About Me - Sze Yiu Chau (original) (raw)

Biography

I am currently an associate professor in the School of Computing Science at Simon Fraser University, where I teach and conduct research on cybersecurity. Prior to joining Simon Fraser, I was an assistant professor of Information Engineering at The Chinese University of Hong Kong. Before that, I was a postdoctoral researcher at the CyLab of Carnegie Mellon University, after obtaining my PhD in Computer Science from Purdue University. My research interests lie in the broad area of network and software security, with a focus on finding and mitigating human errors in system implementations and deployments. Blessed with the fortune of having some very talented students, my research group has published at top-tier venues in the fields of cybersecurity, software engineering, and human-computer interaction. In addition to writing academic papers, over the years, my students and I have also discovered and fixed many real-world vulnerabilities in mission-critical products and systems.

Selected Recent Publications

A full list of my publications and the relevant CVEs can be found here.

1. On the Unnecessary Complexity of Names in X.509 and Their Impact on Implementations
   Yuteng Sun; Joyanta Debnath; Wenzheng Hong; Omar Chowdhury; Sze Yiu Chau
   [The ACM International Conference on the Foundations of Software Engineering (FSE) 2025] (Paper)
2. SeQR: A User-Friendly and Secure-by-Design Configurator for Enterprise Wi-Fi
   S Mahmudul Hasan; Che Wei Tu; Endadul Hoque; Omar Chowdhury; Sze Yiu Chau
   [The ACM CHI conference on Human Factors in Computing Systems (CHI) 2025] (Paper)
3. A Multifaceted Study on the Use of TLS and Auto-detect in Email Ecosystems
   Ka Fun Tang; Che Wei Tu; Sui Ling Angela Mak; Sze Yiu Chau
   [Network and Distributed System Security (NDSS) Symposium 2025] (Paper)
4. ARMOR: A Formally Verified Implementation of X.509 Certificate Chain Validation
   Joyanta Debnath; Christa Jenkins; Yuteng Sun; Sze Yiu Chau; Omar Chowdhury
   [IEEE Symposium on Security and Privacy (S&P) 2024] (Paper)
5. Towards Precise Reporting of Cryptographic Misuses
   Yikang Chen; Yibo Liu; Ka Lok Wu; Duc V. Le; Sze Yiu Chau
   [The Network and Distributed System Security (NDSS) Symposium 2024] (Paper)
6. The Devil is in the Details: Hidden Problems of Client-side Enterprise Wi-Fi Configurators
   Ka Lok Wu; Man Hong Hue; Ka Fun Tang; Sze Yiu Chau
   [The 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2023)] (Paper)
   ※ Best Paper Award from ACM WiSec '23
7. Back to School: On the (In)Security of Academic VPNs
   Ka Lok Wu; Man Hong Hue; Ngai Man Poon; Kin Man Leung; Wai Yin Po; Kin Ting Wong; Sze Ho Hui; Sze Yiu Chau
   [The 32nd USENIX Security Symposium (USENIX Security '23)] (Paper)
8. All your credentials are belong to us: On Insecure WPA2-Enterprise Configurations
   Man Hong Hue; Joyanta Debnath; Kin Man Leung; Li Li; Mohsen Minaei; M. Hammad Mazhar; Kailiang Xian; Endadul Hoque; Omar Chowdhury; Sze Yiu Chau
   [The 28th ACM Conference on Computer and Communications Security (CCS 2021)] (Paper)
   ※ CUEngineering Jul 2022 Issue 19 coverage
9. On Reengineering the X.509 PKI with Executable Specification for Better Implementation Guarantees
   Joyanta Debnath; Sze Yiu Chau; Omar Chowdhury
   [The 28th ACM Conference on Computer and Communications Security (CCS 2021)] (Paper)
   ※ Best Paper Award Runner-Up from ACM CCS 2021
10. Morpheus: Bringing The (PKCS) One To Meet the Oracle
    Moosa Yahyazadeh; Sze Yiu Chau; Li Li; Man Hong Hue; Joyanta Debnath; Sheung Chiu Ip; Chun Ngai Li; Endadul Hoque; Omar Chowdhury
    [The 28th ACM Conference on Computer and Communications Security (CCS 2021)] (Paper)

Professional Activities

• Program Committee: IEEE S&P '26, '24; ACM CCS '26, '25; ACM AsiaCCS '25; ACM CODASPY '25, '24, '23; USENIX Security '24, '23, '22, '21; RAID '24; PETS '23, '22; ACM SACMAT '23, '22, '21; EAI SecureComm '23; ESORICS '23, '20
• External Reviewer: TheWebConf '21
• Journal Reviewer: IEEE Transactions on Dependable and Secure Computing (TDSC); ACM Transactions on Privacy and Security (TOPS); IEEE Transactions on Network and Service Management (TNSM); IEEE Systems Journal (ISJ)

