Cousin Wu Ka Lok

Research Assistant/Third-year MPhil student in the Department of Information Engineering in the Chinese University of Hong Kong. CTF, Maths enthusiast. A member of the Black Bauhinia (blackb6a) CTF team based in Hong Kong.

My name is Wu Ka Lok, Cousin (also known as Cosine, usin, …). I will be joining Stony Brook University as a PhD student in CS in Spring 2024, under the supervision of Prof. Omar Chowdhury. Previously, I was an MPhil student in the Department of Information Engineering at the Chinese University of Hong Kong (CUHK), under the supervision of Prof. Sze Yiu Chau. Before that, I was an undergraduate majoring in Mathematics (Pure Mathematics (Advanced)) and Computer Science at the Hong Kong University of Science and Technology (HKUST).

I am interested in cybersecurity, especially applications and implementations of cryptographic protocols, the intersection of formal method and security, and like to play capture the flag (CTF) games. I previously played with and trained the academic team Firebird of HKUST and was one of the captains in 2020-2021. Currently, I am the coordinator of Open Innovation Lab (OIL) in CUHK, where I am responsible for the management, holding events, and giving CTF training as well. I also play CTF with the Black Bauhinia (blackb6a) CTF team based in Hong Kong.

Publications

  1. Wu, K.L., Hue, M.H., Tang, K.F. and Chau, S.Y. 2023. The Devil is in the Details: Hidden Problems of Client-Side Enterprise Wi-Fi Configurators. Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec’23) (2023).
    (Best Paper Award from ACM WiSec ’23)
    abstract

    In the context of connecting to enterprise Wi-Fi, previous works show that relying on human users to manually configure or enforce server authentication often leads to insecure outcomes. Consequently, many user credentials can potentially be stolen by the so-called “Evil-Twin” (ET) attack. To ease the burden of human users, various easy-to-use Wi-Fi configurators have been released and deployed. In this work, we investigate whether such configurators can indeed protect users from variants of the ET attack. To our surprise, the results of our investigation show that all configurators considered in the study suffer from certain weaknesses due to their design, implementation, or deployment practices. Notable findings include a series of design flaws in the new trust-on-first-use (TOFU) configurator on Android (available since version 12), which can be exploited in tandem to achieve a stealthy ET attack. Moreover, we found that 2 open-source Android Wi-Fi configurators fail to properly enforce server authentication under specific situations. The cause of these could be partly attributed to the complexity stemmed from certificate name matching as well as the limitations of the Android API. Last but not least, we found that a commercial configurator not only allows insecure Wi-Fi configurations to be deployed, but also the covert injection of certificates on the user device to facilitate interception of other TLS traffic, posing yet another hidden security and privacy threat to its users. All in all, this study shows that despite years of research on the topic, developing a user-friendly yet reliable Wi-Fi configurator remains an elusive goal, and thus the threat of ET attacks continues to be relevant. As such, it is time to rethink whether the complexity of the standard certificate chain validation is actually good for enterprise Wi-Fi.

    bibtex 
    @inproceedings{wu2023the,
  title = {The Devil is in the Details: Hidden Problems of Client-Side Enterprise Wi-Fi Configurators},
  author = {Wu, Ka Lok and Hue, Man Hong and Tang, Ka Fun and Chau, Sze Yiu},
  booktitle = {Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec'23)},
  year = {2023},
  publisher = {ACM},
  doi = {10.1145/3558482.3590199},
  note = {(Best Paper Award from ACM WiSec '23)},
  slides = {wu2023the-slides.pdf},
  video = {https://www.youtube.com/watch?v=HgOIOUFVBo4}
}
  2. Wu, K.L., Hue, M.H., Poon, N.M., Leung, K.M., Po, W.Y., Wong, K.T., Hui, S.H. and Chau, S.Y. 2023. Back to School: On the (In)Security of Academic VPNs. 32nd USENIX Security Symposium (USENIX Security 23) (Anaheim, CA, Aug. 2023), 5737–5754.
    bibtex 
    @inproceedings{wu2023back,
  author = {Wu, Ka Lok and Hue, Man Hong and Poon, Ngai Man and Leung, Kin Man and Po, Wai Yin and Wong, Kin Ting and Hui, Sze Ho and Chau, Sze Yiu},
  title = {Back to School: On the ({In)Security} of Academic {VPNs}},
  booktitle = {32nd USENIX Security Symposium (USENIX Security 23)},
  year = {2023},
  isbn = {978-1-939133-37-3},
  address = {Anaheim, CA},
  pages = {5737--5754},
  url = {https://www.usenix.org/conference/usenixsecurity23/presentation/wu-ka-lok},
  publisher = {USENIX Association},
  month = aug
}