For wisdom will enter your heart, and
knowledge will be pleasant to your soul.
My research interests: RFID Security
and Privacy, Mobile and
System Security, Applied
Cryptography and Cloud Security, Data
Application Security and Privacy
Announcements and highlights:
Position Openings for Research
Engineers, Postdocs, and PhD Students. [details]
“Hack-Proofing Our Devices” in ACM TechNews
December 28, 2016 edition. [headlines,
“Permission based Android security: Issues and
countermeasures” in Quora as must read (top 30) in cybersecurity.
Recent Book Authored (Springer 2015)
Yingjiu Li, Qiang
Yan, Robert H. Deng: Leakage
Resilient Password Systems. 64 pages, ISBN 978-3-319-17502-7, Springer
Briefs in Computer Science, Springer, April 2015. [buy this book at Springer]
Recent Book Authored (Morgan & Claypool 2013)
Yingjiu Li, Robert
H. Deng, Elisa Bertino: RFID Security and
Privacy. 158 pages, ISBN-13: 978-1627053259, Synthesis Lectures on
Information Security, Privacy, & Trust, Morgan & Claypool Publishers,
December 2013. [purchase
hardcopy at Amazon] [purchase softcopy at
Distinguished Collaboration Project Award (Huawei
Collaboration Project Award was given to our project “Advanced System-Level
Vulnerability Discovery and Defense on Android” by Huawei on August 11, 2016.
Android Security Flaws Fixed (Google 2016)
We discovered a
series of Android framework vulnerabilities and attacks on Android 5.1.0 and
4.4.4 and reported to Google in November 2015. Google acknowledged our findings
in its Android Security Acknowledgements – 2016 and in its Nexus Security
Bulletin - March 2016. In particular, our finding on Information Disclosure
Vulnerability in Telephony is given a common vulnerabilities and exposures
(CVE) number CVE-2016-0831.
[SMU report] https://www.smu.edu.sg/news/2016/07/04/smu-researchers-boost-security-googles-android-mobile-systems
[Public News] http://www.publicnow.com/view/8FB80EFA3FA55776B95DABCA88E59FCC263B10D8?2016-07-04-03:00:58+01:00-xxx1606
Potentially High Value Patents (Huawei 2015-2016)
Control on Android Techniques, Huawei Technologies Co., Ltd., October 2015.
System and Method
for Determining a Security Classification of an Unknown Application, Huawei Technologies Co., Ltd., June 2016.
FaceLive (CCS 2015)
We developed a
liveness detection mechanism for facial authentication on mobile phones.
§ [Channel News Asia] http://www.channelnewsasia.com/news/singapore/phone-users-to-get-better/2428186.html
§ [Today news] http://www.todayonline.com/singapore/phone-users-get-better-protection-hackers
§ [Research paper] Yan Li, Yingjiu Li, Qiang Yan, Hancong Kong,
Robert H. Deng: Seeing Your Face is Not Enough: An Inertial Sensor-Based
Liveness Detection for Face Authentication. The 22nd ACM Conference on Computer
and Communications Security (CCS), pages 1558-1569, Denver, US, 12-16
10. iOS Security Flaws
Fixed (Apple 2013)
We identified seven attacks which can be performed by
third-party applications on iOS 5 and iOS 6 (see our ACNS paper below). We
reported our findings to Apple's security team in October 2012. Three attacks,
which include passcode cracking (CVE-2013-0957), interference with or control
of telephony functionality (CVE-2013-5156) and sending tweets without the
user’s awareness and permission (CVE-2013-5157), were rectified by Apple in its
release of iOS 7 in Sept 2013.
[SMU report] http://sis.smu.edu.sg/news/2013/10/02/astar-smu-researchers-first-discover-ios-security-flaws
[Today news] http://www.todayonline.com/tech/local-researchers-help-fix-ios-security-flaws
paper] Jin Han, Su Mon Kywe, Qiang Yan, Feng Bao, Robert Deng, Debin Gao,
Yingjiu Li, Jianying Zhou: Launching Generic Attacks on iOS with Approved
Third-Party Applications. 11th
International Conference on Applied Cryptography and Network Security (ACNS),
pages 272-289, Alberta, Canada, June 25-28, 2013.
Distinguished Paper Award (NDSS
Yan, Jin Han, Yingjiu Li, Robert Deng: On Limitations
of Designing Usable Leakage-Resilient Password Systems: Attacks, Principles and
Usability. 19th Network
& Distributed System Security Symposium (NDSS), San Diego, California,
USA, February 5-8, 2012.
RFID Security Lab
at SIS, SMU
Projects at SIS, SMU
Recent program committee members and other professional services:
13th China International Conference on Information and Cryptology (Inscrypt), 2017.
13th International Conference on Security and Privacy in Communication Networks
22nd European Symposium on Research in Computer Security (ESORICS), 2017.
