Editorial...made in recognition of her thesis titled »Compressive Sensing Based Candidate Detector...

0302

EditorialHow do we ensure that public invest-ments in research have an impact on society, improving the lives of citizens? Often, there is a perception that we need to »institutionalise« the research and innovations process: some institu-tions would carry the responsibility for fundamental research providing input to organisations focused on applied research. Thereafter an innovations or tech transfer organisation brings the outcomes closer to exploitation. By creating these interfaces, we would somehow ensure that research outcomes find suitable application.

At SnT, we have a very different research philosophy – SnT scientists are expected to conduct both long-term, high-risk research AND engage in demand-driven projects in cooperation with industrial and public partners. The interaction between exploring long-term challenges and collaborating with practitioners with domain knowledge gives rise to unexpec-ted and innovative results. It ensures high relevance and impact in our work as well as generating new fundamental scientific insights.

Creating synergies between public and private R&D investments is essential for a small country as they are less likely to occur spontaneously. An efficient R&D strategy will identify sectors and areas where collaborative research between public and private actors can thrive thereby increasing the country’s competitive-ness. Thereafter, a dynamic and efficient research and innovation environment can be established by investing in fundamen-tal research supporting the collaborative work. In addition, knowledge transfer and exploitation support functions should be tailored to the core research activities.

Since the creation of SnT in 2009, we have followed the above research strategy and demonstrated that both scientific excellence and socio-economic impact can be achieved; in 2016, Computer Science at the University of Luxembourg was ranked 58th in the world and 21st in Europe – in great part due to SnT’s excellence and competitiveness. This is underlined by the fact that SnT hosts two ERC advanced grant awardees (the most prestigious individual EU research grant).

During 2016, the SnT Partnership Program expanded with five new members (Logos IT Services, Artec 3D, Service Central de Législation, Eethiq Advisors, House of Training) bringing the total to 30. Our FinTech has recently gained momentum with five new partnered programmes (Logos, Eethiq, BCEE, Telindus, Alphonse Weicker Foundation/BGL BNP Paribas). The SnT Tech Transfer Office has been very active managing a dozen ongoing and acquired proof-of-concept projects. In addition, four spin-offs have been created in the last two years, already contributing to employment opportunities as they expand. By following the same path over the coming years, we will contribute to building a vibrant research driven innova-tions ecosystem in Luxembourg.

Prof. Dr. Björn Ottersten Director

Prof. Dr. Björn Ottersten

f back to table of contents

0504

Table of contents

Editorial

Demand-driven and outstanding

Achieving compliance through existing standards

Secure electronic voting

Cutting-edge technology for the financial industry

History with Pepper

SnT at the controls with the drone-hub

DNA sequencing – secure and efficient

Safety in autonomous driving

SnT partners

Creating a more democratic digital currency

Referee for the crypto-triathlon

All that glitters becomes gold: proof of concept for potential spin-offs

Well encrypted, but still not secret

Ethical risk analysis

Computer science at UL reaches 58th place worldwide

Big data against electricity theft

Algorithms for phone ads that don’t bother you

Fresh money for ICT start-ups

Automated buildings could be made truly smart

A marketplace for the Internet of Things

SnT is partner in DFG-funded Collaborative Research Centre

Satellite communications in the 5G era

Avoiding accidents – saving lives

The vulnerability sweepers

Simulation of satellite systems

Organisation

Awards

Financial data

Events

People

Projects

Publications

03

06

08

09

10

12

13

14

15

16

18

19

21

22

23

25

26

27

28

30

31

33

34

35

36

37

38

39

40

42

44

47

56

Award for extraordinary thesis

Dr. Eva Lagunas, research associate with the SnT SIGCOM research group, received the »Extraordinary Doctorate Award« from the Universitat Politècnica de Catalunya (UPC) in summer 2016. The award was made in recognition of her thesis titled »Compressive Sensing Based Candidate Detector and its Applica-tions to Spectrum Sensing and Through-the-Wall Radar Imaging.«

The award was given in the field of ICT (Information and communications technology), not only for the scientific excellence and quality of her thesis, but also for the impact it has since had in the field, namely, the number of times it has been cited in the past two years and the cooperative projects and applications that have arisen from it. The award is given every year for theses published two years previously. Submitted in the academic year 2013 to 2014, Dr. Lagunas worked on it under the supervision of her advisors Prof. Dr. Montse Nájar from UPC and Prof. Dr. Moeness G. Amin from Villanova University, PA, USA. Since her arrival at SnT in September 2014, she has been working within the SIGCOM group led by Prof. Dr. Björn Ottersten mostly on the co-existence of satellite and terrestrial communications in the context of both national and European funded projects.

