I am now an Assistant Professor at the Department of Information Engineering, The Chinese University of Hong Kong (CUHK). Prior to joining CUHK, I was a postdoctoral researcher at CMU CyLab. I obtained my PhD from Purdue CS working primarily on network and system security, under the supervision of Prof. Ninghui Li and Prof. Aniket Kate. Born and raised in Hong Kong, I speak fluent English, Cantonese and Putonghua.

Research Interest

My research interest is mainly on the (in)security of the design and implementation of widely deployed cryptographic and network protocols. In particular, my colleagues and I have investigated exploitable weaknesses in many popular content delivery apps on Android, as well as the robustness of X.509 certificate validation and RSA signature verification implemented in various open source software, which led to the discovery of many vulnerabilities with varying degrees of severity.

Selected Recent Publications

A full list of my publications in reverse chronological order and the relevant CVEs can be found here.

  1. SymCerts: Practical Symbolic Execution For Exposing Noncompliance in X.509 Certificate Validation Implementations
    Sze Yiu Chau; Omar Chowdhury; Endadul Hoque; Huangyi Ge; Aniket Kate; Cristina Nita-Rotaru; Ninghui Li
    [IEEE Symposium on Security and Privacy (Oakland) 2017] (Paper|Talk)
    ※ One of the 10 CSAW '17 (Applied Research) Finalists

  2. Analyzing Operational Behavior of Stateful Protocol Implementations for Detecting Semantic Bugs
    Endadul Hoque; Omar Chowdhury; Sze Yiu Chau; Cristina Nita-Rotaru; Ninghui Li
    [IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 2017] (Paper)

  3. Why Johnny Can’t Make Money With His Contents: Pitfalls of Designing and Implementing Content Delivery Apps
    Sze Yiu Chau; Bincheng Wang; Jianxiong Wang; Omar Chowdhury; Aniket Kate; Ninghui Li
    [The 34th Annual Computer Security Applications Conference (ACSAC 2018)] (Paper)

  4. Analyzing Semantic Correctness with Symbolic Execution: A Case Study on PKCS#1 v1.5 Signature Verification
    Sze Yiu Chau; Moosa Yahyazadeh; Omar Chowdhury; Aniket Kate; Ninghui Li
    [The Network and Distributed System Security Symposium (NDSS) 2019] (Paper|Talk)
    WIRED coverage

  5. When TLS Meets Proxy on Mobile
    Joyanta Debnath; Sze Yiu Chau; Omar Chowdhury
    [The 18th International Conference on Applied Cryptography and Network Security (ACNS 2020)] (Paper)
    ※ Best Student Paper Award from ACNS 2020

Professional Activities

  • Program Committee: ACM SACMAT '21, USENIX Security ’21, ESORICS '20
  • Member of IEEE Symposium on Security and Privacy 2018 Student PC
  • External/Sub reviewer: ACM TNET, ICNP '18, ESORICS '18, Blockchain '18, CODASPY '18, CCS '17, ACM TOIT, AsiaCCS '16, ACNS '16, DSN '15, USENIX Security '15 and '14, ICDCS '15



    If you want to send me encrypted emails, here is my PGP public key.


My Erdös number is 4, with multiple paths through my PhD advisors:

  • Chau → Kate → Goldberg → Stinson → Erdös
  • Chau → Kate → Zaverucha → Stinson → Erdös
  • Chau → Li → Bertino → Wagstaff → Erdös