31st Annual IFIP WG 11.3 Working Conference on Data and Applications Security
and Privacy (DBSec), 2017.
on Security and Privacy in Cyber-Physical Systems (SPCPS), 2017.
Complete list of
- Xingjie Yu, Zhan Wang, Yingjiu
Li, Liang Li, Wen Tao Zhu, Li Song: EvoPass:
Evolvable Graphical Password against Shoulder-Surfing Attacks. Accepted by
and Security, Elsevier, 2017.
- Xingjie Yu, Michael Thang Shiwen, Yingjiu Li, Robert H. Deng: Fair Deposits against
Double-Spending for Bitcoin Transactions. Accepted by 2017 IEEE Conference on Dependable
and Secure Computing (DSC), Taipei, Taiwan, August 7—10, 2017.
- Hui Cui, Robert H. Deng, Joseph
Liu, Yingjiu Li: Attribute-Based Encryption with Expressive and Authorized
Keyword Search. Accepted by the 22nd
Australasian Conference on Information Security and Privacy (ACISP),
Auckland, New Zealand, July 3-5, 2017.
- Bing Chang, Ximing Liu, Yingjiu
Li, Pingjian Wang, Wen Tao Zhu, Zhan Wang:
Employing Smartwatch for Enhanced Password Authentication. Accepted by the
12th International Conference on Wireless Algorithms, Systems, and
Applications (WASA), Guilin, China, June
- Hui Cui, Robert Deng, Yingjiu
Li, Guowei Wu: Attribute-Based Storage
Supporting Secure Deduplication of Encrypted Data in Cloud. Accepted by IEEE Transaction on Big Data (TBD),
- Yan Li, Yao Cheng, Yingjiu Li, Robert H. Deng: Short Paper - What you see is not what
you get: Leakage-resilient password entry schemes for smart glasses.
Accepted by ACM Asia Conference on
Computer and Communications Security (ASIACCS), Abu Dhabi, UAE, April
- Zhi Yuan Poh, Hui Cui, Robert
H. Deng, Yingjiu Li: Attribute-Based Secure Messaging in the Public Cloud.
Accepted by the
2nd Singapore Cyber Security R&D Conference (SG-CRC), Singapore,
February 21-22, 2017.
- Yao Cheng, Yingjiu Li, Robert
H. Deng, Lingyun Ying, Wei He: A Study on A Feasible No-Root Approach on Android. Accepted by Journal
of Computer Security, 2016.
- Su Mon Kywe,
Yingjiu Li, Kunal Patel, Michael Grace:
Attacking Android Smartphone Systems without Permissions. The 14th Annual Conference on Privacy,
Security and Trust (PST), Auckland, New Zealand, December 12-14, 2016.
- Su Mon Kywe,
Yingjiu Li, Jason Hong, Yao Cheng: Dissecting Developer Policy Violating
Apps: Characterization and Detection. The 11th IEEE International
Conference on Malicious and Unwanted Software (Malcon),
Fajardo, Puerto Rico, 18-21 October 2016.
- Hongbing Wang, Yingjiu Li, Zongyang Zhang, Yunlei Zhao:
Efficient Tag Path Authentication Protocol with Less Tag Memory. The 12th
International Conference on Information Security Practice and Experience
(ISPEC), pages 255-270, Zhangjiajie, China,
November 16-18, 2016.
- Hui Cui, Robert H. Deng, Xuhua Ding and Yingjiu Li: Attribute-Based Encryption
with Granular Revocation. The
12th EAI International Conference on Security and Privacy in Communication
Networks (SecureComm), Guangzhou, China,
10-12 October 2016.
- Hui Cui, Robert H. Deng,
Yingjiu Li, Baodong Qin: Server-Aided Revocable Attribute-Based
21st European Symposium on Research in Computer Security (ESORICS),
pages 570-587, Crete, Greece, September 26-30, 2016.
- Hui Cui, Zhiguo Wan, Robert
Deng, Guilin Wang, Yingjiu Li: Efficient and Expressive Keyword Search Over Encrypted Data in the Cloud. Accepted by IEEE Transactions on Dependable
and Secure Computing (TDSC), 2016.
- Yan Li, Yingjiu Li, Ke Xu,
Qiang Yan, Robert H. Deng: Empirical Study of Face Authentication Systems
under OSNFD Attacks. Accepted by IEEE Transactions on Secure and
Dependable Computing (TDSC), 2016.
- Ke Xu, Yingjiu Li, Robert H. Deng: ICCDetector:
ICC-Based Malware Detection on Android. IEEE
Transactions on Information Forensics & Security (TIFS), 11(6):
- Yao Cheng, Yingjiu Li, Robert
H. Deng: A Feasible No-Root Approach on Android. The 21st Australasian Conference on
Information Security and Privacy (ACISP), pages 481-489, Melbourne,
Australia, 4-6 July 2016 (short paper).
Complete list by
More publications on DBLP
updated: Jan 2017.