For secure and user-friendly use of mobile
device by everyone.
Announcements:
1.
Hack-Proofing Our Devices (ACM TechNews
December 28, 2016 edition). [headlines,
full
article]
2.
Albert Ching, Yingjiu Li, Robert Deng: Building
next-generation secure environments on smartphones for critical mobile
applications. NRF NCR project, Oct 2017 – Sep 2019 [media: Today 19Sep2017,
Lianhe Zaobao 19Sep2017]
3.
“Permission based Android security: Issues and
countermeasures” listed in Quora as must read (top 30) in cybersecurity. [link,
snapshot
on 1Jan17]
4.
Authored Book (Springer 2015)
·
Yingjiu Li, Qiang
Yan, Robert H. Deng: Leakage
Resilient Password Systems. 64 pages, ISBN 978-3-319-17502-7, Springer
Briefs in Computer Science, Springer, April 2015. [buy this book at Springer]
5.
Android Security Flaws Fixed (Google 2016)
We discovered a
series of Android framework vulnerabilities and attacks on Android 5.1.0 and
4.4.4 and reported to Google in November 2015. Google acknowledged our findings
in its Android Security Acknowledgements – 2016 and in its Nexus Security
Bulletin - March 2016. In particular, our finding on Information Disclosure
Vulnerability in Telephony is given a common vulnerabilities and exposures
(CVE) number CVE-2016-0831.
·
[Google Security
Bulletin] https://source.android.com/security/bulletin/2016-03-01.html
·
[Google
acknowledgments] https://source.android.com/security/overview/acknowledgements.html
·
[SMU report] https://www.smu.edu.sg/news/2016/07/04/smu-researchers-boost-security-googles-android-mobile-systems
·
[CIO-Asia] http://www.cio-asia.com/tech/industries/smu-researchers-discover-vulnerabilities-in-android-44-and-51/
·
[Computerworld] http://www.computerworld.com.sg/print-article/99278/
·
[Public News] http://www.publicnow.com/view/8FB80EFA3FA55776B95DABCA88E59FCC263B10D8?2016-07-04-03:00:58+01:00-xxx1606
·
[Newstaggr]
http://www.newstaggr.com/news/smu-researchers-discover-vulnerabilities-in-android-4-4-and-5-1?uid=76052.
6.
FaceLive (CCS 2015)
We developed a
liveness detection mechanism for facial authentication on mobile phones.
§ [Channel News Asia] http://www.channelnewsasia.com/news/singapore/phone-users-to-get-better/2428186.html
§ [Today news] http://www.todayonline.com/singapore/phone-users-get-better-protection-hackers
§ [Research paper] Yan Li, Yingjiu Li, Qiang Yan, Hancong Kong,
Robert H. Deng: Seeing Your Face is Not Enough: An Inertial Sensor-Based Liveness
Detection for Face Authentication. The
22nd ACM Conference on Computer and Communications Security (CCS), pages
1558-1569, Denver, US, 12-16 October 2015.
7.
iOS Security Flaws Fixed (Apple 2013)
We identified seven attacks which can be performed by
third-party applications on iOS 5 and iOS 6 (see our ACNS paper below). We
reported our findings to Apple's security team in October 2012. Three attacks,
which include passcode cracking (CVE-2013-0957), interference with or control
of telephony functionality (CVE-2013-5156) and sending tweets without the
user’s awareness and permission (CVE-2013-5157), were rectified by Apple in its
release of iOS 7 in Sept 2013.
·
[Apple announcement]
https://support.apple.com/en-sg/HT202816
·
[SMU report] http://sis.smu.edu.sg/news/2013/10/02/astar-smu-researchers-first-discover-ios-security-flaws
·
[Today news] http://www.todayonline.com/tech/local-researchers-help-fix-ios-security-flaws
·
[Research
paper] Jin Han, Su Mon Kywe, Qiang Yan, Feng Bao,
Robert Deng, Debin Gao, Yingjiu Li, Jianying Zhou:
Launching Generic Attacks on iOS with Approved Third-Party Applications. 11th International Conference on
Applied Cryptography and Network Security (ACNS), pages 272-289, Alberta,
Canada, June 25-28, 2013.
