Yingjiu Li: Efficient and Expressive Keyword Search Over Encrypted Data in the Cloud. Accepted by IEEE Transactions on Dependable
and Secure Computing (TDSC), 2016.
- Yan Li, Yingjiu Li, Ke Xu,
Qiang Yan, Robert H. Deng: Empirical Study of Face Authentication Systems
under OSNFD Attacks. Accepted by IEEE Transactions on Secure and
Dependable Computing (TDSC), 2016.
- Ke Xu, Yingjiu Li, Robert H. Deng: ICCDetector:
ICC-Based Malware Detection on Android. IEEE
Transactions on Information Forensics & Security (TIFS), 11(6):
- Yao Cheng, Yingjiu Li, Robert
H. Deng: A Feasible No-Root Approach on Android. The 21st Australasian Conference on
Information Security and Privacy (ACISP), pages 481-489, Melbourne,
Australia, 4-6 July 2016 (short paper).
Complete list by
More publications on DBLP
updated: Jan 2017.