A full list of my publications and the relevant CVEs can be found here.

1. On the Unnecessary Complexity of Names in X.509 and Their Impact on Implementations
   Yuteng Sun; Joyanta Debnath; Wenzheng Hong; Omar Chowdhury; Sze Yiu Chau
   [The ACM International Conference on the Foundations of Software Engineering (FSE) 2025] (Paper)

2. SeQR: A User-Friendly and Secure-by-Design Configurator for Enterprise Wi-Fi
   S Mahmudul Hasan; Che Wei Tu; Endadul Hoque; Omar Chowdhury; Sze Yiu Chau
   [The ACM CHI conference on Human Factors in Computing Systems (CHI) 2025] (Paper)

3. A Multifaceted Study on the Use of TLS and Auto-detect in Email Ecosystems
   Ka Fun Tang; Che Wei Tu; Sui Ling Angela Mak; Sze Yiu Chau
   [Network and Distributed System Security (NDSS) Symposium 2025] (Paper)

4. ARMOR: A Formally Verified Implementation of X.509 Certificate Chain Validation
   Joyanta Debnath; Christa Jenkins; Yuteng Sun; Sze Yiu Chau; Omar Chowdhury
   [IEEE Symposium on Security and Privacy (S&P) 2024] (Paper)

5. Towards Precise Reporting of Cryptographic Misuses
   Yikang Chen; Yibo Liu; Ka Lok Wu; Duc V. Le; Sze Yiu Chau
   [The Network and Distributed System Security (NDSS) Symposium 2024] (Paper)

6. The Devil is in the Details: Hidden Problems of Client-side Enterprise Wi-Fi Configurators
   Ka Lok Wu; Man Hong Hue; Ka Fun Tang; Sze Yiu Chau
   [The 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2023)] (Paper)
   ※ Best Paper Award from ACM WiSec '23

7. Back to School: On the (In)Security of Academic VPNs
   Ka Lok Wu; Man Hong Hue; Ngai Man Poon; Kin Man Leung; Wai Yin Po; Kin Ting Wong; Sze Ho Hui; Sze Yiu Chau
   [The 32nd USENIX Security Symposium (USENIX Security '23)] (Paper)

8. All your credentials are belong to us: On Insecure WPA2-Enterprise Configurations
   Man Hong Hue; Joyanta Debnath; Kin Man Leung; Li Li; Mohsen Minaei; M. Hammad Mazhar; Kailiang Xian; Endadul Hoque; Omar Chowdhury; Sze Yiu Chau
   [The 28th ACM Conference on Computer and Communications Security (CCS 2021)] (Paper)
   ※ CUEngineering Jul 2022 Issue 19 coverage

9. On Reengineering the X.509 PKI with Executable Specification for Better Implementation Guarantees
   Joyanta Debnath; Sze Yiu Chau; Omar Chowdhury
   [The 28th ACM Conference on Computer and Communications Security (CCS 2021)] (Paper)
   ※ Best Paper Award Runner-Up from ACM CCS 2021

10. Morpheus: Bringing The (PKCS) One To Meet the Oracle
    Moosa Yahyazadeh; Sze Yiu Chau; Li Li; Man Hong Hue; Joyanta Debnath; Sheung Chiu Ip; Chun Ngai Li; Endadul Hoque; Omar Chowdhury
    [The 28th ACM Conference on Computer and Communications Security (CCS 2021)] (Paper)

• Program Committee: IEEE S&P '26, '24; ACM CCS '26, '25; ACM AsiaCCS '25; ACM CODASPY '25, '24, '23; USENIX Security '24, '23, '22, '21; RAID '24; PETS '23, '22; ACM SACMAT '23, '22, '21; EAI SecureComm '23; ESORICS '23, '20
• External Reviewer: TheWebConf '21
• Journal Reviewer: IEEE Transactions on Dependable and Secure Computing (TDSC); ACM Transactions on Privacy and Security (TOPS); IEEE Transactions on Network and Service Management (TNSM); IEEE Systems Journal (ISJ)

