For secure and user-friendly use of mobile device by everyone.

Announcements:

 

1.      Hack-Proofing Our Devices (ACM TechNews December 28, 2016 edition). [headlines, full article]

2.      Albert Ching, Yingjiu Li, Robert Deng: Building next-generation secure environments on smartphones for critical mobile applications. NRF NCR project, Oct 2017 – Sep 2019 [media: Today 19Sep2017, Lianhe Zaobao 19Sep2017]

3.      “Permission based Android security: Issues and countermeasures” listed in Quora as must read (top 30) in cybersecurity. [link, snapshot on 1Jan17]

4.      Authored Book (Springer 2015)

·         Yingjiu Li, Qiang Yan, Robert H. Deng: Leakage Resilient Password Systems. 64 pages, ISBN 978-3-319-17502-7, Springer Briefs in Computer Science, Springer, April 2015. [buy this book at Springer]

 

5.      Android Security Flaws Fixed (Google 2016)

We discovered a series of Android framework vulnerabilities and attacks on Android 5.1.0 and 4.4.4 and reported to Google in November 2015. Google acknowledged our findings in its Android Security Acknowledgements – 2016 and in its Nexus Security Bulletin - March 2016. In particular, our finding on Information Disclosure Vulnerability in Telephony is given a common vulnerabilities and exposures (CVE) number CVE-2016-0831.

·         [Google Security Bulletin] https://source.android.com/security/bulletin/2016-03-01.html

·         [Google acknowledgments] https://source.android.com/security/overview/acknowledgements.html

·         [SMU report] https://www.smu.edu.sg/news/2016/07/04/smu-researchers-boost-security-googles-android-mobile-systems

·         [CIO-Asia] http://www.cio-asia.com/tech/industries/smu-researchers-discover-vulnerabilities-in-android-44-and-51/

·         [Computerworld] http://www.computerworld.com.sg/print-article/99278/

·         [Public News] http://www.publicnow.com/view/8FB80EFA3FA55776B95DABCA88E59FCC263B10D8?2016-07-04-03:00:58+01:00-xxx1606

·         [Newstaggr] http://www.newstaggr.com/news/smu-researchers-discover-vulnerabilities-in-android-4-4-and-5-1?uid=76052.

6.      FaceLive (CCS 2015)

We developed a liveness detection mechanism for facial authentication on mobile phones.

§  [Channel News Asia] http://www.channelnewsasia.com/news/singapore/phone-users-to-get-better/2428186.html

§  [Today news] http://www.todayonline.com/singapore/phone-users-get-better-protection-hackers

§  [Research paper] Yan Li, Yingjiu Li, Qiang Yan, Hancong Kong, Robert H. Deng: Seeing Your Face is Not Enough: An Inertial Sensor-Based Liveness Detection for Face Authentication. The 22nd ACM Conference on Computer and Communications Security (CCS), pages 1558-1569, Denver, US, 12-16 October 2015.

7.      iOS Security Flaws Fixed (Apple 2013)

We identified seven attacks which can be performed by third-party applications on iOS 5 and iOS 6 (see our ACNS paper below). We reported our findings to Apple's security team in October 2012. Three attacks, which include passcode cracking (CVE-2013-0957), interference with or control of telephony functionality (CVE-2013-5156) and sending tweets without the user’s awareness and permission (CVE-2013-5157), were rectified by Apple in its release of iOS 7 in Sept 2013.

·         [Apple announcement] https://support.apple.com/en-sg/HT202816

·         [SMU report] http://sis.smu.edu.sg/news/2013/10/02/astar-smu-researchers-first-discover-ios-security-flaws

·         [Today news] http://www.todayonline.com/tech/local-researchers-help-fix-ios-security-flaws

·         [Research paper] Jin Han, Su Mon Kywe, Qiang Yan, Feng Bao, Robert Deng, Debin Gao, Yingjiu Li, Jianying Zhou: Launching Generic Attacks on iOS with Approved Third-Party Applications. 11th International Conference on Applied Cryptography and Network Security (ACNS), pages 272-289, Alberta, Canada, June 25-28, 2013.

