Publications
Conference Papers
(In reverse chronological order of acceptance.)
-
ARMOR: A Formally Verified Implementation of X.509 Certificate Chain Validation
Joyanta Debnath; Christa Jenkins; Yuteng Sun; Sze Yiu Chau; Omar Chowdhury
[IEEE Symposium on Security and Privacy 2024] (Paper) -
Understanding Impacts Of Electromagnetic Signal Injection Attacks On Object Detection
Youqian Zhang; Chunxi Yang; Eugene Y. Fu; Qinhong Jiang; Chen Yan; Sze Yiu Chau; Grace Ngai; Hong-Va Leong; Xiapu Luo; Wenyuan Xu
[2024 IEEE International Conference on Multimedia and Expo (ICME)] (Paper) -
Investigating TLS Version Downgrade in Enterprise Software
Ka Fun Tang; Ka Lok Wu; Sze Yiu Chau
[The 14th ACM Conference on Data and Application Security and Privacy (CODASPY) 2024] (Paper) -
Towards Precise Reporting of Cryptographic Misuses
Yikang Chen; Yibo Liu; Ka Lok Wu; Duc V. Le; Sze Yiu Chau
[The Network and Distributed System Security (NDSS) Symposium 2024] (Paper|Talk) -
The Devil is in the Details: Hidden Problems of Client-side Enterprise Wi-Fi Configurators
Ka Lok Wu; Man Hong Hue; Ka Fun Tang; Sze Yiu Chau
[The 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2023)] (Paper|Talk)
※ Best Paper Award from ACM WiSec '23- CVE entries assigned:
-
Back to School: On the (In)Security of Academic VPNs
Ka Lok Wu; Man Hong Hue; Ngai Man Poon; Kin Man Leung; Wai Yin Po; Kin Ting Wong; Sze Ho Hui; Sze Yiu Chau
[The 32nd USENIX Security Symposium (USENIX Security 2023)] (Paper)- CVE entries assigned:
- CVE-2022-20145 in Android (CVSS v3 score: 9.8 Critical Severity)
- CVE-2022-3761 in OpenVPN Connect for macOS and Windows (CVSS v3 score: 5.9 Medium Severity)
- CVE-2022-23678 in Aruba VIA (CVSS v3 score: 5.9 Medium Severity)
- CVE-2022-45856 in FortiClient
- CVE entries assigned:
-
Morpheus: Bringing The (PKCS) One To Meet the Oracle
Moosa Yahyazadeh; Sze Yiu Chau; Li Li; Man Hong Hue; Joyanta Debnath; Sheung Chiu Ip; Chun Ngai Li; Endadul Hoque; Omar Chowdhury
[The 28th ACM Conference on Computer and Communications Security (CCS 2021)] (Paper|Talk)- CVE entries assigned:
- CVE-2020-36315 in RELIC (CVSS v3 score: 5.3 Medium Severity)
- CVE-2020-36316 in RELIC (CVSS v3 score: 5.5 Medium Severity)
- CVE-2021-30004 in wpa_supplicant (CVSS v3 score: 5.3 Medium Severity)
- CVE-2021-30130 in phpseclib (CVSS v3 score: 7.5 High Severity)
- CVE-2021-30246 in jsrsasign (CVSS v3 score: 9.1 Critical Severity)
- CVE-2022-24771 in node-forge (CVSS v3 score: 7.5 Medium Severity)
- CVE-2022-24772 in node-forge (CVSS v3 score: 7.5 Medium Severity)
- CVE-2022-24773 in node-forge (CVSS v3 score: 5.3 Medium Severity)
- CVE entries assigned:
-
On Reengineering the X.509 PKI with Executable Specification for Better Implementation Guarantees
Joyanta Debnath; Sze Yiu Chau; Omar Chowdhury
[The 28th ACM Conference on Computer and Communications Security (CCS 2021)] (Paper|Talk)
※ Best Paper Award Runner-Up from ACM CCS 2021 -
All your credentials are belong to us: On Insecure WPA2-Enterprise Configurations
Man Hong Hue; Joyanta Debnath; Kin Man Leung; Li Li; Mohsen Minaei; M. Hammad Mazhar; Kailiang Xian; Endadul Hoque; Omar Chowdhury; Sze Yiu Chau
[The 28th ACM Conference on Computer and Communications Security (CCS 2021)] (Paper|Talk)
※ CUEngineering Jul 2022 Issue 19 coverage- CVE entries assigned:
- CVE-2020-27055 in Android (CVSS v3 score: 7.5 High Severity)
- CVE-2021-21212 in Chrome OS (CVSS v3 score: 6.5 Medium Severity)
- CVE-2021-37964 in Chrome OS (CVSS v3 score: 3.3 Low Severity)
- CVE entries assigned:
-
Monet: Impressionism as A Defense Against Adversarial Examples
Huangyi Ge; Sze Yiu Chau; Ninghui Li
[The 2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems,
