Tieyan LI (Terry) - School of Information Systems - Singapore ...

Tieyan LI (Terry)
Contacts:
20 Science Park Road
#02-06/10, Teletech Park
Singapore Science Park II
Singapore 117674
Tel: (+65) 68254200 ext 4535
Fax: (+65) 67779530
Mobile: (+65) 97745766
Email: litieyan@gmail.com
Summary
Education
- Technology Generalist on Security and Applied Cryptography.
- In-depth knowledge and 15 years research/industry experience on security design, architect,
innovation, and practice across multiple platforms.
- Strategic advisor, skillful leader, creative inspirator, and reliable partner.
- Enthusiastic, acuminous, cooperative, responsible, and dedicated.
[1998 — 2001] National University of Singapore
Major: Cryptography and Network System Security
Degree: Ph.D. of Computer Science
[1990 — 1994] Nankai University, Tianjin, China
Majors: 1. Computer Software 2. Electronics and Information Systems
Dual-Degree: B.Sc. of CS and B.Sc. of EIS
Recent Experience [2011 - Present]
[Dec. 2012 - Now] Security Expert, Security and Privacy Lab., Central Research
Institute, Huawei International, Singapore
As a security expert, I lead the mobile security team and do research on security issues with mobile
OSs such as Android, iOS, and emerging WebOSs as well.
⋄ Android security: Android vulnerability analysis, security evaluation, App protection,
platform security and mobile virtualization.
[Feb. 2011 - Oct. 2012] Senior Security Technologist, Irdeto (Online), APAC
As a security generalist, I provide security architecture design on application and content protection
solutions over mobile platforms, with solid understanding on source and binary protection of Java
and Native code, and system/kernel level protection (primarily on Android platform). I am the major
technical interface with sales, product, program and engineering teams in APAC. I engage in a number
of opportunities with MNOs or OEMs offering security designs and solutions. I coach internal staffs
and external customers with core security technologies, and influence top managements with security
insights and visions. In addition, I deliver keynotes and vision talks on industry forums/summits or
academic conferences. My current interests are on mobile security, digital asset protection, cloud and
Internet of Things security.
⋄ App/Game Protection: I involved in the security architecture design, threat analysis,
test and guidance in the “ActiveCloak for Apps” product line, which offers game copyright
protection and in-game asset (e.g., billing) protections. Being the cutting-edge solution in
the market, we firstly signed the contract with China Mobile with deployment at its Jiangsu
Game Center, with potential customers like China Mobile Guangdong Internet Center,
China Telecom 189 Store, Tencent Game Center, etc..

⋄ Android Platform Security: I involved in “Android platform security” solution, which
provides kernel level protection for Android security architecture, with innovative application
control and analysis, domain isolation (BYOD) and trusted apps capabilities. I assist
business exploration and technical strategy of the solution in Asia Pacific region and technically
promote it through major MNOs like China Mobile, China Unicom, China Telecom,
LG U+, KT, SKT (Korea), SingTel (Singapore) and OEMs like Samsung, HTC, Huawei.
⋄ Open Mobile Platform Security: I involved in the security baseline requirements, architecture
design, and lifecycle assurance in the “ActiveCloak for Apps” product line, which
offers strong protection for enabler APIs in mobile applications. The product is being developed
and deployed as OMP 1.0 at China Mobile Liaoning Location Center, OMP 1.1 at
China Mobile Guangdong Mobile Market, and OMP 2.0 at China Mobile Research Institute
(CMRI).
⋄ Media Protection: I involved in the security assurance and attack monitoring for the “ActiveCloak
for Media” (ACM) product line, which offers strong protection of media copyright
protection and media path protection. These include Samsung for hardening Samsung’s
SmartView HDCP 2.0 clients, Astro (Malaysia), TV Bank (Japan), and Foxtel (Australia)
for Over-The-Top (OTT) DRM solutions conforming to Microsoft PlayReady Final Licensee
(PRFL) robustness and compliance rules.
Public Speeches:
⋄ RSA China 2012 28-29 Aug. 2012. Chengdu, China.