8.
Distinguished Paper Award (NDSS
2012).
·
Qiang
Yan, Jin Han, Yingjiu Li, Robert Deng: On Limitations of Designing Usable
Leakage-Resilient Password Systems: Attacks, Principles and Usability. 19th Network &
Distributed System Security Symposium (NDSS), San Diego, California, USA,
February 5-8, 2012.
Publications:
2019
- Yan Li, Zilong
Wang, Yingjiu Li, Robert H. Deng, Binbin Chen, Weizhi Meng, Hui Li: A Closer Look Tells More: A Facial
Distortion Based Liveness Detection for Face Authentication (short paper).
Accepted by the 14th
ACM Asia Conference on Information, Computer and Communications Security
(ASIACCS), Auckland, New Zealand, July 7-12, 2019.
- Ke Xu, Yingjiu Li, Robert H.
Deng, Kai Chen, Jiayun Xu: DroidEvolver:
Self-Evolving Android Malware Detection System. Accepted by the 4th IEEE
European Symposium on Security and Privacy (EuroS&P),
Stockholm, Sweden, June 17-19, 2019.
2018
- Ximing Liu, Yingjiu Li, Robert
H. Deng: Typing-Proof: Usable, Secure and Low-Cost Two-Factor
Authentication Based On Keystroke Timings. Accepted by 2018 Annual Computer Security Applications
Conference (ACSAC), San Juan, Puerto Rico, December 3-7, 2018
(acceptance ratio 60/299=20.1%).
- Ximing Liu, Yingjiu Li, Robert
H. Deng, Shujun Li, Bing Chang: When
Human Cognitive Modeling Meets PINs: User-Independent Inter-Keystroke
Timing Attacks. Computers
& Security (COSE), 80: 90-107, Elsevier, 2018.
- Bing Chang, Yingjiu Li, Qiongxiao Wang, Wen-Tao Zhu, Robert H. Deng: Making a Good Thing Better: Enhancing
Password/PIN based User Authentication with Smartwatch. Cybersecurity
1:7, Springer, March 2018.
- Yan Li, Yingjiu Li, Ke Xu,
Qiang Yan, Robert H. Deng: Empirical Study of Face Authentication Systems
under OSNFD Attacks. IEEE
Transactions on Secure and Dependable Computing (TDSC), 15(2): 231-245,
2018.
- Yangguang Tian, Yingjiu Li, Rongmao Chen, Nan Li, Ximeng Liu, Bing Chang, Xingjie
Yu: Privacy-Preserving Biometric-Based Remote User Authentication With Leakage Resilience. Accepted by the 2018 International Conference on
Security and Privacy in Communication Networks (SECURECOMM), August
8-10, Singapore.
- Bing Chang, Fengwei Zhang, Bo
Chen, Yingjiu Li, Wen-Tao Zhu, Yangguang Tian, Zhan Wang, Albert Ching: MobiCeal: Towards Secure and Practical Plausibly Deniable
Encryption on Mobile Devices. Accepted by the
48th IEEE/IFIP International Conference on Dependable Systems and Networks
(DSN), Luxembourg City, Luxembourg, June 25-28, 2018 (acceptance ratio
= 62/221 =28.1%).
- Ke Xu, Yingjiu Li, Robert H.
Deng, Kai Chen: DeepRefiner: Multi-layer Android
Malware Detection System Applying Deep Neural Networks. Accepted by the 3rd IEEE European
Symposium on Security and Privacy (EuroS&P),
London, UK, April 24-26, 2018 (acceptance ratio = 33/144 =22.9%).
- Daoyuan Wu, Yao Cheng, Debin Gao, Yingjiu Li, Robert H. Deng: SCLib: A Practical and Lightweight Defense against
Component Hijacking in Android Applications (short paper). Accepted by the 8th ACM
Conference on Data and Application Security and Privacy (CODASPY),
Tempe, AZ, USA, March 19-21, 2018.