 

8.      Distinguished Paper Award (NDSS 2012).

·         Qiang Yan, Jin Han, Yingjiu Li, Robert Deng: On Limitations of Designing Usable Leakage-Resilient Password Systems: Attacks, Principles and Usability. 19th Network & Distributed System Security Symposium (NDSS), San Diego, California, USA, February 5-8, 2012.

 

Publications:

 

2019

1. Yan Li, Zilong Wang, Yingjiu Li, Robert H. Deng, Binbin Chen, Weizhi Meng, Hui Li: A Closer Look Tells More: A Facial Distortion Based Liveness Detection for Face Authentication (short paper). Accepted by the 14th ACM Asia Conference on Information, Computer and Communications Security (ASIACCS), Auckland, New Zealand, July 7-12, 2019.
2. Ke Xu, Yingjiu Li, Robert H. Deng, Kai Chen, Jiayun Xu: DroidEvolver: Self-Evolving Android Malware Detection System. Accepted by the 4th IEEE European Symposium on Security and Privacy (EuroS&P), Stockholm, Sweden, June 17-19, 2019.

 

2018

1. Ximing Liu, Yingjiu Li, Robert H. Deng: Typing-Proof: Usable, Secure and Low-Cost Two-Factor Authentication Based On Keystroke Timings. Accepted by 2018 Annual Computer Security Applications Conference (ACSAC), San Juan, Puerto Rico, December 3-7, 2018 (acceptance ratio 60/299=20.1%).
2. Ximing Liu, Yingjiu Li, Robert H. Deng, Shujun Li, Bing Chang: When Human Cognitive Modeling Meets PINs: User-Independent Inter-Keystroke Timing Attacks. Computers & Security (COSE), 80: 90-107, Elsevier, 2018.
3. Bing Chang, Yingjiu Li, Qiongxiao Wang, Wen-Tao Zhu, Robert H. Deng: Making a Good Thing Better: Enhancing Password/PIN based User Authentication with Smartwatch. Cybersecurity 1:7, Springer, March 2018.
4. Yan Li, Yingjiu Li, Ke Xu, Qiang Yan, Robert H. Deng: Empirical Study of Face Authentication Systems under OSNFD Attacks. IEEE Transactions on Secure and Dependable Computing (TDSC), 15(2): 231-245, 2018.
5. Yangguang Tian, Yingjiu Li, Rongmao Chen, Nan Li, Ximeng Liu, Bing Chang, Xingjie Yu: Privacy-Preserving Biometric-Based Remote User Authentication With Leakage Resilience. Accepted by the 2018 International Conference on Security and Privacy in Communication Networks (SECURECOMM), August 8-10, Singapore.
6. Bing Chang, Fengwei Zhang, Bo Chen, Yingjiu Li, Wen-Tao Zhu, Yangguang Tian, Zhan Wang, Albert Ching: MobiCeal: Towards Secure and Practical Plausibly Deniable Encryption on Mobile Devices. Accepted by the 48th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Luxembourg City, Luxembourg, June 25-28, 2018 (acceptance ratio = 62/221 =28.1%).
7. Ke Xu, Yingjiu Li, Robert H. Deng, Kai Chen: DeepRefiner: Multi-layer Android Malware Detection System Applying Deep Neural Networks. Accepted by the 3rd IEEE European Symposium on Security and Privacy (EuroS&P), London, UK, April 24-26, 2018 (acceptance ratio = 33/144 =22.9%).
8. Daoyuan Wu, Yao Cheng, Debin Gao, Yingjiu Li, Robert H. Deng: SCLib: A Practical and Lightweight Defense against Component Hijacking in Android Applications (short paper). Accepted by the 8th ACM Conference on Data and Application Security and Privacy (CODASPY), Tempe, AZ, USA, March 19-21, 2018.
9. Bing Chang, Yao Cheng, Bo Chen, Fengwei Zhang, Wen Tao Zhu, Yingjiu Li, Zhan Wang: User-Friendly Deniable Storage for Mobile Devices. Computers and Security, 72(2018): 163-174, Elsevier, 2018.

