All news

All news





Cryptography in a quantum world and intrusion detection, two pillars of a new research strategy

'Fostering synergies between our consulting and research activities'

Interview by Martina Cappuccio from Lëtzebuerger Gemengen (LG) with Carlo Harpes (Managing Director), Arash Atashpendar (HoD RDI) and Matthieu Aubigny (Senior IT Security Consultant) from itrust consulting s.à r.l. about the new Research and Development strategy.

itrust consulting took advantage of the period of confinement to rethink its Research and Innovation department and review its priorities. With a new manager at its head, the department intends to build a research strategy of its own, independent of the financing of isolated projects. Carlo Harpes, founder and Managing Director of itrust consulting, Matthieu Aubigny, Security Consultant, and Arash Atashpendar, Head of Research, Development and Innovation (RDI), tell us about the company's flagship research projects.

What changes are taking place within itrust consulting?

Carlo Harpes: Our company has always put its resources at the service of projects for which it found funding without having its own research strategy. Today, we would like to make a paradigm shift and organise our activities according to the priorities we identify by observing the flaws that exist in our modern infrastructures. We have therefore recruited a new head for the department of Research, Development and Innovation, Arash Atashpendar, in order to build a research strategy of our own. We will try to release funds, mainly from the FNR, to finance our team as a whole and no longer just certain isolated projects. The aim is also to supervise more doctoral students on an ongoing basis, as a university institute would do.

At the same time, we strive to promote synergies between our consulting and research activities. Our strength lies in the close cooperation between these two departments. Researchers know that their work will be used in the field by their collaborators in consulting, just as they know that the turnover generated by our consulting activities allows us to invest in research in order to update our tools and skills.

Matthieu Aubigny, you have handed over to Arash Atashpendar at the head of the RDI department. What are the reasons for this change?

Matthieu Aubigny: This change came at a significant moment when the projects I was leading were coming to an end and others were evolving more in Arash's area of specialisation, that of quantum cryptography and algorithmics. As for me, I had more and more work to do at the consultancy level, so this transition came about naturally. Of course, we remain in collaboration and I have taken over the role of defending the expectations of customers in the definition of our research activities!

Arash Atashpendar: As head of this department, currently I supervise a research team of four people, including students writing their master's thesis and planned to be hired for our projects. At the same time, I evaluate the work carried out and determine whether it can lead to scientific articles that would support our funding requests.

My area of specialisation is cryptography and quantum computing. When I joined itrust consulting, the teams were already working on the QUARTZ project. The premise of this project is based on a simple observation: the infrastructure that currently secures our communications and data flow will be threatened in the years to come by quantum attackers. Indeed, if malicious actors succeed in developing a stable and scalable quantum computer, which would for example be capable of effectively executing Shor's factorisation algorithm, a number of cryptographic algorithms used today to secure our modern infrastructure, particularly in banking, would be seriously threatened. The world of quantum computers needs, among other things, key exchange and a new family of algorithms in the field of post-quantum cryptography. In accordance with the national strategy of the Ministry of the Economy, supported by European initiatives, we have chosen this subject as the long-term vision of our own strategy: we want to anticipate certain threats that do not yet exist.

One idea is to use key establishment mechanisms that are not vulnerable to attacks by adversaries equipped with a quantum computer, such as quantum key distribution. In the framework of the QUARTZ project, itrust consulting plays an important role and designs and secures an application for quantum key distribution, carried out by satellites.

Are you working on other research projects?

Arash Atashpendar: We are working on a second pillar in the short term, whose main project is CRITISEC. The aim of this initiative is to create a tool capable of detecting intrusions into industrial computer networks and smart houses. The long-term objective would be to create a network with devices costing less than 100€ to detect attacks, alert the user in the event of an anomaly and, if necessary, inform a centralised expert system. The latter then analyses these anomalies by using significant computing power and human expertise in order to alert the other devices as well; a significant amount of research work is required to solve the performance problem, but this will only be possible if a certain budget is allocated to it, independently of the daily business objectives. We want to build up our own strategies and develop research in these areas, because users today already expect to be warned as soon as dangerous and malicious network activity is detected.

Carlo Harpes: Once our monitoring tool has been finalised and tailored for the control of domestic networks, we will have to find a critical mass of activity to create a competence centre that would be equipped with the research tools and more sophisticated algorithms to update and develop our detection devices.

Matthieu Aubigny: Often these attacks use distributed computing resources that infect one computer after another before moving on to a major attack. The idea is to be able to spot small intrusions and react right from the start. This requires having probes throughout the system and being able to consider and assess the threat in advance. This is one of our core activities: risk analysis in relation to vulnerabilities.

There is also a need for more collaboration at the European level to create solutions that do not depend on external systems that we do not have the source code for and that we do not always fully understand.

What are the strengths of your research team?

Carlo Harpes: At itrust consulting, we are willing to take risks - perhaps quantum cryptography will not sell tomorrow - by mixing these risks with the short-term goals of creating products with guaranteed useability such as cyber-attack detection.

