Biography

Hello, I am Chuhan Wang, a 5th year Ph.D. student at the Network and Information Security Lab (NISL) of Tsinghua University, advised by Prof. Haixin Duan and Assistant Prof. Jianjun Chen. My research interests include Web Security, Network Security, and Internet Measurement. Currently, I focus on email-related security research. I have published 6 papers at all top-tier academic conferences on network security, including Oakland S&P, USENIX Security, CCS, NDSS. My research results have helped Google, Apple, Yandex, Tencent, Shopee and other well-known Internet companies to fix vulnerabilities. As a member of Redbud, a CTF team belonging to Tsinghua University, I have won the ByteCTF 2020 championship and other CTF awards.

Recent News

  • [11/2023] Our paper about discovering CDN forwarding request inconsistencies got accepted by NDSS 2024. Congrats to Linkai.
  • [10/2023] I was invited to be a Session Chair at Securecomm 2023. Let’s meet in Hong Kong.
  • [8/2023] My paper on bypassing SPF attacks got accepted by NDSS 2024.
  • [8/2023] Our paper about DNS logic vulnerablities was accepted by Oakland 2024, Congrats to Xiang!
  • [5/2023] Our paper on stealthy mining pools was accepted by CCS 2023. Congratulate Zhenrui!
  • [4/2023] I was invited to presented my USENIX Security paper about the measurement and security analysis of DKIM on InforSec 2023, in Shenzhen, China.
Interests
  • Email Security
  • Network Security
  • Internet Measurement
  • Web Security
Education
  • Ph.D. Candidate in Cyberspace Security

    2019 -- present, Tsinghua University

  • B.E. in Computer Science

    2015 -- 2019, Beijing Jiaotong University

Publications

(2024). TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets. In Oakland S&P ‘24. San Francisco, California, May 20–23, 2024. (Acceptance rate: ??).

Cite

(2024). ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies and DoS Attacks with Grammar-based Fuzzing. In NDSS ‘24. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: ??%, Acceptance rate in summer: 41/211=19.4%, Acceptance rate in fall: ??%).

Cite

(2024). BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet. In NDSS ‘24. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: ??%, Acceptance rate in summer: 41/211=19.4%, Acceptance rate in fall: ??%).

Cite

(2023). Under the Dark: A Systematical Study of Stealthy Mining Pools (Ab)use in the Wild. In CCS ‘23. Copenhagen, Denmark. November 26-30, 2023 (Acceptance rate: 234/1222=19.1%, Acceptance rate in first round: 76/427=17.8%, Acceptance rate in second round: 158/795=19.8%).

Cite

(2022). A Large-scale and Longitudinal Measurement Study of DKIM Deployment. In USENIX Security ‘22. BOSTON, MA, USA. August 10–12, 2022. (Acceptance rate: 256/1492=17.2%).

PDF Cite Slides

(2021). Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks. In USENIX Security ‘21. Vancouver, BC, Canada. August 11-13, 2021 (Acceptance rate: 246/1316=18.7%).
ⓘ Both are first authors.

PDF Cite Slides

Projects

Projects and Codes

*
NoSpoofing
NoSpoofing is a Chrome Extension. It is a UI notification scheme which can alert users that the emails they receive may be spoofing.

Misc

🏅 Awards

Scholarship

  • Short-term Visiting Scholarship, Tsinghua University, 2023
  • The 1st Class Outstanding Scholarship, Tsinghua University (2022, 2023)
  • Excellent Undergraduate Award, Beijing Municipal Commission of Education, 2019
  • The 1st Class Scholarship, Beijing Jiaotong University (2016, 2017, 2018)
  • China National Scholarship, 2016

CTF

  • The 3rd prize, Hongminggu CTF, 2023
  • The 3rd place, Aliyun CTF, 2023
  • The 2nd place, *CTF, 2021
  • The 2nd place, L3HCTF, 2021
  • 🏆 Champion, The 3rd ByteDance ByteCTF Finals (2020)

🔖 Patents

📝 Services

  • Session Chair of Securecomm, Hong Kong, 2023
  • TA for Class “Network Security Engineering and Practice”, Tsinghua University, 2022
  • TA for Class “Network Security Attack and Defense Practice”, Tsinghua University, 2023
  • TA for Class “Network Protocol Security Design and Analysis”, Tsinghua University, 2023
  • Lecturer for Datacon Summer Camp, 2022,2023

🙋‍♂️ Reviewers

  • Securecomm ‘23

🙋‍♂️ External Reviewers

  • EuroS&P ‘23

Contact