 

2017

1. Yang Yang, Ximeng Liu, Robert H. Deng, Yingjiu Li: Lightweight Sharable and Traceable Secure Mobile Health System. Accepted by IEEE Transactions on Dependable and Secure Computing (TDSC), July 2017.
2. Xingjie Yu, Zhan Wang, Yingjiu Li, Liang Li, Wen Tao Zhu, Li Song: EvoPass: Evolvable Graphical Password against Shoulder-Surfing Attacks. Computers and Security, 70: 179-198, Elsevier, 2017.
3. Bing Chang, Ximing Liu, Yingjiu Li, Pingjian Wang, Wen Tao Zhu, Zhan Wang: Employing Smartwatch for Enhanced Password Authentication. the 12th International Conference on Wireless Algorithms, Systems, and Applications (WASA), pages 691-703, Guilin, China, June 19-21, 2017 (acceptance ratio =71/238=29.8%).
4. Yan Li, Yao Cheng, Yingjiu Li, Robert H. Deng: What you see is not what you get: Leakage-resilient password entry schemes for smart glasses. Accepted by ACM Asia Conference on Computer and Communications Security (ASIACCS), pages 327-333, Abu Dhabi, UAE, April 2-6, 2017 (acceptance ratio =73/359 = 20.3%).
5. Xingjie Yu, Su Mon Kywe, Yingjiu Li: Security Issues of In-Store Mobile Payment. Book Chapter in Handbook of Blockchain, Digital Finance, and Inclusion, Volume 2, pages 115-144, edited by David Lee Kuo Chuen, Robert H. Deng, Academic Press, 2017.

 

2016

1. Yao Cheng, Yingjiu Li, Robert H. Deng, Lingyun Ying, Wei He: A Study on a Feasible No-Root Approach on Android. Journal of Computer Security, 25(3): 231-253, 2017 (accepted in 2016).
2. Su Mon Kywe, Yingjiu Li, Kunal Patel, Michael Grace: Attacking Android Smartphone Systems without Permissions. The 14th Annual Conference on Privacy, Security and Trust (PST), Auckland, New Zealand, December 12-14, 2016.
3. Su Mon Kywe, Yingjiu Li, Jason Hong, Yao Cheng: Dissecting Developer Policy Violating Apps: Characterization and Detection. The 11th IEEE International Conference on Malicious and Unwanted Software (Malcon), Fajardo, Puerto Rico, 18-21 October 2016.
4. Ke Xu, Yingjiu Li, Robert H. Deng: ICCDetector: ICC-Based Malware Detection on Android. IEEE Transactions on Information Forensics & Security (TIFS), 11(6): 1252-1264, 2016.
5. Yao Cheng, Yingjiu Li, Robert H. Deng: A Feasible No-Root Approach on Android. The 21st Australasian Conference on Information Security and Privacy (ACISP), pages 481-489, Melbourne, Australia, 4-6 July 2016 (short paper).
6. Yan Li, Qiang Yan, Yingjiu Li, Robert H. Deng: When Seeing Is Not Believing: Defeating MFF-Based Attacks by Liveness Detection for Face Authentication on Mobile Platform. Book Chapter in Protecting Mobile Networks and Devices: Challenges and Solutions, pages 29-48, edited by Weizhi Meng, Xiapu Luo, Steven Furnell, Jianying Zhou, Taylor & Francis Group, 2016.

