CHAU Sze Yiu

*SHB = Ho Sin Hang Engineering Building, The Chinese University of Hong Kong

Research Interest
  • Network Security
  • Protocol Implementations
  • Embedded System Security
  • Crypto. Engineering
  • Formal Verification
Courses Taught

  • Secure Software Engineering

CHAU Sze Yiu 周思驍教授

Assistant Professor
MIEEE, MACM
BSc (PolyU), PhD (Purdue)
(852) 3943-5155
Room 707, SHB*
sychau [at] ie.cuhk.edu.hk
Website

Sze Yiu joined the Department of Information Engineering at CUHK as an Assistant Professor in January 2020. He obtained his Ph.D. in Computer Science from Purdue University in August 2019, and has industry R&D experience working for Intel. Prior to joining CUHK, Sze Yiu was a postdoctoral researcher at the CyLab Security & Privacy Institute at Carnegie Mellon University. He received his B.Sc. from The Hong Kong Polytechnic University in 2013.

His research interest is mainly on the (in)security of the design and implementation of cryptographic and network protocols. He and his colleagues have substantial experience in analyzing and breaking protocol implementations, with a specific focus on issues related to semantic correctness. His research has discovered numerous weaknesses in widely deployed software systems, including content delivery apps on Android, as well as cryptographic libraries implementing X.509 certificate validation and RSA signature verification, where many of the discoveries are exploitable and deemed highly severe. He is also very interested in applying reasoning techniques backed by formal logic into solving real-world security and privacy challenges.

Recent / Selected Publications
  • Man Hong Hue, Joyanta Debnath, Kin Man Leung, Li Li, Mohsen Minaei, M. Hammad Mazhar, Kailiang Xian, Endadul Hoque, Omar Chowdhury, Sze Yiu Chau. All your credentials are belong to us: On Insecure WPA2-Enterprise Configurations. In Proceedings of The 28th ACM Conference on Computer and Communications Security (CCS 2021).
  • Joyanta Debnath, Sze Yiu Chau, Omar Chowdhury. When TLS Meets Proxy on Mobile. In Proceedings of The 18th International Conference on Applied Cryptography and Network Security (ACNS 2020).
    *** Best Student Paper Award
  • Huangyi Ge, Sze Yiu Chau, Victor Gonsalves, Huian Li, Tianhao Wang, Xukai Zou, Ninghui Li. Koinonia: Verifiable E-Voting with Long-term Privacy. In Proceedings of The 35th Annual Computer Security Applications Conference (ACSAC 2019).
  • Sze Yiu Chau, Moosa Yahyazadeh, Omar Chowdhury, Aniket Kate, Ninghui Li. Analyzing Semantic Correctness with Symbolic Execution: A Case Study on PKCS#1 v1.5 Signature Verification. In Proceedings of The 26th Annual Network and Distributed System Security Symposium (NDSS 2019).
  • Sze Yiu Chau, Bincheng Wang, Jianxiong Wang, Omar Chowdhury, Aniket Kate, Ninghui Li. Why Johnny Can’t Make Money With His Contents: Pitfalls of Designing and Implementing Content Delivery Apps. In Proceedings of The 34th Annual Computer Security Applications Conference (ACSAC 2018).
  • Endadul Hoque, Omar Chowdhury, Sze Yiu Chau, Cristina Nita-Rotaru, Ninghui Li. Analyzing Operational Behavior of Stateful Protocol Implementations for Detecting Semantic Bugs. In Proceedings of The 47th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2017).
  • Sze Yiu Chau, Omar Chowdhury, Endadul Hoque, Huangyi Ge, Aniket Kate, Cristina Nita-Rotaru, Ninghui Li. SymCerts: Practical Symbolic Execution For Exposing Noncompliance in X.509 Certificate Validation Implementations. In Proceedings of The 38th IEEE Symposium on Security and Privacy (IEEE S&P 2017).
Research Interest

  • Network Security
  • Protocol Implementations
  • Embedded System Security
  • Crypto. Engineering
  • Formal Verification
Courses Taught

  • Secure Software Engineering