and Applications (IEEE TPS-ISA 2020)] (Paper) -
When TLS Meets Proxy on Mobile
Joyanta Debnath; Sze Yiu Chau; Omar Chowdhury
[The 18th International Conference on Applied Cryptography and Network Security (ACNS 2020)] (Paper)
※ Best Student Paper Award from ACNS 2020 -
Random Spiking and Systematic Evaluation of Defenses Against Adversarial Examples
Huangyi Ge; Sze Yiu Chau; Bruno Ribeiro; Ninghui Li
[The 10th ACM Conference on Data and Application Security and Privacy (CODASPY 2020)] (Paper) -
Koinonia: Verifiable E-Voting with Long-term Privacy
Huangyi Ge; Sze Yiu Chau; Victor Gonsalves; Huian Li; Tianhao Wang; Xukai Zou; Ninghui Li
[The 35th Annual Computer Security Applications Conference (ACSAC 2019)] (Paper) -
Analyzing Semantic Correctness with Symbolic Execution: A Case Study on PKCS#1 v1.5 Signature Verification
Sze Yiu Chau; Moosa Yahyazadeh; Omar Chowdhury; Aniket Kate; Ninghui Li
[The Network and Distributed System Security Symposium (NDSS) 2019] (Paper|Talk|Artifacts)
※ WIRED coverage- CVE entries assigned to some of the bugs we found in implementations of RSA signature verification:
- CVE-2018-15836 in Openswan (CVSS v3 score: 7.5 High Severity)
- CVE-2018-16151 in strongSwan (CVSS v3 score: 7.5 High Severity)
- CVE-2018-16152 in strongSwan (CVSS v3 score: 7.5 High Severity)
- CVE-2018-16253 in axTLS Embedded SSL (CVSS v3 score: 5.9 Medium Severity)
- CVE-2018-16150 in axTLS Embedded SSL (CVSS v3 score: 5.9 Medium Severity)
- CVE-2018-16149 in axTLS Embedded SSL (CVSS v3 score: 5.9 Medium Severity)
- CVE entries assigned to some of the bugs we found in implementations of RSA signature verification:
-
Why Johnny Can’t Make Money With His Contents: Pitfalls of Designing and Implementing Content Delivery Apps
Sze Yiu Chau; Bincheng Wang; Jianxiong Wang; Omar Chowdhury; Aniket Kate; Ninghui Li
[The 34th Annual Computer Security Applications Conference (ACSAC 2018)] (Paper) -
Adaptive Deterrence of DNS Cache Poisoning
Sze Yiu Chau; Omar Chowdhury; Victor Gonsalves; Huangyi Ge; Weining Yang; Sonia Fahmy; Ninghui Li
[The 14th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2018)] (Paper) -
Analyzing Operational Behavior of Stateful Protocol Implementations for Detecting Semantic Bugs
Endadul Hoque; Omar Chowdhury; Sze Yiu Chau; Cristina Nita-Rotaru; Ninghui Li
[IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 2017] (Paper) -
SymCerts: Practical Symbolic Execution For Exposing Noncompliance in X.509 Certificate Validation Implementations
Sze Yiu Chau; Omar Chowdhury; Endadul Hoque; Huangyi Ge; Aniket Kate; Cristina Nita-Rotaru; Ninghui Li
[IEEE Symposium on Security and Privacy (Oakland) 2017] (Paper|Talk|Artifacts)
※ One of the 10 CSAW '17 (Applied Research) Finalists- CVEs assigned to some of the bugs we found in various SSL/TLS libraries:
- CVE-2017-1000415 in MatrixSSL (CVSS v3 Score: 5.9 Medium Severity)
- CVE-2017-1000416 in axTLS Embedded SSL (CVSS v3 Score: 5.3 Medium Severity)
- CVE-2017-1000417 in MatrixSSL (CVSS v3 Score: 5.3 Medium Severity)
- CVEs assigned to some of the bugs we found in various SSL/TLS libraries:
.jpg){kind=link}
Journal Papers
(In reverse chronological order of acceptance.)
- TouchKey: Touch to Generate Symmetric Keys by Skin Electric Potentials Induced by Powerline Radiation
Yuchen Miao; Chaojie Gu; Zhenyu Yan; Sze Yiu Chau; Rui Tan; Qi Lin; Wen Hu; Shibo He; Jiming Chen
[Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT)] (Paper)
Workshop Papers and Posters
(In reverse chronological order of acceptance.)
- Detecting Specification Noncompliance in Network Protocol Implementations
Endadul Hoque; Omar Chowdhury; Sze Yiu Chau; Cristina Nita-Rotaru; Ninghui Li
[USENIX ATC '16 Poster]