• Yanxiang BI (PhD student) [Aug 2022-]

• Yikang CHEN (PhD student) [Aug 2021-]

• Yuteng SUN (PhD student) [Aug 2021-]

• Doria Tang (MPhil student) [Aug 2023 - Aug 2025], now a PhD student at Stony Brook

• Zeddy Lu (MPhil student) [Aug 2023 - Aug 2025]

• Ka Lok WU (MPhil student) [Aug 2021 - Dec 2023], now a PhD student at Stony Brook

• Yibo Liu (full-time RA) [Aug 2022 - Dec 2022], now a PhD student at Arizona State

• Man Hong HUE (UG student helper + full-time RA) [Feb 2020 - Jul 2022], now a PhD student at Georgia Tech

• Dean's Exemplary Teaching Award 2022 (CUHK Faculty of Engineering)

• Best Paper Award (ACM WiSec 2023)

• Best Paper Award Runner-Up (ACM CCS 2021)

• Best Student Paper Award (ACNS 2020)

• [May 2025] Security Workshop, Yokohama National University
  Title: Finding and Fixing Security Holes in Enterprise Network Access Technologies

• [Jun 2024] PISA JAM 2024, Professional Information Security Association (PISA)
  Title: A multifaceted security analysis of Enterprise Wi-Fi and VPNs

• [May 2024] Research Seminar, Visa Research (California)
  Title: Achieving Cryptographic Guarantees in Practice

• [Oct 2022] Cybersec Infohub Annual Professional Workshop 2022, HKIRC & OGCIO
  Title: Why Are Initial Access Brokers (IABs) Profitable? A Critical Look at Enterprise Wi-Fi and VPNs

• [Apr 2021] Computer Science Colloquium, The University of Iowa
  Title: Tales of Broken Authentication: Misguided Designs Can Hurt For Decades

• [Aug 2019] Black Hat USA 2019
  Title: A Decade After Bleichenbacher '06, RSA Signature Forgery Still Works

• [Jan 2019] Computing Seminar, The Hong Kong Polytechnic University (PolyU)
  Title: Analyzing Semantic Correctness of Protocol Implementations with Symbolic Execution

• [Jan 2019] Computer Science Seminar, Hong Kong Baptist University (HKBU)
  Title: Analyzing Semantic Correctness of Protocol Implementations with Symbolic Execution

• [Dec 2018] Information Engineering Seminar, The Chinese University of Hong Kong (CUHK)
  Title: Analyzing Semantic Correctness of Protocol Implementations with Symbolic Execution

• [Sep 2018] Midwest Verification Day 2018, The University of Iowa
  Title: SymCerts: Practical Symbolic Execution For Exposing Noncompliance in X.509 Certificate Validation Implementations

• 人臉識別高度安全？ 中大研究18個應用11個有安全漏洞 (PCM)

• 黑客無情勒索　企業如何自保？ (U-Beat Magazine)

• 中大指Wi-Fi等科技存安全漏洞 建議將數據加密及定期檢查系統 (TVB News)

• 黑客入侵事件頻生　消委會、數碼港也中招　專家分享降低風險方法 (hk01)

• 中大揭人臉識別安全漏洞 銀行電子錢包App屬高危 (東網)

• 中大研究揭App存漏洞 繞過驗證比想像中簡單 (星島頭條)

• 中大揭人臉識別安全漏洞 銀行電子錢包App高危 (大公文匯網)

• 中大分析指市場多個人臉識別應用模組存安全漏洞 提醒市民保護資料安全 (TVB News)

My Erdös number is 4, with multiple paths through my PhD advisors:

• Chau → Kate → Goldberg → Stinson → Erdös
• Chau → Kate → Zaverucha → Stinson → Erdös
• Chau → Li → Bertino → Wagstaff → Erdös