CyFORT (2022 - ongoing) : CyFORT is a research project aiming at developing a series of open-source cybersecurity tools, also suited to Cloud Computing. CyFORT stands for “Cloud Cybersecurity Fortress of Open Resources and Tools for Resilience”. This work is part of a collaboration with European and local partners, and the results of the project will be published and made freely available to interested parties. Our solutions will help to improve the security of an organization and of a product thanks to open source tools and standards-aligned methods.
CyFORT targets both public sector institutions and private sector companies that want to improve their software development lifecycle processes, integrate information security and risk analysis methodologies into their organization, and secure their infrastructures, tools and products.

An SES-led consortium of 20 European companies, with the European Space Agency (ESA) and European Commission support, will design, develop, launch and operate the EAGLE-1 satellite-based end-to-end system for secure Quantum Key Distribution (QKD), enabling in-orbit validation and demonstration of next-generation cyber-security across Europe. 

Lux4QCI develops the first QKD network of Luxembourg to secure critical communication

Lux4QCI envisages the design, development, procurement, and deployment of the first experimental quantum communication infrastructure (QCI) network in Luxembourg.
Lux4QCI consortium contains academic, industrial, and governmental partners.

Use Cases

• Focus on governmental communications and secure data centre connectivity
• At least two use cases and test scenarios:
  • Use case 1: High-security key transport
  • Use case 2: Long-term secure storage

ATENA (Advanced Tools to assEss and mitigate the criticality of ICT compoNents and their dependencies over Critical InfrAstructures)) is a European project funded by the Horizon 2020 programme on ‘Digital Security: Cybersecurity, Privacy and Trust, H2020-DS-2015’. The ATENA project aims at achieving the desired level of Security and Resilience of the considered CIs, while preserving their efficient and flexible management. ATENA, leveraging the outcomes of previous European Research activities, particularly the CockpitCI and MICIE EU projects, will remarkably upgrade them by exploiting advanced features of ICT algorithms and components, and will bring them at operational industrial maturity level; in this last respect, ATENA outcomes will be tailored and validated in selected use cases. https://www.atena-h2020.eu/

bIoTope (Building an IoT OPen innovation Ecosystem for connected smart objects) is a RIA (Research and Innovation Action) project funded by the Horizon 2020 programme. It is the response to the Call "ICT30: Internet of Things and Platforms for Connected Smart Objects". bIoTope lays the foundation for open innovation ecosystems, where companies can – with minimal investment – innovate by creating new Systems-of-Systems (SoS) platforms for connected smart objects. To achieve this goal, bIoTope provides the necessary standardised Open APIs to enable the publication, consumption and composition of heterogeneous information sources and services from across various platforms, including FI-WARE, OpenIoT, city dashboards, etc. (visit the OBJECTIVES web page). This will foster new forms of co-creation of services ranging from simple data collection, processing, to context-driven, intelligent and self-adaptive support of consumers’ everyday work and life. bIoTope also establishes a governance roadmap for ecosystem orchestration to properly maintain, grow and sustain the socio-technical and business-wise bIoTope ecosystem. www.biotope-project.eu

CELTIC (BUildinG securitY assurance in Open infrastructures, BEYOND) The project aimed to develop concepts and tools for versatile Telecommunication infrastructure to be able to monitor the security and the quality of the service. This project aimed to optimise the existing security by monitoring the security measures already deployed thanks to smart probes systems and by assessing in  real time the level of security assurance of such infrastructure according to defined profiles. www.celticnext.eu/wp-content/uploads/2014/09/BugyoBeyond-final_lq.pdf

FP7 (Cybersecurity on SCADA: risk prediction, analysis and reaction tools for Critical Infrastructures) The CockpitCI System will represent a first step in the synthesis between global awareness and local decision-making capability. Starting from the results of FP7 MICIE project, CockpitCI will define and implement an online distributed risk Predictor, able to collect and share information among different infrastructures in real time, perform situation assessment and predict the evolution of the system. Moreover, the tool will have the ability to detect critical situations such as cyber attacks, and in case, enable the local decision making capability of smart field equipment, such as RTUs. cockpitci.itrust.lu

CRITISEC – a CELTIC-PLUS project: The core idea of the CRITISEC project was to develop novel security products, services, and standards for edge networks in critical infrastructures, where the edge networks are a heterogeneous set of networks connected to the edge of a core production network.