- Bing Chang, Yao Cheng, Bo Chen,
Fengwei Zhang, Wen Tao Zhu, Yingjiu Li, Zhan
Wang: User-Friendly
Deniable Storage for Mobile Devices. Computers
and Security, 72(2018): 163-174, Elsevier, 2018.
2017
- Yang Yang, Ximeng Liu, Robert
H. Deng, Yingjiu Li: Lightweight Sharable and Traceable Secure Mobile
Health System. Accepted by IEEE
Transactions on Dependable and Secure Computing (TDSC), July 2017.
- Xingjie Yu, Zhan Wang, Yingjiu
Li, Liang Li, Wen Tao Zhu, Li Song: EvoPass:
Evolvable Graphical Password against Shoulder-Surfing Attacks. Computers
and Security, 70: 179-198, Elsevier, 2017.
- Bing Chang, Ximing Liu, Yingjiu
Li, Pingjian Wang, Wen Tao Zhu, Zhan Wang:
Employing Smartwatch for Enhanced Password Authentication. the
12th International Conference on Wireless Algorithms, Systems, and
Applications (WASA), pages 691-703, Guilin, China, June 19-21, 2017
(acceptance ratio =71/238=29.8%).
- Yan Li, Yao Cheng, Yingjiu Li,
Robert H. Deng: What you see is not what you get: Leakage-resilient
password entry schemes for smart glasses. Accepted by ACM Asia Conference on Computer and
Communications Security (ASIACCS), pages 327-333, Abu Dhabi, UAE,
April 2-6, 2017 (acceptance ratio =73/359 = 20.3%).
- Xingjie Yu, Su Mon Kywe,
Yingjiu Li: Security Issues of In-Store Mobile Payment. Book Chapter in
Handbook of Blockchain, Digital Finance, and Inclusion, Volume 2, pages
115-144, edited by David Lee Kuo Chuen, Robert H. Deng, Academic Press, 2017.
2016
- Yao Cheng, Yingjiu Li, Robert
H. Deng, Lingyun Ying, Wei He: A Study on a
Feasible No-Root Approach on Android. Journal
of Computer Security, 25(3): 231-253, 2017 (accepted in 2016).
- Su Mon Kywe, Yingjiu Li, Kunal Patel, Michael Grace: Attacking Android
Smartphone Systems without Permissions. The 14th Annual Conference on Privacy,
Security and Trust (PST), Auckland, New Zealand, December 12-14, 2016.
- Su Mon Kywe, Yingjiu Li, Jason
Hong, Yao Cheng: Dissecting Developer Policy Violating Apps:
Characterization and Detection. The
11th IEEE International Conference on Malicious and Unwanted Software
(Malcon), Fajardo, Puerto Rico, 18-21 October 2016.
- Ke Xu, Yingjiu Li, Robert H.
Deng: ICCDetector: ICC-Based Malware Detection
on Android. IEEE
Transactions on Information Forensics & Security (TIFS), 11(6):
1252-1264, 2016.
- Yao Cheng, Yingjiu Li, Robert
H. Deng: A Feasible No-Root Approach on Android. The 21st Australasian Conference on
Information Security and Privacy (ACISP), pages 481-489, Melbourne,
Australia, 4-6 July 2016 (short paper).
- Yan Li, Qiang Yan, Yingjiu Li,
Robert H. Deng: When Seeing Is Not Believing: Defeating MFF-Based Attacks
by Liveness Detection for Face Authentication on Mobile Platform. Book
Chapter in Protecting Mobile Networks and Devices: Challenges and
Solutions, pages 29-48, edited by Weizhi Meng, Xiapu Luo, Steven Furnell,
Jianying Zhou, Taylor & Francis Group, 2016.
2015
- Yingjiu Li, Qiang Yan, Robert H.
Deng: Leakage
Resilient Password Systems. 64 pages, ISBN 978-3-319-17502-7, Springer
Briefs in Computer Science, Springer, April 2015.
- Daibin Wang, Haixia Yao,
Yingjiu Li, Hai Jin, Deqing Zou, Robert H. Deng:
A Secure, Usable, and Transparent Middleware for Permission Managers on
Android. IEEE Transactions on
Dependable and Secure Computing (TDSC), 14(4): 350-362, 2017 (accepted
in 2015).