Topic: Open Platform Security for Mobile Internet
http://www.emc-china.com/rsaconference/2012/en/index.php
⋄ 6th International Mobile Internet Conference 21-22 Aug. 2012. Beijing, China.
Topic: The Adventure of Alice and Robot: Securing Mobile Apps in the wild Android.
http://labs.chinamobile.com/imic2012
Research Experience [1999 - 2011]
[Oct. 2001 - Feb. 2011] Principal Investigator & Security Scientist, Cryptography
and Security Dept., Institute for InfoComm Research (I 2 R), A*STAR Singapore
For years, I have been doing security related projects as a team leader. I experienced on managing
the whole project life-cycle from exploring new directions, investigating the challenges, securing
the funding; to organizing the team, allocating resources, and running the project until successful
completion.
⋄ A Security Framework for EPCglobal Network. (PI, A*star Public Sector Funding,
S$479K, Aug. 2008-Aug. 2011)
⋄ Real-Time Secure RFID-Based Track and Trace in Aerospace MRO Supply
Chain. (Co-PI, A*star Aerospace program (security part), S$523K, Jan. 2009-Jan. 2011)
⋄ Privacy Protection in RFID Systems. (04/2007-03/2009, Research collaboration project
with Kyushu Univ. Japan, A*Star Co-funding)
⋄ Secure and real-time RFID based track and trace information management in
EPCglobal-enabled supply chains. (05/2007-10/2008, Joint Research Project: I 2 R-
SIMtech, A*Star funding)
⋄ SenSec: A more secure and efficient link layer sensor security framework. (A*star
flagship project on sensor network 2004-05)
⋄ mSSA: A flexible MPEG-4 authentication framework, a complementary for multimedia
DRM solutions. (A*star core project 2003-04)
⋄ Disruptive security issues in cloud computing, trusted computing, mobile phone security,
user interface, VoIP, tamper-resistant software/hardware, etc.

[Jan. 1999 - Oct. 2001] Ph.D. Candidate, School of Computing, National University
of Singapore
I pursued my Ph.D. study on cryptography and network security at department of computer science,
NUS. I explored various cryptographic algorithms, protocols, architectures, and security tools as well.
I finally focused on “intrusion detection using mobile agent techniques” as my Ph.D. topic.
Work Experience [1994 - 1998]
[Apr. 1998 - Dec. 1998] Chief Technologist, NewPost Computer Pte. Ltd., Beijing,
China
I joined a startup and managed 20 + engineers. We worked on small scale network integration and
database development projects. Beyond a technical role, I had also taken part in business development,
sales and marketing.
[Dec. 1997 - Apr. 1998] Senior Engineer, System Design Department of AsiaInfo
Corp., Beijing, China
AsiaInfo is one of the earliest Internet companies in China (IPOed on NASDAQ). I was mainly responsible
for large scale network design of ChinaNet and partially supporting pre-sales and product
management.
[Jun. 1994 - Dec. 1997] Software Engineer, R&D center, North China Institute of
Computing Technology, Taiji Computer Co., Beijing, China
Freshly graduated, I joined the R&D center and participated in several national key projects. I was
technically enriched in several aspects like software development, network management and security
assessment.
Invention
[2008-2010] Working drafts.
-“RFID authenticator for secure memory devices”
-“Data synchronization and conflict resolution for RFID applications”
-“2-mode Tag Authentication Scheme in RFID-enabled Supply Chain”
-“Method and System for Protecting RFID tags in RFID-enabled Supply Chains”
-“2-Factor Authorization for Tag Memory Access”
-“WiFi, RFID, and handheld device enabled multi-mode wireless localization system”
-“Circle of Trust (COT) model for dynamic collaboration in supply chains”
-“A Flexible RFID Privacy Protection Device”
[Jul. 2006] RFID Anti-Counterfeiting Series, PCT NO. WO 2008/085135 A1.
“Methods and Systems of Marking and Verifying An Information Tag”. with Y. Wu, W. He, P.S.
Tan, T.L. Lim. US Provisional (Jan. 2007- Jan. 2008), Filed for US patent on Jan. 2008.