These services make it possible to connect edge networks to control systems in a secure and robust way, and to secure the edge network itself when it is the critical infrastructure that requires protection (e.g., the 5G network).

CRITISEC has met the following challenges: 1) the heterogeneity of the edge networks and of the systems they are connected to; 2) the resource-constrained nature of devices (e.g. battery power) and even of networks as a whole (packet loss, low bandwidth); 3) the scale of the edge networks, that can be composed of huge numbers of (resource-constrained) devices, so requiring efficient and highly scalable security solutions; 4) the predominant presence of open/shared platforms, where multiple applications share access to a common network of edge devices; 5) the presence of legacy devices and platforms, for which secure update procedures are often scarce, if any.

The main results of this project are novel security standards, solutions, products, and services that can be used by providers of critical infrastructures to secure edge networks connected to their production systems. This reduce the risk of malicious service disruption and preserve availability, reliability, and safety in the provisioning of societal services. itrust consulting has been, among other things, designing and developing tools for IDS within the framework of this project.

itrust consulting implemented an efficient and light-weight IDS tool designed to cope with the limitations of IoT settings, with clients already interested in acquiring the technology. This tool, intended for integration into our existing TRICK risk management and monitoring system, has been actively developed around clustering algorithms and classifiers that resist malicious adversarial training of datasets aimed at evading detection. itrust consulting continues research and development work towards improving its ongoing development in terms of being able to cope with the curse of dimensionality, which impedes the performance of clustering algorithms as the number of dimensions increases to account for additional features used for clustering.

ITEA2 (Automation of Security Tests) The DIAMONDS project aims to set  up an integrated platform to perform vulnerability assessments of systems which require a high level of security and a specific methodology of deployment of such security analysis frameworks. The integration of these frameworks of tests and monitoring software and methodologies as soon as possible in  the development cycle  of a product will provide a sustainable security assurance level which will lead to a high level of confidence in design and integration in the whole cycle of new products. www.itea2-diamonds.org

FP7 (i-GalilieO indoor navigation) i-GOing develops a service that generates specific indoor signals by making use of a network of pseudolites, which are installed inside buildings and are connected to a localisation server that manages them. The mobile receivers will correlate those signals, compute a pseudorange per antenna and send that information back to the localisation server. The localisation server indicates the mobile device's position in a predefined, downloaded map of the building. https://igoing.itrust.lu

Localisation Assurance Service Provider A software and service to verify and certify the user's location. This service has been developed in partnership with ESA and the University of Luxembourg. Project duration: 24 months (2010-2012) Consortium: itrust consulting, SnT (University of Luxembourg)

Context description

Global Navigation Satellite Systems (GNSS) are becoming popular for everyone's use which is a vehicle for the emergence of services, called Location-Based Services (LBS). One problem is that the GNSS-like signals can be used without the users' and LBS providers' being able to assure that the location obtained is correct and has not been altered either intentionally or by mistake. These security issues may hinder the current development of LBS in sensitive areas such as those related to protection against vehicle theft, accident reconstructions, alibi verification, monitoring the transportation of hazardous materials, etc. Objectives The LASP project, lead by itrust consulting, aims at developing a demonstrator able to provide a guarantee to LBS providers that a piece of localisation data acquired by a user is correct. LASP architecture combines the following elements:

• A set of security checks able to detect whether a localisation obtained by a receiver is correct;
• A Public Key Infrastructure (PKI) to enable the LBS providers to verify the electronic signature of localisation certificates.