04

0706

and insurance. Up until two or three years ago, FinTech wasn’t a major concern for the leading companies in this sector, and didn’t feature prominently in our programme. The situation has changed completely; now we are continually building strategic partnerships to make headway in FinTech together with financial service providers.

At SnT, we have established two new labs specifically to address key topics from the FinTech sector: SEDAN – Service and Data Management in Distributed Systems – and CryptoLux, where cryptography is the focal topic. We are pursuing all these activities to help Luxembourg become a centre of excel-lence in the FinTech sector.

SnT is collaborating closely with partners from industry and the public sector in all key areas. What impact is this having on technology transfer?

Technology transfer is playing an increasingly important role – the keyword being socioeco-nomic impact. However, we are approaching the topic from a different angle than most. Our approach already differs in that our choice of research topics follows both governmental strategic guidelines and the needs of our part-ners. Our researchers are highly motivated to

tackle practical problems with new conceptual approaches from basic research. This strategy definitely benefits our partners, and enables them to become far more competitive in the long term.

However, the benefit for Luxembourg goes beyond the partnership per se. Often, new ideas will arise that are not in our partners’ focus of interest. As an independent organisation we never discard promising ideas with exploitation potential; rather we conti-nue developing them, past the proof-of-con-cept phase and on to the patent or spin-off. This approach has proven highly successful. We have an extremely high success rate with the Luxembourg National Research Fund, FNR, in acquiring funding for our proof-of-concept studies. This shows that we are producing economically viable concepts. As a result, the number of spin-offs from SnT is continually growing.

I suppose you put a great deal of effort into supporting scientists in the technology transfer process.

Yes, we are doing a lot to support the scientists in driving their results towards commercial application, and perhaps even to form start-ups. But the most important

thing is to create a culture conducive to tech transfer. And this, in turn, means investing in the right kind of research in the first place; the practical applicability of our projects cannot be overvalued. Taking this approach really gets tech transfer off the ground.

The University was reviewed last year. How did SnT fair?

SnT was given top marks and rated out-standing. We can be very proud of that. In particular, the reviewers commended the trio of factors I emphasised just now: excellent research, close collaboration with industrial partners, and high impact.

What does that signify for SnT’s future?

The excellent review encourages us to continue developing SnT along the route we have taken. We want, of course, to continue improving our performance in the existing the-matic areas. But we also need to invest in new fields, to attract leading experts from around the world, and to inspire young scientists to pursue these lines of work. Over the next few years, I want to develop SnT into a role model in Europe and beyond for our approach of al-ways conducting demand-driven basic research to address the challenges of real applications.

Demand-driven and outstanding

Director’s view

A key aspect of this strategy is our Partnership Program, through which we work closely with industry and the public sector. The basic research we do addresses issues that are of great practical interest and relevance. With this demand-driven approach, we have established a highly productive research environment, attracted excellent people, attracted funding in a highly competitive environment and have produced outstanding research results.

The THE ranking reflects this success. It is an internationally recognised seal of quality that underlines Luxembourg’s importance as a research location. This, in turn, makes us more competitive in attracting people, partners and funding.

You mention research areas of SnT that are of great strategic importance to Luxembourg. Has SnT always focused on the same areas since it was founded in 2009?

