Announcements and highlights:


1.      Position Openings for Research Engineers, Postdocs, and PhD Students. [details]


2.      Albert Ching, Yingjiu Li, Robert Deng: Building next-generation secure environments on smartphones for critical mobile applications. NRF NCR project, Oct 2017 – Sep 2019 [media: Today 19Sep2017, Lianhe Zaobao 19Sep2017]


3.      “Hack-Proofing Our Devices” in ACM TechNews December 28, 2016 edition. [headlines, full article, snapshot on 1Jan17]


4.      “New RFID Protocols for Hack-Proofing Devices Soon” in Indian Bloom 1 January 2018. [online, snapshot on 9Mar18]


5.      “Permission based Android security: Issues and countermeasures” listed in Quora as must read (top 30) in cybersecurity. [link, snapshot on 1Jan17]


6.      Recent Book Authored (Springer 2015)

·         Yingjiu Li, Qiang Yan, Robert H. Deng: Leakage Resilient Password Systems. 64 pages, ISBN 978-3-319-17502-7, Springer Briefs in Computer Science, Springer, April 2015. [buy this book at Springer]


7.      Recent Book Authored (Morgan & Claypool 2013)

·         Yingjiu Li, Robert H. Deng, Elisa Bertino: RFID Security and Privacy. 158 pages, ISBN-13: 978-1627053259, Synthesis Lectures on Information Security, Privacy, & Trust, Morgan & Claypool Publishers, December 2013. [purchase hardcopy at Amazon] [purchase softcopy at M&C]


8.      Distinguished Collaboration Project Award (Huawei 2016)

A Distinguished Collaboration Project Award was given to our project “Advanced System-Level Vulnerability Discovery and Defense on Android” by Huawei on August 11, 2016.

9.      Android Security Flaws Fixed (Google 2016)

We discovered a series of Android framework vulnerabilities and attacks on Android 5.1.0 and 4.4.4 and reported to Google in November 2015. Google acknowledged our findings in its Android Security Acknowledgements – 2016 and in its Nexus Security Bulletin - March 2016. In particular, our finding on Information Disclosure Vulnerability in Telephony is given a common vulnerabilities and exposures (CVE) number CVE-2016-0831.

·         [Google Security Bulletin], snapshot

·         [Google acknowledgments], snapshot

·         [SMU news], snapshot 

·         [Computerworld], snapshot

10.  Potentially High Value Patents (Huawei 2015-2016)

·         Secure Permission Control on Android Techniques, Huawei Technologies Co., Ltd., October 2015.

·         System and Method for Determining a Security Classification of an Unknown Application, Huawei Technologies Co., Ltd., June 2016.

11.  FaceLive (CCS 2015)

We developed a liveness detection mechanism for facial authentication on mobile phones.

§  [Research, Innovation and Enterprise (RIE) magazine, National Research Foundation of Singapore], snapshot 

§  [Tech Coffee House], snapshot

§  [Channel News Asia], snapshot  

§  [Today news], snapshot  

§  [Research paper] Yan Li, Yingjiu Li, Qiang Yan, Hancong Kong, Robert H. Deng: Seeing Your Face is Not Enough: An Inertial Sensor-Based Liveness Detection for Face Authentication. The 22nd ACM Conference on Computer and Communications Security (CCS), pages 1558-1569, Denver, US, 12-16 October 2015.

12.  iOS Security Flaws Fixed (Apple 2013)

We identified seven attacks which can be performed by third-party applications on iOS 5 and iOS 6 (see our ACNS paper below). We reported our findings to Apple's security team in October 2012. Three attacks, which include passcode cracking (CVE-2013-0957), interference with or control of telephony functionality (CVE-2013-5156) and sending tweets without the user’s awareness and permission (CVE-2013-5157), were rectified by Apple in its release of iOS 7 in Sept 2013.

·         [Apple announcement], snapshot 

·         [SMU news], snapshot 

·         [The Straits Times]

·         [The Straits Times]

·         [Today news], snapshot 

·         [Research paper] Jin Han, Su Mon Kywe, Qiang Yan, Feng Bao, Robert Deng, Debin Gao, Yingjiu Li, Jianying Zhou: Launching Generic Attacks on iOS with Approved Third-Party Applications. 11th International Conference on Applied Cryptography and Network Security (ACNS), pages 272-289, Alberta, Canada, June 25-28, 2013.


13.  Distinguished Paper Award (NDSS 2012).

·         Qiang Yan, Jin Han, Yingjiu Li, Robert Deng: On Limitations of Designing Usable Leakage-Resilient Password Systems: Attacks, Principles and Usability. 19th Network & Distributed System Security Symposium (NDSS), San Diego, California, USA, February 5-8, 2012.


14.  RFID Security Lab at SIS, SMU

15.  Mobile Security Projects at SIS, SMU



Last updated in July 2017