Posts By: Ingo Senft

QUARTZ

Posted by & filed under Finished Research Projects.

QUARTZ – an ESA project: as part of a consortium led by SES, itrust consulting participated as one of the many project partners in the Quantum Cryptography Telecommunication System (QUARTZ) consortium, primarily funded by the European Space Agency (ESA) via its ARTES/ScyLight programme. QUARTZ aims to develop an innovative, commercially viable Quantum Key Distribution (QKD) system to distribute cryptographic keys to end-users via satellite optical links. Cryptographic keys are the fundamental secrets used by mathematical algorithms to secure digital communications, bringing to life modern applications where security is paramount. Common examples of these are e-commerce and online banking. QKD, unlike the traditional cryptographic key distribution schemes in use today, leverages principles of quantum mechanics to provide keys that remain secure even in the face of growing threats to the current cryptographic ecosystem, such as quantum computing. itrust consulting has a major role in the secure design of the ground station system components that manage the concrete distribution and lifecycle of the QKD keys for its end-users on site so that they may seamlessly be integrated into applications. This prolongs itrust consulting’s tradition of participating in cutting-edge research projects – such as bIoTope on the Internet of Things, ATENA on cybersecurity for critical infrastructures, and TREsPASS on socio-technical aspects of security – for the benefit of its current and future customers in cybersecurity, and to develop its own tool, TRICK Service, for risk management. In the framework of this project, itrust consulting has been developing methodologies, dedicated frameworks and tools aimed at software requirements management, software validation and verification specification. Moreover, itrust consulting has been incorporating learned lessons and know-how acquired from such projects into the design and development of its own cryptographic software and tools.

Cybersecurity in the time of Covid-19

Posted by & filed under News.

Interview by Adeline Jacob from SmartCities, translation by itrust consulting. There are viruses that attack bodies while there are others that attack computer systems. Neither type will have spared us in 2020, challenging both health and cybersecurity experts. Carlo Harpes, founder and managing director, and Guillaume Schaff and Matthieu Aubigny, Security Consultants at itrust consulting, analyse these current events and present the solutions proposed by the company to best navigate in this cyber-insecurity climate. Has Covid-19 resulted in a more favourable setting for the resurgence of cyber-attacks? Carlo Harpes: We were astonished when, at the beginning of the pandemic, the Luxembourg authorities announced that there had been no measured increase in cyber-attacks. This message went against our perception and our predictions. Finally, in August, Avast stated that the threat had increased by 27% for Luxembourg citizens. Most recently, we also learned that certain pieces of American security software had been breached. Almost at the same time, the world witnessed the longest shutdown of authenticated services from Google, WhatsApp, etc., in the world. We can indeed say that insecurity is increasing. Guillaume Schaff: Studies have shown that phishing attacks increased significantly during the first lockdown (1). Hackers play a lot on human emotions to achieve their goals. The climate of fear in which we lived in March was therefore beneficial to them. Matthieu Aubigny: In addition, there has been stress phenomenon at the telecommunications infrastructure level, and small vulnerabilities have probably become more significant as a result. These failures, however, have had the virtue of increasing the level of resilience of a certain number of tools. In the United States, one attack, in particular, made a lot of noise… Carlo Harpes: The Treasury Department and the National Telecommunications Administration were victims of a cyber-attack orchestrated by expert hackers inventoried APT29 who, according to the FBI, are linked to the Russian government. The attack in question on the Orion management software (network control/surveillance tool) of the American company SolarWinds was indirectly aimed at its clients: in addition to American federal agencies, the malware infiltrated leading companies in the IT world such as Cisco, Intel, Nvidia, Belkin or Microsoft without us knowing its real impact. To this day, it remains an unknown and a risk, because anyone capable of using SolarWind to penetrate Microsoft could also have used Microsoft to infiltrate its customers. These are speculations, but the underlying method, called a supply… Read more »

The US has suffered a massive cyberbreach

Posted by & filed under News.

The ‘Russian attack on US’ by loosly protected update of the security software ‘Orion’ was well explained as ‘universal espionnage attack on the world’, by ‘Bruce Schneier’. Our hint: ‘Basically don’t trust market leader software providers; they are a spying attack vector! Rather use niche products and open source software’.