Certain topics have remained quite constant at the centre of our activities. These include areas such as satellite communication, veri-fication and validation of software, and the automation of complex systems. But there are also other areas that have become increasingly urgent, which we have since assimilated into our research portfolio. An example of this is FinTech – the set of new information and communication technologies in the field of financial services. One of the most important economic sectors in Luxembourg is banking

Professor Ottersten, in the Times Higher Education World University Rankings, the University of Luxembourg reached 58th place for its Computer Sciences, putting it in the company of renowned establishments such as King’s College London, the University of Stutt-gart and the KTH Royal Institute of Technology in Sweden. What is the significance of this ranking?

Prof. Dr. Björn Ottersten: The THE ranking is a credit to our strategy and our excellent research. From the outset, we have kept SnT aligned to those areas of information and communication technology that are of great strategic importance to Luxembourg, where we can make a high socioeconomic impact.

Prof. Dr. Björn Ottersten


0908

Secure electronic voting

APSIA

In the tradition of democracy, election days have long followed a familiar process. Lines form, votes are cast, and ballots submitted. But as droves of voters turn up to have their say, an element of uncertainty is left in the minds of participants. Did my ballot get tal-lied? Was it accurate? How would I know?

To address this issue, Prof. Dr. Peter Ryan and his APSIA team of SnT researchers are working to get voters more engaged in the process by providing them with means to verify their participation. Through various projects they have been pioneering so-called »End to End Election Verifiability« (E2E-V), and Ryan and his team have recently developed a system that provides a more intuitive way for voters to verify their vote.

»Getting the election outcome right isn’t enough,« says Ryan. »It must be demonstrably correct to all, especially the losers.«

As elections have increasingly gone digital, the threats to the system haven’t changed, but new attack vectors have been introduced. Like any electronic device, machines are prone to errors – whether it is lost data, corrupted files, or malicious interference. Ryan believes that to further enhance the accuracy of elections, two principle elements must be satis-fied for an election to be verifiable. Firstly, that votes are cast as intended, i.e. voters can confirm that their selections (whether made electronically, on paper, or by other means) are correctly recorded. And secondly, that votes are tallied as recorded, meaning that any member of the public can verify that every recorded vote is correctly included in the tally.

In essence, the new »Selene« system provides a unique tracker number for each voter, which they can later use to confirm that their vote

was cast and counted accurately. The twist is that the tracker number is only revealed to the voter after the results have been posted, and in such a way as to enable voters, if coerced, to claim a fake tracker that points to the coercer’s candidate.

The project is looking at all aspects of the voting process and identifying vulnerabilities that could arise. In collaboration with Rice University in Texas, they are working to design and evaluate the system from a usability and understandability point of view.

»It is essential that voting systems are usable and understandable by voters and election officials,« says Ryan. »In the end, there should be election integrity, by the people for the people!«

For more information:

Prof. Dr. Peter Ryan

Achieving compliance through existing standards

APSIA

The internet and privacy – a duo famous for not getting along. In today’s digital era, personal data are constantly under threat. Personal data can be big money, and as enterprises continue to harvest data, the battle to protect people’s right to privacy continues.

Recently, the EU has reinforced our right to privacy with a new law, the General Data Protection Regulation (GDPR). Starting in 2018, it will give citizens more control over their data and implement new regulations for enterprises dealing with personal information such as Google and Facebook, but also non-tech businesses like hospitals and universities.

»The new legislation has many ambiguous legal ele-ments,« says Dr. Gabriele Lenzini from SnT’s APSIA

research group headed by Prof. Dr. Peter Ryan. »That’s a problem to be solved, especially when this law is going to be implemented across a landscape where practices for providing privacy differ from country to country.«

Attaining compliance with GDPR is not straightforward. The issue is driving lively debate in Europe as enterprises risk big fines if they do not comply. One route they will take will be to turn to standards such as ISO/IEC 27001 in arguing their case in court. Before this solution works though, they’ll have to understand how provisions in the regulations relate to their standard practices.

But with hundreds of available standards and a plethora of interpretations of legal texts, finding correlations is a daunting task if done by hand. To help, an interdisciplinary team of researchers in computer science and law, Dr. Ce-sare Bartolini, Dr. Andra Giurgiu, and Dr. Livio Robaldo, led by SnT Senior Research Scientist Dr. Gabriele Lenzini, is building software using state-of-the-art solutions for legal informatics, assisting in reading documents on a computer and finding correlations more efficiently and precisely.

