Biography

Hello, I am Chuhan Wang, a 5th year Ph.D. student at the Network and Information Security Lab (NISL) of Tsinghua University, advised by Prof. Haixin Duan and Assistant Prof. Jianjun Chen. Now, I am a visiting scholar at University of Illinois at Urbana-Champaign, working with Prof. Gang Wang. My research interests include Web Security, Network Security, and Internet Measurement. Currently, I focus on email-related security research. I have published 6 papers at all top-tier academic conferences on network security, including Oakland S&P, USENIX Security, CCS, NDSS. My research results have helped Google, Apple, Yandex, Tencent, Shopee and other well-known Internet companies to fix vulnerabilities. As a member of Redbud, a CTF team belonging to Tsinghua University, I have won the ByteCTF 2020 championship and other CTF awards.

Recent News

  • [02/2024] It’s my pleasure to present our work about SPF vulnerabilities at NDSS 2024, in San Diego.
  • [01/2024] I am a visiting scholar at UIUC now! Let’s meet at UIUC!
  • [11/2023] Our paper about discovering CDN forwarding request inconsistencies got accepted by NDSS 2024. Congrats to Linkai.
  • [10/2023] I was invited to be a Session Chair at Securecomm 2023. Let’s meet in Hong Kong.
  • [8/2023] My paper on bypassing SPF attacks got accepted by NDSS 2024.
Interests
  • Email Security
  • Network Security
  • Internet Measurement
  • Web Security
Education

  • Visiting Scholar

    01/2024 -- present, University of Illinois at Urbana-Champaign

  • Ph.D. Candidate in Cyberspace Security

    2019 -- present, Tsinghua University

  • B.E. in Computer Science

    2015 -- 2019, Beijing Jiaotong University

Publications

Xiang Li, Wei Xu, Baojun Liu, Mingming Zhang, Zhou Li, Jia Zhang, Deliang Chang, Xiaofeng Zheng, Chuhan Wang, Jianjun Chen, Haixin Duan, Qi Li (2024). TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets. In Oakland S&P ‘24. San Francisco, California, May 20–23, 2024. (Acceptance rate: ??).

Cite

Linkai Zheng, Xiang Li, Chuhan Wang, Run Guo, Haixin Duan, Jianjun Chen, Chao Zhang, Kaiwen Shen (2024). ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies and DoS Attacks with Grammar-based Fuzzing. In NDSS ‘24. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: 140/694=20.2%, Acceptance rate in summer: 41/211=19.4%, Acceptance rate in fall: 99/483=20.5%).

PDF Cite

Chuhan Wang, Yasuhiro Kuranaga, Yihang Wang, Mingming Zhang, Linkai Zheng, Xiang Li, Jianjun Chen, Haixin Duan, Yanzhong Lin, Qingfeng Pan (2024). BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet. In NDSS ‘24. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: 140/694=20.2%, Acceptance rate in summer: 41/211=19.4%, Acceptance rate in fall: 99/483=20.5%).

PDF Cite

Zhenrui Zhang, Geng Hong, Xiang Li, Zhuoqun Fu, Jia Zhang, Mingxuan Liu, Chuhan Wang, Jianjun Chen, Baojun Liu, Haixin Duan, Chao Zhang, Min Yang (2023). Under the Dark: A Systematical Study of Stealthy Mining Pools (Ab)use in the Wild. In CCS ‘23. Copenhagen, Denmark. November 26-30, 2023 (Acceptance rate: 234/1222=19.1%, Acceptance rate in first round: 76/427=17.8%, Acceptance rate in second round: 158/795=19.8%).

Cite

Chuhan Wang, Kaiwen Shen, Minglei Guo, Yuxuan Zhao, Mingming Zhang, Jianjun Chen, Baojun Liu, Xiaofeng Zheng, Haixin Duan, Yanzhong Lin, Qingfeng Pan (2022). A Large-scale and Longitudinal Measurement Study of DKIM Deployment. In USENIX Security ‘22. BOSTON, MA, USA. August 10–12, 2022. (Acceptance rate: 256/1492=17.2%).

PDF Cite Slides

Kaiwen Shen, Chuhan Wang, Minglei Guo, Xiaofeng Zheng, Chaoyi Lu, Baojun Liu, Yuxuan Zhao, Shuang Hao, Haixin Duan, Qingfeng Pan, Min Yang (2021). Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks. In USENIX Security ‘21. Vancouver, BC, Canada. August 11-13, 2021 (Acceptance rate: 246/1316=18.7%).
ⓘ Both are first authors.

PDF Cite Slides

Projects

Projects and Codes

*
All Email Other
NoSpoofing
NoSpoofing is a Chrome Extension. It is a UI notification scheme which can alert users that the emails they receive may be spoofing.
Follow Twitter
NoSpoofing

Activities

Chuhan Wang
Feb 26, 2024 9:00 AM — Mar 1, 2024 5:00 PM Catamaran Resort Hotel, San Diego, USA
31th Annual Network and Distributed System Security Symposium | NDSS 2024
31th Annual Network and Distributed System Security Symposium | NDSS 2024

In the 31th Annual Network and Distributed System Security Symposium, I presented our work “BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet”.
Twitter
Chuhan Wang
Apr 8, 2023 9:00 AM — Apr 9, 2023 5:00 PM Southern University of Science and Technology, Shenzhen, China
2023 International Forum for Security Research | Inforsec 2023
2023 International Forum for Security Research | Inforsec 2023

In the 2023 International Forum for Security Research, I presented my USENIX Security ‘22 paper A Large-scale and Longitudinal Measurement Study of DKIM Deployment to the audiences.

Twitter
Chuhan Wang, Kaiwen Shen
Apr 24, 2021 8:00 AM — 5:00 PM Hangzhou International Expo Centre, Hangzhou, China
2021 West Lake Cybersecurity Conference: Cyberspace Security Tools Presentation
2021 West Lake Cybersecurity Conference: Cyberspace Security Tools Presentation

In the 2021 West Lake Cybersecurity Conference, I presented an email security evaluation tool. ESpoofing to the audiences.

Follow Twitter

Misc

🏅 Awards

Scholarship

  • Short-term Visiting Scholarship, Tsinghua University, 2023
  • The 1st Class Outstanding Scholarship, Tsinghua University (2022, 2023)
  • Excellent Undergraduate Award, Beijing Municipal Commission of Education, 2019
  • The 1st Class Scholarship, Beijing Jiaotong University (2016, 2017, 2018)
  • China National Scholarship, 2016

CTF

  • The 3rd prize, Hongminggu CTF, 2023
  • The 3rd place, Aliyun CTF, 2023
  • The 2nd place, *CTF, 2021
  • The 2nd place, L3HCTF, 2021
  • 🏆 Champion, The 3rd ByteDance ByteCTF Finals (2020)

🔖 Patents

📝 Services

  • Session Chair of Securecomm, Hong Kong, 2023
  • TA for Class “Network Security Engineering and Practice”, Tsinghua University, 2022
  • TA for Class “Network Security Attack and Defense Practice”, Tsinghua University, 2023
  • TA for Class “Network Protocol Security Design and Analysis”, Tsinghua University, 2023
  • Lecturer for Datacon Summer Camp, 2022,2023

🙋‍♂️ Reviewers

  • Securecomm ‘23

🙋‍♂️ External Reviewers

  • EuroS&P ‘23

Contact

Links

For you

💁‍♂️ Xiang Li

💁‍♂️ Yuxuan Wang

💁‍♂️ Mingming Zhang

💁‍♂️ Kaiwen Shen

💁‍♂️ Linkai Zheng (NanoApe)