About Me
I am a third-year Ph.D. student in Computer Science at Georgia Institute of Technology, co-advised by and . My research focuses on network security, internet measurement, and usable security. The goal is to detect and address Internet-scale security threats/issues, considering human factors on security-critical components.
Prior to Georgia Tech, I graduated in Information Engineering from The Chinese University of Hong Kong (CUHK). In my undergraduate, I spent a year at Lund University in Sweden and a summer semester at UC Berkeley in the US. At CUHK, I'm privileged to work with Sze Yiu Chau as a full-time research assistant, where I did research on the security of WPA2-Enterprise and PKCS1 v1.5 implementations, in collaboration with Omar Chowdhury and Endadul Hoque.
Research Interests
- Network security
- Internet measurement
- Usable security
- Privacy
- Human-Computer Interation
Publications
Venue | Paper |
---|---|
The Devil is in the Details: Hidden Problems of Client-side Enterprise Wi-Fi Configurators
Ka Lok Wu, Man Hong Hue, Ka Fun Tang, Sze Yiu Chau [The 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2023)] **Best Paper Award** |
|
USENIX 2023
Paper |
Back to School: On the (In)Security of Academic VPNs
Ka Lok Wu, Man Hong Hue, Ngai Man Poon, Kin Man Leung, Wai Yin Po, Kin Ting Wong, Sze Ho Hui, Sze Yiu Chau [The 32nd USENIX Security Symposium (USENIX Security 2023)] |
All your Credentials are Belong to Us: On Insecure WPA2-Enterprise Configurations
Man Hong Hue, Joyanta Debnath, Kin Man Leung, Li Li, Mohsen Minaei, M. Hammad Mazhar, Kailiang Xian, Endadul Hoque, Omar Chowdhury, Sze Yiu Chau [The 28th ACM Conference on Computer and Communications Security (CCS 2021)] |
|
Morpheus: Bringing The (PKCS) One To Meet the Oracle
Moosa Yahyazadeh, Sze Yiu Chau, Li Li, Man Hong Hue, Joyanta Debnath, Sheung Chiu Ip, Li Chun Ngai, Endadul Hoque, Omar Chowdhury [The 28th ACM Conference on Computer and Communications Security (CCS 2021)] |
Disclosed Vulnerabilities
Vulnerability | Severity | Vendor |
---|---|---|
CVE-2023-20965 | CVSS: 3.1, Base Score: 9.8 Critical | Android (Google) |
CVE-2022-20145 | CVSS: 3.1, Base Score: 9.8 Critical | Android (Google) |
CVE-2021-37964 | CVSS: 3.1, Base Score: 3.3 Low | Chrome OS (Google) |
CVE-2021-21212 | CVSS: 3.1, Base Score: 6.5 Medium | Chrome OS (Google) |
CVE-2020-27055 | CVSS: 3.1, Base Score: 7.5 High | Android (Google) |