Current Research Students

• Yanxiang BI (PhD student) [Aug 2022-]
• Yikang CHEN (PhD student) [Aug 2021-]
• Yuteng SUN (PhD student) [Aug 2021-]

Alumni

• Dr. Harry Wong (Postdoctoral researcher, co-supervised with Prof. Sherman Chow) [Aug 2023 - Dec 2025], now a tenure-track Assistant Professor at NYCU in Taiwan
• Doria Tang (MPhil student) [Aug 2023 - Aug 2025], now a PhD student at Stony Brook
• Zeddy Lu (MPhil student) [Aug 2023 - Aug 2025]
• Ka Lok WU (MPhil student) [Aug 2021 - Dec 2023], now a PhD student at Stony Brook
• Yibo Liu (full-time RA) [Aug 2022 - Dec 2022], now a PhD student at Arizona State
• Man Hong HUE (UG student helper + full-time RA) [Feb 2020 - Jul 2022], now a PhD student at Georgia Tech

Awards & Recognitions

• Outstanding Research Impact Award 2024-25 (CUHK Faculty of Engineering)
• Dean's Exemplary Teaching Award 2022 (CUHK Faculty of Engineering)
• Best Paper Award (ACM WiSec 2023)
• Best Paper Award Runner-Up (ACM CCS 2021)
• Best Student Paper Award (ACNS 2020)

Invited Talks

• [May 2025] Security Workshop, Yokohama National University
  Title: Finding and Fixing Security Holes in Enterprise Network Access Technologies
• [Jun 2024] PISA JAM 2024, Professional Information Security Association (PISA)
  Title: A multifaceted security analysis of Enterprise Wi-Fi and VPNs
• [May 2024] Research Seminar, Visa Research (California)
  Title: Achieving Cryptographic Guarantees in Practice
• [Oct 2022] Cybersec Infohub Annual Professional Workshop 2022, HKIRC & OGCIO
  Title: Why Are Initial Access Brokers (IABs) Profitable? A Critical Look at Enterprise Wi-Fi and VPNs
• [Apr 2021] Computer Science Colloquium, The University of Iowa
  Title: Tales of Broken Authentication: Misguided Designs Can Hurt For Decades
• [Aug 2019] Black Hat USA 2019
  Title: A Decade After Bleichenbacher '06, RSA Signature Forgery Still Works
• [Jan 2019] Computing Seminar, The Hong Kong Polytechnic University (PolyU)
  Title: Analyzing Semantic Correctness of Protocol Implementations with Symbolic Execution
• [Jan 2019] Computer Science Seminar, Hong Kong Baptist University (HKBU)
  Title: Analyzing Semantic Correctness of Protocol Implementations with Symbolic Execution
• [Dec 2018] Information Engineering Seminar, The Chinese University of Hong Kong (CUHK)
  Title: Analyzing Semantic Correctness of Protocol Implementations with Symbolic Execution
• [Sep 2018] Midwest Verification Day 2018, The University of Iowa
  Title: SymCerts: Practical Symbolic Execution For Exposing Noncompliance in X.509 Certificate Validation Implementations

Press & Media Coverage

• 人臉識別高度安全？ 中大研究18個應用11個有安全漏洞 (PCM)
• 黑客無情勒索 企業如何自保？ (U-Beat Magazine)
• 中大指Wi-Fi等科技存安全漏洞 建議將數據加密及定期檢查系統 (TVB News)
• 黑客入侵事件頻生 消委會、數碼港也中招 專家分享降低風險方法 (hk01)
• 中大揭人臉識別安全漏洞 銀行電子錢包App屬高危 (東網)
• 中大研究揭App存漏洞 繞過驗證比想像中簡單 (星島頭條)
• 中大揭人臉識別安全漏洞 銀行電子錢包App高危 (大公文匯網)
• 中大分析指市場多個人臉識別應用模組存安全漏洞 提醒市民保護資料安全 (TVB News)

Contact

• Email:sychau@sfu.ca

If you want to send me encrypted emails, here is my PGP public key.

Miscellaneous

My Erdös number is 4, with multiple paths through my PhD advisors:

• Chau → Kate → Goldberg → Stinson → Erdös
• Chau → Kate → Zaverucha → Stinson → Erdös
• Chau → Li → Bertino → Wagstaff → Erdös