We also show true team spirit! Each person is complementary and strives to assist the others. Finally, when hiring, we focus on the potential of candidates rather than their experience and we plan to train them internally and give them responsibilities. We offer them a training platform and challenges in the development of new products in collaboration with the team while allowing them to have design autonomy.

Link to the interview (French) published in Lëtzebuerger Gemengen (LG)

itrust consulting in quantum cryptography

itrust consulting referenced for an evaluation of progress in quantum cryptography in an IBM Qiskit report on simulation frameworks for quantum key distribution (QKD), August 19, 2020.

Link to the article 'India Is Amid a Quantum Boom'

itrust consulting renewed its ISO/IEC 27001 certification after adding a Privacy Information Management System including all ISO/IEC 27701 protection controls

itrust consulting renewed the certification of its Information Security Management System (ISMS) and extended it with the compliance of its Privacy Information Management System (PIMS), valid for three years as of July 9, 2020.

itrust consulting is the first LU company certified ISO/IEC 27001, under OLAS accreditation, for a scope including all ISO/IEC 27701 controls to protect privacy.

The new certification scope statement is the following:
‘Both the Information Security Management system (ISMS) and the Privacy Information Management System (PIMS) of itrust consulting cover all business services provided by itrust consulting to its customers as well as all assets owned or managed, including all customer related information, personal identifiable information, and services such as information security and computer security consulting, auditing, R&D, training, ICT, CERT, and pseudonymization; in accordance with the Statement of Applicability, version 3.4 of 5th of June, 2020 including all controls of ISO/IEC 27001 and 27701.’.

itrust consulting continues sponsoring a key event for information security in Luxembourg

Traditionally, itrust consulting continued its sponsorship for the 15th edition of ‘HACK.LU’ (22.-24/10/2019).

Links: HACK.LU

Protection of Intellectual Property (IP)

Dr. Carlo Harpes, founder and Managing Director of itrust consulting, presented on 10 October our experience in the 'Protection of Intellectual Property' at the 'Les Afterworks de la Propriété Intellectuelle', hosted at the Chambre de Commerce Luxembourg.

Links: Link to 'Les afterworks'

ISO/IEC JTC 1/SC 27 ‘IT Security techniques’

From 14 to 18 October 2019, Dr Carlo Harpes participated in the ISO/IEC JTC 1/SC 27 ‘IT Security Techniques’ subcommittee meeting in Paris, as a part of the Luxembourgish delegation.

Dr Carlo Harpes, Managing Director and founder of itrust consulting awarded with the ‘National Standards Delegate’ trophy

On 11 October 2019, ILNAS, in collaboration with the University of Luxembourg (, organized an information session to celebrate the 50th World Standardization Day.

This event provided participants with an overview of the normative developments carried out within the framework of the national normative strategy 2010-2020 and the normative perspectives for the next decade.

The award ceremony for the "National Standards Delegate" trophy was then held. This year, Dr. Jean-Philippe Humbert had the honor of awarding this prize to Dr. Carlo Harpes, Managing Director at itrust consulting Sàrl for his important contribution to technical standardization in the Grand Duchy of Luxembourg. Among other things, he represented Luxembourg in various plenary meetings of European and international organizations, led the creation of Luxembourg commentaries and was editor of normative documents.

Links: More details here

Thank you, Europe!

At the occasion of Europe’s Day, itrust consulting would like to thank the European Union, pointing out that 70 % of recruited employees since its foundation in 2007, are EU citizens, excluding the Luxembourgish citizens.
Over the years itrust consulting has benefited significantly from the European Research & Development programs (FP7, H2020, ESA): itrust’s participation in Liveline, LASP, MICIE, SPARC, CockpitCI, iGoing, TRESsPASS, bIoTope, ATENA was funded with 2 million Euros.
Furthermore, a turnover of more than 4 million Euros came from our consulting services towards European institutions.

Without the European Union, our growth and quality of service would not have been possible.

Happy Europe Day!

Your status on GDPR compliance?

More and more companies, including small organisation and ASBLs, have demonstrated compliance to GDPR .
This is far easier to achieve than generally thought.

itrust consulting has recently updated its service offer:

  1. GDPR templates: € 100 per language version to be filled in by yourself;
  2. A tailored 'privacy statement for ASBL' for fixed price of € 100:
    Send us your logo, statutes, website, and contact data. We will call you for a discussion on your current practices such as enrolment process, use of pictures of events… after which we will send a draft privacy declaration to be published on your website after review and addition of specific aspects;
  3. An introduction to GDPR: 1-day training at € 500 per participant (incl. licence to use the GDPR templates);
  4. Specialized GDPR training: 2 days on 'Foundations of the GDPR' (incl. exam) + 3 days on the role of DPO (incl. exam);
  5. GDPR support services: pay per day;
  6. DPOaaS: typically 2-5 days per year external support as Data Protection Officer.

We are prepared and eager to support you!

For more details, check our GDPR service offer description