Announcements and highlights:

 

1.      Albert Ching, Yingjiu Li, Robert Deng: Building next-generation secure environments on smartphones for critical mobile applications. NRF NCR project, Oct 2017 – Sep 2019 [media: Today 19Sep2017, Lianhe Zaobao 19Sep2017]

 

2.      “Hack-Proofing Our Devices” in ACM TechNews December 28, 2016 edition. [headlines, full article, snapshot on 1Jan17]

 

3.      “New RFID Protocols for Hack-Proofing Devices Soon” in Indian Bloom 1 January 2018. [online, snapshot on 9Mar18]

 

4.      “Permission based Android security: Issues and countermeasures” listed in Quora as must read (top 30) in cybersecurity. [link, snapshot on 1Jan17]

 

5.      Authored Book (Springer 2015)

·         Yingjiu Li, Qiang Yan, Robert H. Deng: Leakage Resilient Password Systems. 64 pages, ISBN 978-3-319-17502-7, Springer Briefs in Computer Science, Springer, April 2015. [buy this book at Springer]

https://images.springer.com/sgw/books/medium/9783319175027.jpg

 

6.      Authored Book (Morgan & Claypool 2013)

·         Yingjiu Li, Robert H. Deng, Elisa Bertino: RFID Security and Privacy. 158 pages, ISBN-13: 978-1627053259, Synthesis Lectures on Information Security, Privacy, & Trust, Morgan & Claypool Publishers, December 2013. [purchase hardcopy at Amazon] [purchase softcopy at M&C]

http://ecx.images-amazon.com/images/I/41ZqbVgr0dL.jpg

 

7.      Android Security Flaws Fixed (Google 2016)

We discovered a series of Android framework vulnerabilities and attacks on Android 5.1.0 and 4.4.4 and reported to Google in November 2015. Google acknowledged our findings in its Android Security Acknowledgements – 2016 and in its Nexus Security Bulletin - March 2016. In particular, our finding on Information Disclosure Vulnerability in Telephony is given a common vulnerabilities and exposures (CVE) number CVE-2016-0831.

·         [Google Security Bulletin] https://source.android.com/security/bulletin/2016-03-01.html, snapshot http://www.mysmu.edu/faculty/yjli/Google-Bulletin-2016.pdf

·         [Google acknowledgments] https://source.android.com/security/overview/acknowledgements.html, snapshot http://www.mysmu.edu/faculty/yjli/Google-ack.pdf

·         [SMU news] https://www.smu.edu.sg/news/2016/07/04/smu-researchers-boost-security-googles-android-mobile-systems, snapshot http://www.mysmu.edu/faculty/yjli/SMU-report-2016.pdf 

·         [Computerworld] https://www.computerworld.com.sg/print-article/99278/, snapshot http://www.mysmu.edu/faculty/yjli/computerworld-Android-2016.pdf

8.      FaceLive (CCS 2015)

We developed a liveness detection mechanism for facial authentication on mobile phones.

§  [Research, Innovation and Enterprise (RIE) magazine, National Research Foundation of Singapore] https://www.nrf.gov.sg/docs/default-source/default-document-library/nrf-magazine-(july-2018).pdf, snapshot http://www.mysmu.edu/faculty/yjli/nrf-magazine-(july-2018).pdf 

§  [Tech Coffee House] https://techcoffeehouse.com/2018/07/12/smus-facelive-simple-and-better-than-current-facial-recognition-tech/, snapshot http://www.mysmu.edu/faculty/yjli/techcoffeehouse-report-12July2018.pdf

§  [Channel News Asia] http://www.channelnewsasia.com/news/singapore/phone-users-to-get-better/2428186.html, snapshot http://www.mysmu.edu/faculty/yjli/channelnewsasia2016.pdf  

§  [Today news] http://www.todayonline.com/singapore/phone-users-get-better-protection-hackers, snapshot http://www.mysmu.edu/faculty/yjli/TODAYonline-2016.pdf  

§  [Research paper] Yan Li, Yingjiu Li, Qiang Yan, Hancong Kong, Robert H. Deng: Seeing Your Face is Not Enough: An Inertial Sensor-Based Liveness Detection for Face Authentication. The 22nd ACM Conference on Computer and Communications Security (CCS), pages 1558-1569, Denver, US, 12-16 October 2015.

9.      iOS Security Flaws Fixed (Apple 2013)

We identified seven attacks which can be performed by third-party applications on iOS 5 and iOS 6 (see our ACNS paper below). We reported our findings to Apple's security team in October 2012. Three attacks, which include passcode cracking (CVE-2013-0957), interference with or control of telephony functionality (CVE-2013-5156) and sending tweets without the user’s awareness and permission (CVE-2013-5157), were rectified by Apple in its release of iOS 7 in Sept 2013.

·         [Apple announcement] https://support.apple.com/en-sg/HT202816, snapshot http://www.mysmu.edu/faculty/yjli/Apple-iOS7.pdf 

·         [SMU news] http://sis.smu.edu.sg/news/2013/10/02/astar-smu-researchers-first-discover-ios-security-flaws, snapshot http://www.mysmu.edu/faculty/yjli/SMU-report-2013.pdf 

·         [The Straits Times] https://www.smu.edu.sg/sites/default/files/smu/news_room/smu_in_the_news/2013/sources/oct3/st_20131003_1.pdf

·         [The Straits Times] https://www.straitstimes.com/singapore/apple-fixes-ios-7-after-singapore-researchers-identify-flaws

·         [Today news] http://www.todayonline.com/tech/local-researchers-help-fix-ios-security-flaws, snapshot http://www.mysmu.edu/faculty/yjli/TODAYonline-2013.pdf 

·         [Research paper] Jin Han, Su Mon Kywe, Qiang Yan, Feng Bao, Robert Deng, Debin Gao, Yingjiu Li, Jianying Zhou: Launching Generic Attacks on iOS with Approved Third-Party Applications. 11th International Conference on Applied Cryptography and Network Security (ACNS), pages 272-289, Alberta, Canada, June 25-28, 2013.

 

10.  Distinguished Paper Award (NDSS 2012).

·         Qiang Yan, Jin Han, Yingjiu Li, Robert Deng: On Limitations of Designing Usable Leakage-Resilient Password Systems: Attacks, Principles and Usability. 19th Network & Distributed System Security Symposium (NDSS), San Diego, California, USA, February 5-8, 2012.

 

11.  RFID Security Lab at SIS, SMU

12.  Mobile Security Projects at SIS, SMU

 

 

Last updated in July 2017