Announcements and highlights:
1. Position Openings for Research Engineers, Postdocs, and PhD Students. [details]
2. Albert Ching, Yingjiu Li, Robert Deng: Building next-generation secure environments on smartphones for critical mobile applications. NRF NCR project, Oct 2017 – Sep 2019 [media: Today 19Sep2017, Lianhe Zaobao 19Sep2017]
6. Recent Book Authored (Springer 2015)
7. Recent Book Authored (Morgan & Claypool 2013)
· Yingjiu Li, Robert H. Deng, Elisa Bertino: RFID Security and Privacy. 158 pages, ISBN-13: 978-1627053259, Synthesis Lectures on Information Security, Privacy, & Trust, Morgan & Claypool Publishers, December 2013. [purchase hardcopy at Amazon] [purchase softcopy at M&C]
8. Distinguished Collaboration Project Award (Huawei 2016)
A Distinguished Collaboration Project Award was given to our project “Advanced System-Level Vulnerability Discovery and Defense on Android” by Huawei on August 11, 2016.
9. Android Security Flaws Fixed (Google 2016)
We discovered a series of Android framework vulnerabilities and attacks on Android 5.1.0 and 4.4.4 and reported to Google in November 2015. Google acknowledged our findings in its Android Security Acknowledgements – 2016 and in its Nexus Security Bulletin - March 2016. In particular, our finding on Information Disclosure Vulnerability in Telephony is given a common vulnerabilities and exposures (CVE) number CVE-2016-0831.
· [Google Security Bulletin] https://source.android.com/security/bulletin/2016-03-01.html, snapshot http://www.mysmu.edu/faculty/yjli/Google-Bulletin-2016.pdf
· [Google acknowledgments] https://source.android.com/security/overview/acknowledgements.html, snapshot http://www.mysmu.edu/faculty/yjli/Google-ack.pdf
10. Potentially High Value Patents (Huawei 2015-2016)
· Secure Permission Control on Android Techniques, Huawei Technologies Co., Ltd., October 2015.
· System and Method for Determining a Security Classification of an Unknown Application, Huawei Technologies Co., Ltd., June 2016.
11. FaceLive (CCS 2015)
We developed a liveness detection mechanism for facial authentication on mobile phones.
§ [Research, Innovation and Enterprise (RIE) magazine, National Research Foundation of Singapore] https://www.nrf.gov.sg/docs/default-source/default-document-library/nrf-magazine-(july-2018).pdf, snapshot http://www.mysmu.edu/faculty/yjli/nrf-magazine-(july-2018).pdf
§ [Tech Coffee House] https://techcoffeehouse.com/2018/07/12/smus-facelive-simple-and-better-than-current-facial-recognition-tech/, snapshot http://www.mysmu.edu/faculty/yjli/techcoffeehouse-report-12July2018.pdf
§ [Research paper] Yan Li, Yingjiu Li, Qiang Yan, Hancong Kong, Robert H. Deng: Seeing Your Face is Not Enough: An Inertial Sensor-Based Liveness Detection for Face Authentication. The 22nd ACM Conference on Computer and Communications Security (CCS), pages 1558-1569, Denver, US, 12-16 October 2015.
12. iOS Security Flaws Fixed (Apple 2013)
We identified seven attacks which can be performed by third-party applications on iOS 5 and iOS 6 (see our ACNS paper below). We reported our findings to Apple's security team in October 2012. Three attacks, which include passcode cracking (CVE-2013-0957), interference with or control of telephony functionality (CVE-2013-5156) and sending tweets without the user’s awareness and permission (CVE-2013-5157), were rectified by Apple in its release of iOS 7 in Sept 2013.
· [Research paper] Jin Han, Su Mon Kywe, Qiang Yan, Feng Bao, Robert Deng, Debin Gao, Yingjiu Li, Jianying Zhou: Launching Generic Attacks on iOS with Approved Third-Party Applications. 11th International Conference on Applied Cryptography and Network Security (ACNS), pages 272-289, Alberta, Canada, June 25-28, 2013.
13. Distinguished Paper Award (NDSS 2012).
· Qiang Yan, Jin Han, Yingjiu Li, Robert Deng: On Limitations of Designing Usable Leakage-Resilient Password Systems: Attacks, Principles and Usability. 19th Network & Distributed System Security Symposium (NDSS), San Diego, California, USA, February 5-8, 2012.
14. RFID Security Lab at SIS, SMU
15. Mobile Security Projects at SIS, SMU