The target activity sectors of LASP are automotive industries (insurance, road toll, etc.), fleet and resource management, location-based access control (physical or logical), etc. Role of itrust consulting The LASP project started at the end of 2010 and is managed by itrust consulting. It is executed in collaboration with the Interdisciplinary Centre for Security, Reliability and Trust (SnT) of the University of Luxembourg. This collaboration is part of a long-term agreement in which itrust consulting supports a PhD thesis entitled "Secure and Private Location Proofs: Architecture and Design for Location-Based Services" High-level protocol The LASP service is based on the existence of a trusted third party (LAP - Localisation Assurance Provider), implememented in the context of this project, that receives certification requests from users, evaluates the assurance level, and returns it to the user in the format of a digitally signed certificate. The certificate includes the position, time, accuracy and the assurance level.A user who holds such a certificate is able to access services that require a certified localisation. This protocol was first proposed in a scientific paper by itrust and NSN at the ENC-GNSS 2009 in Naples, Italy. Security Checks The main purpose of the LAP is the evaluation of the assurance level of certification requests. This evaluation is carried out through a set of algorithms, called security checks, that assess many GNSS signals' properties. The current implementation includes the following strategies:

• SNR: by checking if the received SNR is above reference levels estimated or measured for different PRN and elevation angles;
• Doppler: by verifying if the measured Doppler shift agrees with constellation and user dynamics, and if measurements from different frequencies agree;
• Navigation data: by comparing the navigation data of the receiver with trustworthy web sources;
• Visible satellites: by verifying if satellites reported by the user are visible at the place where he claims to be;
• Ground height: by checking if the claimed position corresponds to a ground height close to the Earth's surface;
• Clock bias: by monitoring for abnormal clock jumps;
• RAIM: giving an indication about the consistency of pseudoranges using redundant measurements;
• Consistency with other positioning sources (e.g. Wi-Fi);
• Other plausibility checks, such as the possibility to reach one position from a previous one in a certain amount of time.

The tests performed with a signal repeater in a controlled environment show that the clock bias algorithm detects the beginning and the end of attacks even when the average delay introduced by meaconing stations is just 80 nanoseconds. A scientific paper describing the algorithm was presented at the ENC 2012 in Gdansk, Poland. Dissemination

• Scientific papers:
  • Daniel Marnach (itrust), Sjouke Mauw (UL), Miguel Martins (itrust), Carlo Harpes (itrust), Detecting meaconing attacks by analysing the clock bias of GNSS receivers, European Navigation Conference, 25-27 April 2012, Gdansk, Poland.
  • Carlo Harpes (itrust); Miguel Martins (itrust); Xihui Chen (UL); Gabriele Lenzini (UL), Sjouke Mauw (UL), Jun Pang (UL), “Implementation and Validation of a Localisation Assurance Service Provider”, NAVITEC 2012 & European Workshop on GNSS Signals and Signal Processing, 5-7 December 2012, ESTEC, Noordwijk, The Netherlands
• Other relevant events in which itrust has participated:
  • Workshop on Location-based Services & Privacy Assurance, 4th February 2011, Luxembourg.
  • United Nations Office for Outer Space Affairs (UNOOSA), International Committee on GNSS (ICG) Work Group B (WG-B) Application Subgroup Meeting, 12th-13th March 2012, Munich, Germany. Munich Satellite Navigation Summit 2012, 13th-15th March 2012, Germany.
  • State Visit of Grand Ducal family of Luxembourg to the Federal Republic of Germany, 23rd-25th April 2012. itrust consulting was part of the economic delegation who visited Berlin and the Hannover Messe in Hanover.
  • DG-TRAC internal security workshop meeting, 21st May 2012, Luxembourg. This project is an ESA ARTES 20 IAP feasibility study lead by HITEC Luxembourg for Tracking and Tracing of Dangerous Goods in the Medical Sector. itrust presented its experience in designing security for LASP. In particular, the Protection Profile of LASP has been presented in detail.
• Material:
  • Flyer

Exploitation itrust is currently looking for partners or stakeholders interested in a solution for secure and accurate localisation in order to test and adapt the prototype to end-user needs.

