For wisdom will enter your heart, and knowledge will be pleasant to your soul.


Yingjiu Li

Li, Yingjiu

Associate Professor of Information Systems


School of Information Systems (SIS)


Singapore Management University (SMU)

Room 80 04 049
80 Stamford Road
Singapore 178902

Phone:

+65-6828-0913


Fax:

+65-6828-0919

 

Email:


My research interests: RFID Security and Privacy, Mobile and System Security, Applied Cryptography and Cloud Security, Data Application Security and Privacy

Research Publications

Research Projects

Professional Services

Teaching Courses

Curriculum Vitae

Research Assistants

Academia Ancestors

Photos and Links

 

Announcements and highlights:

 

1.      Position Openings for Research Engineers, Postdocs, and PhD Students. [details]

 

2.      New Book Authored (Springer 2015)

·         Yingjiu Li, Qiang Yan, Robert H. Deng: Leakage Resilient Password Systems. 64 pages, ISBN 978-3-319-17502-7, Springer Briefs in Computer Science, Springer, April 2015. [buy this book at Springer]

https://images.springer.com/sgw/books/medium/9783319175027.jpg

 

3.      Recent Book Authored (Morgan & Claypool 2013)

·         Yingjiu Li, Robert H. Deng, Elisa Bertino: RFID Security and Privacy. 158 pages, ISBN-13: 978-1627053259, Synthesis Lectures on Information Security, Privacy, & Trust, Morgan & Claypool Publishers, December 2013. [purchase hardcopy at Amazon] [purchase softcopy at M&C]

http://ecx.images-amazon.com/images/I/41ZqbVgr0dL.jpg

 

4.      Android Security Flaws Fixed (Google 2016)

We discovered a series of Android framework vulnerabilities and attacks on Android 5.1.0 and 4.4.4 and reported to Google in November 2015. Google acknowledged our findings in its Android Security Acknowledgements – 2016 and in its Nexus Security Bulletin - March 2016. In particular, our finding on Information Disclosure Vulnerability in Telephony is given a common vulnerabilities and exposures (CVE) number CVE-2016-0831.

·         [Google Security Bulletin] https://source.android.com/security/bulletin/2016-03-01.html

·         [Google acknowledgments] https://source.android.com/security/overview/acknowledgements.html

·         [SMU report] https://www.smu.edu.sg/news/2016/07/04/smu-researchers-boost-security-googles-android-mobile-systems

·         [CIO-Asia] http://www.cio-asia.com/tech/industries/smu-researchers-discover-vulnerabilities-in-android-44-and-51/

·         [Computerworld] http://www.computerworld.com.sg/print-article/99278/

·         [Public News] http://www.publicnow.com/view/8FB80EFA3FA55776B95DABCA88E59FCC263B10D8?2016-07-04-03:00:58+01:00-xxx1606

·         [Newstaggr] http://www.newstaggr.com/news/smu-researchers-discover-vulnerabilities-in-android-4-4-and-5-1?uid=76052

5.      Potentially High Value Patents (Huawei 2015)

·         Secure Permission Control on Android Techniques, Huawei Technologies Co., Ltd., October 2015.

·         System and Method for Determining a Security Classification of an Unknown Application, Huawei Technologies Co., Ltd., June 2016.

6.      FaceLive (CCS 2015)

We developed a liveness detection mechanism for facial authentication on mobile phones.

§  [Channel News Asia] http://www.channelnewsasia.com/news/singapore/phone-users-to-get-better/2428186.html 

§  [Today news] http://www.todayonline.com/singapore/phone-users-get-better-protection-hackers 

§  [Research paper] Yan Li, Yingjiu Li, Qiang Yan, Hancong Kong, Robert H. Deng: Seeing Your Face is Not Enough: An Inertial Sensor-Based Liveness Detection for Face Authentication. The 22nd ACM Conference on Computer and Communications Security (CCS), pages 1558-1569, Denver, US, 12-16 October 2015.

7.      iOS Security Flaws Fixed (Apple 2013)

We identified seven attacks which can be performed by third-party applications on iOS 5 and iOS 6 (see our ACNS paper below). We reported our findings to Apple's security team in October 2012. Three attacks, which include passcode cracking (CVE-2013-0957), interference with or control of telephony functionality (CVE-2013-5156) and sending tweets without the user’s awareness and permission (CVE-2013-5157), were rectified by Apple in its release of iOS 7 in Sept 2013.

·         [Apple announcement] https://support.apple.com/en-sg/HT202816

·         [SMU report] http://sis.smu.edu.sg/news/2013/10/02/astar-smu-researchers-first-discover-ios-security-flaws

·         [Today news] http://www.todayonline.com/tech/local-researchers-help-fix-ios-security-flaws

·         [Research paper] Jin Han, Su Mon Kywe, Qiang Yan, Feng Bao, Robert Deng, Debin Gao, Yingjiu Li, Jianying Zhou: Launching Generic Attacks on iOS with Approved Third-Party Applications. 11th International Conference on Applied Cryptography and Network Security (ACNS), pages 272-289, Alberta, Canada, June 25-28, 2013.

 

8.      Distinguished Paper Award (NDSS 2012).

·         Qiang Yan, Jin Han, Yingjiu Li, Robert Deng: On Limitations of Designing Usable Leakage-Resilient Password Systems: Attacks, Principles and Usability. 19th Network & Distributed System Security Symposium (NDSS), San Diego, California, USA, February 5-8, 2012.

 

9.      RFID Security Lab at SIS, SMU

10.  Mobile Security Projects at SIS, SMU


Recent program committee members and other professional services:

 

·         21st ACM Symposium on Access Control Models and Technologies (SACMAT), 2016

·         10th ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2016.

·         21st European Symposium on Research in Computer Security (ESORICS), 2016.