 

2015

1. Yingjiu Li, Qiang Yan, Robert H. Deng: Leakage Resilient Password Systems. 64 pages, ISBN 978-3-319-17502-7, Springer Briefs in Computer Science, Springer, April 2015.
2. Daibin Wang, Haixia Yao, Yingjiu Li, Hai Jin, Deqing Zou, Robert H. Deng: A Secure, Usable, and Transparent Middleware for Permission Managers on Android. IEEE Transactions on Dependable and Secure Computing (TDSC), 14(4): 350-362, 2017 (accepted in 2015).
3. Yan Li, Yingjiu Li, Qiang Yan, Hancong Kong, Robert H. Deng: Seeing Your Face is Not Enough: An Inertial Sensor-Based Liveness Detection for Face Authentication. The 22nd ACM Conference on Computer and Communications Security (CCS), pages 1558-1569, Denver, US, 12-16 October 2015. (Acceptance ratio: 128/646 = 19.8%).
4. Daibin Wang, Haixia Yao, Yingjiu Li, Hai Jin, Deqing Zou, Robert H. Deng: CICC: A Fine-Grained, Semantic-Aware, and Transparent Approach to Preventing Permission Leaks for Android Permission Managers. The 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec), pages 6:1-6:6, New York City, USA, June 22 - 26, 2015 (short paper, acceptance ratio 26/83=31.3%).
5. Qiang Yan, Jin Han, Yingjiu Li, Jianying Zhou, Robert Deng: Leakage-Resilient Password Entry: Challenges, Design, and Evaluation. Computers & Security, 48 (2015): 196-211, Elsevier. 2014.

 

2014

1. Su Mon Kywe, Yingjiu Li, Robert Deng, Jason Hong: Detecting Camouflaged Applications on Mobile Application Markets. The 17th Annual International Conference on Information Security and Cryptology (ICISC), Seoul, Korea, December 3-5, 2014.
2. Zheran Fang, Weili Han, Yingjiu Li: Permission Based Android Security: Issues and Countermeasures. Computers and Security, 43(2104): 205-218, Elsevier, 2014.
3. Yan Li, Ke Xu, Qiang Yan, Yingjiu Li, Robert H. Deng: Understanding OSN-Based Facial Disclosure against Face Authentication Systems. The 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS), pages 413-423, Kyoto, Japan, June 4-6, 2014 (acceptance ratio 42/260=16.2%).

 

2013

7. Jin Han, Su Mon Kywe, Qiang Yan, Feng Bao, Robert Deng, Debin Gao, Yingjiu Li, Jianying Zhou: Launching Generic Attacks on iOS with Approved Third-Party Applications. The 11th International Conference on Applied Cryptography and Network Security (ACNS), pages 272-289, Alberta, Canada, June 25-28, 2013 (7 iOS security flaws were identified, among which 3 were fixed as it was announced by Apple Inc. for iOS 7 release in September 2013).
8. Qiang Yan, Jin Han, Yingjiu Li, Jianying Zhou, Robert Deng: Designing Leakage Resilience of Password Entry on Touchscreen Mobile Devices. The 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS), pages 37-48, Hangzhou, China, May 7-10, 2013 (acceptance ratio 35/216=16.2%).
9. Divyan Konidala, Robert Deng, Yingjiu Li, Hoong Chuin Lau, Stephen Fienberg: Anonymous Authentication of Visitors for Mobile Crowd Sensing at Amusement Parks. The 9th Information Security Practice and Experience Conference (ISPEC), pages 174-188, Lanzhou, China, May 12-14, 2013 (acceptance ratio 27/71=38%).

 

2012

1. Qiang Yan, Jin Han, Yingjiu Li, Robert Deng: On Limitations of Designing Usable Leakage-Resilient Password Systems: Attacks, Principles and Usability. The 19th Network & Distributed System Security Symposium (NDSS), San Diego, California, USA, February 5-8, 2012 (acceptance ratio 46/258 = 17.8%) (Distinguished Paper Award)

 

2010:

1. Qiang Yan, Robert Deng, Yingjiu Li, Tieyan Li: On the potential of limitation-oriented malware detection and prevention on mobile phones. International Journal of Security and Its Applications (IJSIA), 4(1): 21-30, January 2010.

 

Last updated: Feb 2019.