- Yan Li, Yingjiu Li, Qiang Yan,
Hancong Kong, Robert H. Deng: Seeing Your Face is Not Enough: An Inertial
Sensor-Based Liveness Detection for Face Authentication. The 22nd ACM Conference on
Computer and Communications Security (CCS), pages 1558-1569, Denver,
US, 12-16 October 2015. (Acceptance ratio: 128/646 = 19.8%).
- Daibin Wang, Haixia Yao,
Yingjiu Li, Hai Jin, Deqing Zou, Robert H. Deng:
CICC: A Fine-Grained, Semantic-Aware, and Transparent Approach to Preventing
Permission Leaks for Android Permission Managers. The 8th ACM Conference on
Security and Privacy in Wireless and Mobile Networks (ACM WiSec), pages 6:1-6:6, New York City, USA, June 22
- 26, 2015 (short paper, acceptance ratio 26/83=31.3%).
- Qiang Yan, Jin Han, Yingjiu Li,
Jianying Zhou, Robert Deng: Leakage-Resilient Password Entry: Challenges,
Design, and Evaluation. Computers
& Security, 48 (2015): 196-211, Elsevier. 2014.
2014
- Su Mon Kywe, Yingjiu Li, Robert
Deng, Jason Hong: Detecting Camouflaged Applications on Mobile Application
Markets. The 17th
Annual International Conference on Information Security and Cryptology
(ICISC), Seoul, Korea, December 3-5, 2014.
- Zheran Fang, Weili Han, Yingjiu Li: Permission
Based Android Security: Issues and Countermeasures. Computers
and Security, 43(2104): 205-218, Elsevier, 2014.
- Yan Li, Ke Xu, Qiang Yan,
Yingjiu Li, Robert H. Deng: Understanding OSN-Based Facial Disclosure
against Face Authentication Systems. The 9th ACM Symposium on
Information, Computer and Communications Security (ASIACCS), pages
413-423, Kyoto, Japan, June 4-6, 2014 (acceptance ratio 42/260=16.2%).
2013
- Jin Han, Su Mon Kywe, Qiang
Yan, Feng Bao, Robert Deng, Debin Gao, Yingjiu Li, Jianying Zhou:
Launching Generic Attacks on iOS with Approved Third-Party Applications. The 11th International Conference
on Applied Cryptography and Network Security (ACNS), pages 272-289,
Alberta, Canada, June 25-28, 2013 (7
iOS security flaws were identified, among which 3 were fixed as it was
announced by Apple Inc. for iOS 7 release in September 2013).
- Qiang Yan, Jin Han, Yingjiu Li,
Jianying Zhou, Robert Deng: Designing Leakage Resilience of Password Entry
on Touchscreen Mobile Devices. The
8th ACM Symposium on Information, Computer and Communications Security
(ASIACCS), pages 37-48, Hangzhou, China, May 7-10, 2013 (acceptance
ratio 35/216=16.2%).
- Divyan Konidala, Robert Deng,
Yingjiu Li, Hoong Chuin Lau, Stephen Fienberg: Anonymous Authentication of
Visitors for Mobile Crowd Sensing at Amusement Parks. The 9th Information
Security Practice and Experience Conference (ISPEC), pages 174-188,
Lanzhou, China, May 12-14, 2013 (acceptance ratio 27/71=38%).
2012
- Qiang Yan, Jin Han, Yingjiu Li,
Robert Deng: On Limitations of Designing Usable Leakage-Resilient Password
Systems: Attacks, Principles and Usability. The 19th Network
& Distributed System Security Symposium (NDSS), San Diego,
California, USA, February 5-8, 2012 (acceptance ratio 46/258 = 17.8%) (Distinguished Paper Award)
2010:
- Qiang Yan, Robert Deng, Yingjiu
Li, Tieyan Li: On the potential of limitation-oriented malware detection
and prevention on mobile phones. International
Journal of Security and Its Applications (IJSIA), 4(1): 21-30, January
2010.
Last updated: Feb 2019.