·         12th International Conference on Security and Privacy in Communication Networks (SECURECOMM), 2016.

·         30th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec), 2016.

·         Australasian Conference on Information Security and Privacy (ACISP), 2016.

·         12th International Conference on Information Security Practice and Experience (ISPEC), 2016.

·         12th International Conference on Information Systems Security (ICISS), 2016.

·         International Conference on Provable Security (ProvSec), 2016.

·         International Conference on Information Systems Security and Privacy (ICISSP), 2016.

·         9th International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage (SpaCCS), 2016.

·         IEEE Global Communications Conference: Communication & Information System Security (Globecom – CISS), 2016.

 

·         20th European Symposium on Research in Computer Security (ESORICS), 2015.

·         10th ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2015.

·         11th China International Conference on Information Security and Cryptology (Inscrypt), 2015.

·         17th International Conference on Information and Communications Security (ICICS), 2015.

 

Complete list of professional service


Recent publications

 

2016

  1. Su Mon Kywe, Yingjiu Li, Jason Hong, Yao Cheng: Dissecting Developer Policy Violating Apps: Characterization and Detection. Accepted by the 11th IEEE International Conference on Malicious and Unwanted Software (Malcon), Fajardo, Puerto Rico, 18-21 October 2016.
  2. Hongbing Wang, Yingjiu Li, Zongyang Zhang, Yunlei Zhao: Efficient Tag Path Authentication Protocol with Less Tag Memory. Accepted by the 12th International Conference on Information Security Practice and Experience (ISPEC), Zhangjiajie, China, November 16-18, 2016.
  3. Hui Cui, Robert H. Deng, Xuhua Ding and Yingjiu Li: Attribute-Based Encryption with Granular Revocation. Accepted by the 12th EAI International Conference on Security and Privacy in Communication Networks (SecureComm), Guangzhou, China, 10-12 October 2016.
  4. Hui Cui, Robert H. Deng, Yingjiu Li, Baodong Qin: Server-Aided Revocable Attribute-Based Encryption. Accepted by the 21st European Symposium on Research in Computer Security (ESORICS), Crete, Greece, September 26-30, 2016.
  5. Hui Cui, Zhiguo Wan, Robert Deng, Guilin Wang, Yingjiu Li: Efficient and Expressive Keyword Search Over Encrypted Data in the Cloud. Accepted by IEEE Transactions on Dependable and Secure Computing (TDSC), 2016.
  6. Yan Li, Yingjiu Li, Ke Xu, Qiang Yan, Robert H. Deng: Empirical Study of Face Authentication Systems under OSNFD Attacks. Accepted by IEEE Transactions on Secure and Dependable Computing (TDSC), 2016.
  7. Ke Xu, Yingjiu Li, Robert H. Deng: ICCDetector: ICC-Based Malware Detection on Android. IEEE Transactions on Information Forensics & Security (TIFS), 11(6): 1252-1264, 2016.
  8. Yao Cheng, Yingjiu Li, Robert H. Deng: A Feasible No-Root Approach on Android. Accepted by the 21st Australasian Conference on Information Security and Privacy (ACISP), Melbourne, Australia, 4-6 July 2016 (short paper).

 

2015

  1. Yingjiu Li, Qiang Yan, Robert H. Deng: Leakage Resilient Password Systems. 64 pages, ISBN 978-3-319-17502-7, Springer Briefs in Computer Science, Springer, April 2015.
  2. Ximeng Liu, Baodong Qin, Robert Deng, Yingjiu Li: Efficient Privacy-Preserving Outsourced Computation over Public Data. Accepted by IEEE Transactions on Services Computing (TSC), 2015.
  3. Daibin Wang, Haixia Yao, Yingjiu Li, Hai Jin, Deqing Zou, Robert H. Deng: A Secure, Usable, and Transparent Middleware for Permission Managers on Android. Accepted by IEEE Transactions on Dependable and Secure Computing (TDSC), 2015.
  4. Yan Li, Yingjiu Li, Qiang Yan, Hancong Kong, Robert H. Deng: Seeing Your Face is Not Enough: An Inertial Sensor-Based Liveness Detection for Face Authentication. The 22nd ACM Conference on Computer and Communications Security (CCS), pages 1558-1569, Denver, US, 12-16 October 2015.
  5. Baodong Qin, Robert H. Deng, Yingjiu Li, Shengli Liu: Server-Aided Revocable Identity-Based Encryption. The 20th European Symposium on Research in Computer Security (ESORICS), pages 286-304, Vienna, Austria, 21-25 September, 2015.
  6. Chunhua Su, Bagus Santoso, Yingjiu Li, Robert H. Deng, Xinyi Huang: Universally Composable RFID Mutual Authentication. Accepted by IEEE Transactions on Dependable and Secure Computing (TDSC), 2015.
  7. Daibin Wang, Haixia Yao, Yingjiu Li, Hai Jin, Deqing Zou, Robert H. Deng: CICC: A Fine-Grained, Semantic-Aware, and Transparent Approach to Preventing Permission Leaks for Android Permission Managers. The 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec), pages 6:1-6:6, New York City, USA, June 24 - 26, 2015 (short paper).
  8. Qiang Yan, Jin Han, Yingjiu Li, Jianying Zhou, Robert H. Deng: Leakage-Resilient Password Entry: Challenges, Design, and Evaluation. Computers & Security, 48 (2015): 196-211, Elsevier. 2015.
  9. Yan Li, Yingjiu Li, Qiang Yan, Robert H. Deng: Privacy Leakage Analysis in Online Social Networks. Computers & Security, 49 (2015): 239-254, Elsevier, 2015.

 

Complete list by research category

More publications on DBLP


Last updated: Jan 2016.