FP7 (Live Ict services Verified by EGNOS to find Lost Individuals in Emergency situations) Person tracking location based services are becoming very popular. Google Latitude and BLIIN are examples of person tracking location based services. These services are highly attractive for communities of young people who like to share live experiences. These services are offered free of charge on the Internet. The main objective of this proposed project was to develop a commercial, secure person tracking service which ensures the users’ privacy.

FP7 (Tool for systemic risk analysis and secure mediation of data ex-changed across linked CI information infrastructures) The MICIE project will support the improvement of Critical Infrastructure Protection capabilities in Europe through the design and implementation of an on-line "MICIE alerting system" able to predict, in real-time, the cascade effects on a given Critical Infrastructure (CI) of some undesired events happened in other independent CIs. It is expected that this MICIE alerting system will become a formidable tool in order to support the decisions to be taken by the CI operators.

QUARTZ - an ESA project: as part of a consortium led by SES, itrust consulting participated as one of the many project partners in the Quantum Cryptography Telecommunication System (QUARTZ) consortium, primarily funded by the European Space Agency (ESA) via its ARTES/ScyLight programme. QUARTZ aims to develop an innovative, commercially viable Quantum Key Distribution (QKD) system to distribute cryptographic keys to end-users via satellite optical links.

Cryptographic keys are the fundamental secrets used by mathematical algorithms to secure digital communications, bringing to life modern applications where security is paramount. Common examples of these are e-commerce and online banking. QKD, unlike the traditional cryptographic key distribution schemes in use today, leverages principles of quantum mechanics to provide keys that remain secure even in the face of growing threats to the current cryptographic ecosystem, such as quantum computing.

itrust consulting has a major role in the secure design of the ground station system components that manage the concrete distribution and lifecycle of the QKD keys for its end-users on site so that they may seamlessly be integrated into applications. This prolongs itrust consulting’s tradition of participating in cutting-edge research projects - such as bIoTope on the Internet of Things, ATENA on cybersecurity for critical infrastructures, and TREsPASS on socio-technical aspects of security – for the benefit of its current and future customers in cybersecurity, and to develop its own tool, TRICK Service, for risk management.

In the framework of this project, itrust consulting has been developing methodologies, dedicated frameworks and tools aimed at software requirements management, software validation and verification specification. Moreover, itrust consulting has been incorporating learned lessons and know-how acquired from such projects into the design and development of its own cryptographic software and tools.

SGL-Cockpit aims at designing, developing and testing tools and methodologies that are needed to monitor the cybersecurity aspects of the Smart Grid Luxembourg (SGL 2.0). It receives funding from the Luxembourg Ministry of Economy. The project is managed by itrust consulting, and the other partners are CREOS and the University of Luxembourg.

(Space Awareness for Critical Infrastructures) One of the challenges that have to be dealt with within the coming years, is Critical Infrastructure Security. Today Critical infrastructures work through a strict interdependence among each other, composing a very complex super-system. Space assets, especially Satellites which are more and more used, are not excluded. It is fundamental to consider all possible threats for the whole super system, to better stop or mitigate direct and indirect effect of these threats. The SPARC project aims to analyse space phenomena, like Space Weather, Space Debris and Near Earth Objects, as threats for Critical Infrastructures and to analyse their effect directly on ground Infrastructures, and indirectly, causing failures in Space Assets, failures propagating at ground level. The project also aims to share good practice to prevent or mitigate incoming failures from space threats and possible guidelines to improve these practices.

FP7 (Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security) TREsPASS (Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security) is a European FP7 project with 17 partners from nine European countries. Its aim is to develop methods and tools for predicting, evaluating and prioritising attack scenarios on the IT infrastructure of a business. The project will develop meta-models of integrated physical, digital and social engineering risks, collect empirical knowledge about socio-technical attacks, and develop quantitative methods for assessing the risk of these attacks. These models and techniques will be integrated into risk assessment methods, and be implemented in an "attack navigator" to support security decision-making