For wisdom will enter your heart, and knowledge will be pleasant to your soul.
80 04 049
Announcements and highlights:
1. Position Openings for Research Engineers, Postdocs, and PhD Students. [details]
2. New Book Authored (Springer 2015)
3. Recent Book Authored (Morgan & Claypool 2013)
· Yingjiu Li, Robert H. Deng, Elisa Bertino: RFID Security and Privacy. 158 pages, ISBN-13: 978-1627053259, Synthesis Lectures on Information Security, Privacy, & Trust, Morgan & Claypool Publishers, December 2013. [purchase hardcopy at Amazon] [purchase softcopy at M&C]
4. Android Security Flaws Fixed (Google 2016)
We discovered a series of Android framework vulnerabilities and attacks on Android 5.1.0 and 4.4.4 and reported to Google in November 2015. Google acknowledged our findings in its Android Security Acknowledgements – 2016 at https://source.android.com/devices/tech/security/acknowledgements.html and in its Nexus Security Bulletin - March 2016 at https://source.android.com/security/bulletin/2016-03-01.html. In particular, our finding on Information Disclosure Vulnerability in Telephony is given a common vulnerabilities and exposures (CVE) number CVE-2016-0831.
5. Potentially High Value Patent (Huawei 2015)
Our patent “Secure Permission Control on Android Techniques” is evaluated by Huawei Technologies Co., Ltd. to be of “potentially high” value in October 2015.
6. FaceLive (CCS 2015)
We developed a liveness detection mechanism for facial authentication on mobile phones.
§ [Media report in Singapore on 15 January 2016] http://www.channelnewsasia.com/news/singapore/phone-users-to-get-better/2428186.html
§ [Research paper] Yan Li, Yingjiu Li, Qiang Yan, Hancong Kong, Robert H. Deng: Seeing Your Face is Not Enough: An Inertial Sensor-Based Liveness Detection for Face Authentication. The 22nd ACM Conference on Computer and Communications Security (CCS), pages 1558-1569, Denver, US, 12-16 October 2015.
7. iOS Security Flaws Fixed (Apple 2013)
We identified seven attacks which can be performed by third-party applications on iOS 5 and iOS 6 (see our ACNS paper below). We reported our findings to Apple's security team in October 2012. Three attacks, which include passcode cracking (CVE-2013-0957), interference with or control of telephony functionality (CVE-2013-5156) and sending tweets without the user’s awareness and permission (CVE-2013-5157), were rectified by Apple in its release of iOS 7 in Sept 2013.
· [Apple announcement] http://support.apple.com/kb/HT5934
· [Singapore press release 1] http://www.news.gov.sg/public/sgpc/en/media_releases/agencies/astar/press_release/P-20131002-1
· [Singapore press release 2] http://www.todayonline.com/tech/local-researchers-help-fix-ios-security-flaws
· [Research paper] Jin Han, Su Mon Kywe, Qiang Yan, Feng Bao, Robert Deng, Debin Gao, Yingjiu Li, Jianying Zhou: Launching Generic Attacks on iOS with Approved Third-Party Applications. 11th International Conference on Applied Cryptography and Network Security (ACNS), pages 272-289, Alberta, Canada, June 25-28, 2013.
8. Distinguished Paper Award (NDSS 2012).
· Qiang Yan, Jin Han, Yingjiu Li, Robert Deng: On Limitations of Designing Usable Leakage-Resilient Password Systems: Attacks, Principles and Usability. 19th Network & Distributed System Security Symposium (NDSS), San Diego, California, USA, February 5-8, 2012.
9. RFID Security Lab at SIS, SMU
10. Mobile Security Projects at SIS, SMU
Recent program committee members and other professional services:
· 21st ACM Symposium on Access Control Models and Technologies (SACMAT), 2016
· 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2016.
· 21st European Symposium on Research in Computer Security (ESORICS), 2016. Call for papers: https://www.dropbox.com/sh/d0i1e8lvkcbqchx/AABajK5Trvyf8frUvfCVRWwOa/ESORICS2016-CfP.pdf?dl=0
· 12th International Conference on Security and Privacy in Communication Networks (SECURECOMM), 2016.
· 30th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec), 2016.
· Australasian Conference on Information Security and Privacy (ACISP), 2016.
· 12th International Conference on Information Security Practice and Experience (ISPEC), 2016.
· 12th International Conference on Information Systems Security (ICISS), 2016.
· International Conference on Provable Security (ProvSec), 2016.
· International Conference on Information Systems Security and Privacy (ICISSP), 2016.
· 9th International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage (SpaCCS), 2016.
· IEEE Global Communications Conference: Communication & Information System Security (Globecom – CISS), 2016.
· 20th European Symposium on Research in Computer Security (ESORICS), 2015.
· 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2015.
· 11th China International Conference on Information Security and Cryptology (Inscrypt), 2015.
· 17th International Conference on Information and Communications Security (ICICS), 2015.
More publications on DBLP