I am now an Assistant Professor at the Department of Information Engineering, The Chinese University of Hong Kong (CUHK), where I teach and do research on information security. Before moving back to my hometown to join CUHK, I was a postdoctoral researcher at Carnegie Mellon University CyLab. I obtained my PhD in Computer Science from Purdue University, working primarily on network and system security, under the supervision of Prof. Ninghui Li and Prof. Aniket Kate. My research interest is mainly on the (in)security of the design, implementation, and deployment of network and cryptographic protocols. Specifically, I have been testing and measuring different aspects of TLS and PKI, which led to the discovery of many vulnerabilities and misguided designs in various systems.

Selected Recent Publications

A full list of my publications and the relevant CVEs can be found here.

  1. All your credentials are belong to us: On Insecure WPA2-Enterprise Configurations
    Man Hong Hue; Joyanta Debnath; Kin Man Leung; Li Li; Mohsen Minaei; M. Hammad Mazhar; Kailiang Xian; Endadul Hoque; Omar Chowdhury; Sze Yiu Chau
    [The 28th ACM Conference on Computer and Communications Security (CCS 2021)] (To Appear)

  2. When TLS Meets Proxy on Mobile
    Joyanta Debnath; Sze Yiu Chau; Omar Chowdhury
    [The 18th International Conference on Applied Cryptography and Network Security (ACNS 2020)] (Paper)
    ※ Best Student Paper Award from ACNS 2020

  3. Analyzing Semantic Correctness with Symbolic Execution: A Case Study on PKCS#1 v1.5 Signature Verification
    Sze Yiu Chau; Moosa Yahyazadeh; Omar Chowdhury; Aniket Kate; Ninghui Li
    [The Network and Distributed System Security Symposium (NDSS) 2019] (Paper|Talk)
    WIRED coverage

  4. Why Johnny Can’t Make Money With His Contents: Pitfalls of Designing and Implementing Content Delivery Apps
    Sze Yiu Chau; Bincheng Wang; Jianxiong Wang; Omar Chowdhury; Aniket Kate; Ninghui Li
    [The 34th Annual Computer Security Applications Conference (ACSAC 2018)] (Paper)

  5. SymCerts: Practical Symbolic Execution For Exposing Noncompliance in X.509 Certificate Validation Implementations
    Sze Yiu Chau; Omar Chowdhury; Endadul Hoque; Huangyi Ge; Aniket Kate; Cristina Nita-Rotaru; Ninghui Li
    [IEEE Symposium on Security and Privacy (Oakland) 2017] (Paper|Talk)
    ※ CSAW '17 (Applied Research) Finalists

Professional Activities

  • Program Committee: USENIX Security ’22, PETS '22, USENIX Security ’21, ACM SACMAT '21, ESORICS '20
  • Member of IEEE Symposium on Security and Privacy 2018 Student PC
  • External/Sub reviewer: ACM TNET, ICNP '18, ESORICS '18, Blockchain '18, CODASPY '18, CCS '17, ACM TOIT, AsiaCCS '16, ACNS '16, DSN '15, USENIX Security '15 and '14, ICDCS '15

Current students and alumni

  • Yikang CHEN (PhD student) [2021-]

  • Yuteng SUN (PhD student) [2021-]

  • Ka Lok NG (MPhil student) [2021-]

  • Man Hong HUE (Ug student helper + full-time RA) [2020-2021], will be joining Rakuten Mobile



    If you want to send me encrypted emails, here is my PGP public key.


My Erdös number is 4, with multiple paths through my PhD advisors:

  • Chau → Kate → Goldberg → Stinson → Erdös
  • Chau → Kate → Zaverucha → Stinson → Erdös
  • Chau → Li → Bertino → Wagstaff → Erdös