-“Method on protecting EPC RFID tags against counterfeiting”
-“Method on protecting a batch of EPC RFID tags”
-“Method on protecting a set of undetachable EPC RFID tags”
-“An invisible marking scheme for the verification of EPC RFID tags”
-“Privacy enhanced tag protection method for secure RFID supply chain”
[Jun. 2003] Rcrypto – PCT NO. WO 2005/034423 A1, SG NO. 120791
“Resilient Public Key Cryptographic System” with A. Lux, F. Bao, R. Deng. And in news: The
RCrypto vaccine in COMPUTERWORLD-Singapore, Vol. 10, Issue No. 13, 18-24 February
2004.

Certificate of Training
[2001] Certificate of “Training on Project Management”
[2006] Certificate of “Training on Commercial Law & Intellectual Property Management”
Professional
Adjunct A/Professor:
-School of Information System, Singapore Management University (2010 onward)
Advisor:
-A Startup on Cloud Security in Singapore (Red Herring Award 2012)
-A Startup on eCommerce in China (O2O IC Market, $500K Funding)
-A Startup on Social Networking in China (First-round Funding: $1M)
Steering Committee:
-Workshop on RFID Security (Asia, 2009 onward)
Selected Publications (2010-2011)
My publications/citations are available from Google Scholar and DBLP:
⋄ http://scholar.google.com.sg/scholarq=tieyan+li&hl=en&as sdt=2001&as sdtp=on
⋄ http://www.informatik.uni-trier.de/˜ley/db/indices/a-tree/l/Li:Tieyan.html
Journal publications:
(Reverse Chronological Order)
1. Tieyan Li, Guilin Wang, “Analyzing a Family of Key Protection Schemes against Modification
Attacks’, IEEE Transactions on Dependable and Secure Computing (IEEE TDSC),
vol. 8, no. 5, pp. 770-776, Sep./Oct. 2011, doi:10.1109/TDSC.2010.44
2. Shaoying Cai, Yingjiu Li, Tieyan Li, Robert Deng, Haixia Yao, “Achieving High Security
and Efficiency in RFID-Tagged Supply Chains”, International Journal of Applied Cryptography,
Vol. 2, No. 1, 2010, Pages 3-12.
3. Qiang Yan, Robert H. Deng, Yingjiu Li, Tieyan Li, “On the Potential of Limitation-oriented
Malware Detection and Prevention Techniques on Mobile Phones”. International Journal of
Security and Its Applications (IJSIA), Volume 4, No.1, 2010, pp.21-30.
Conference publications:
(Reverse Chronological Order)
1. Tieyan Li, Guilin Wang and Yingjiu Li, “Secure and Practical Key Distribution for RFID-
Enabled Supply Chains”, 7th International ICST Conference on Security and Privacy in
Communication Networks (SecureComm 2011), Sept. 7-9 2011, London.
2. Qiang Yan, Jin Han, Yingjiu Li, Robert Deng, Tieyan Li, “A Software-Based Root-of-
Trust Primitive on Multicore Platforms”, 6th ACM Symposium on Information, Computer
and Communications Security (ASIACCS’11), March 22-24, 2011. Hong Kong.
3. Shaoying Cai, Chunhua Su, Yingjiu Li, Tieyan Li, Robert Deng, “Protecting and Restraining
the Third Party in RFID-Enabled 3PL Supply Chains”, Sixth International Conference
on Information Systems Security (ICISS’10), 15-19 December 2010. India.
4. Pedro Peris-Lopez, Julio C. Hernandez-Castro, Juan M. E. Tapiador, Raphael C.-W. Phan,
Tieyan Li, “Quasi-Linear Cryptanalysis of a Secure RFID Ultralightweight Authentication
Protocol”, The 6th China International Conference on Information Security and Cryptology
(Inscrypt’10). 20-23 Oct. 2010, Shanghai, China.
5. Qiang Yan, Yingjiu Li, Robert Deng, Tieyan Li, Zheng Yan, “Pseudonym-based RFID
Discovery Service to Mitigate Unauthorized Tracking in Supply Chain Management”, The
Second International Symposium on Data, Privacy, & E-Commerce (ISDPE 2010), 13-14
Sept. 2010. Buffalo/Niagara Falls. USA.