»Our software, with use, will make it possible to collect, store, and share interpretations established by the legal players,« says Lenzini. »It will aid organisations in under-standing whether their practices are already in compliance or where the gaps are.«

The project, funded by the Luxembourg National Research Fund, is called »DAta Protection REgu-lation COmpliance« (DAPRECO) and will run in collaboration with CIRSFID, the Interdepartmental Center for Research in History of Law, Philosophy and Sociology of Law and Legal Informatics of the University of Bologna, Italy.

Dr. Livio Robaldo, Dr. Gabriele Lenzini and Dr. Cesare Bartolini


http://wwwde.uni.lu/snt/people/peter_y_a_ryan

1110

banks (Telindus, Logos ITS, Eethiq Advisors, BCEE, and Alphonse Weicker Foun-dation/BGL BNP Paribas).

»The financial sector is undergoing a digital transformation and through targeted R&D activities, we aim to increase the competitiveness of our FinTech partners,« Ottersten explains. »We want to draw the attention, for example, of US technology firms in this industry to the Grand Duchy of Luxem-bourg, so that we can collaborate with them or ideally even make the country an attractive place for their European R&D investments.«

Overview of partners in the FinTech industry and planned projects:

At BCEE, the Banque et Caisse d’Epargne de l’Etat – as in the entire banking industry – personal contact with banking customers has steadily declined in recent years. ATMs have taken over from staff behind desks. The joint project between BCEE and SnT aims to improve customer management using machine learning and new Big Data analysis technolo-gies. Primary focus is on the complex analysis of multidimensional data sets.

The Alphonse Weicker Foundation, powered by BGL BNP Paribas, and SnT have launched a major long-term re-

search and development programme. Together, they address the fields of se-

curity risk management, client segmentation and software testing to develop new financial instruments. Techniques involving machine learning, data mining and software validation play an important role in this project.

Eethiq Advisors is an advisory firm that specialises in ethically correct investments. One aim is to introduce Distributed Ledger Technology (DLT), which is also the basis for cryptocurrencies such as Bitcoin, into this seg-ment of financial services. The researchers at SnT want to research how modern analytical tools and blockchain technologies can be used to secure an investment account so that every step of a transaction made by an investment manager or customer is recorded. The aim is to ensure compliance with investment rules at all times.

Blockchain technology is also at the heart of joint projects between SnT and Telindus. Telindus is a telecom operator, providing

telecom and ICT solutions for businesses in Luxembourg, including fixed and mobile telephone connections, internet, networking and cloud computing. SnT researchers address the defense of blockchain based infrastruc-tures using SDN (software defined networks) as well as the mapping of the smart contract eco-system.

Logos ITS provides an investigative monito-ring and analysis platform for financial institu-tions. It is specialised in recognising patterns in large data streams on the internet that hint at fraud attempts or money laundering activi-ties. The objective of this project is to design and evaluate new approaches for anti-money laundering and anti-market abuse. Addressing EU regulations, these tasks are highly relevant for the financial sector. The major challenges relate to the large quantity of unstructured data, and data quality.

Cutting-edge technology for the financial industry

FinTech partner

As a global financial centre, Luxembourg depends heavily on the financial sector and its development. This sector is currently in a state of rapid change as advances in information

and communication technologies exert an increasingly strong influence on

business, shaping technologies and services and giving birth to a whole new financial industry. This rapidly growing industry is called FinTech. »In only a few

years, technology has become a focus in the financial sector and

FinTech is now a strategic question receiving attention at board level,« says SnT Director Prof. Dr. Björn Ottersten.

In Luxembourg, SnT is at the cutting edge of research-driven technological advancements in the FinTech industry: »Over the last year, we have invested in these new research directions and interacted extensively with numerous financial service providers and organisations. Together, we will establish Luxembourg as an R&D FinTech hub,« Otters-ten says. This has culminated in several new partnership agreements addressing concrete research projects. SnT’s partners in the field of FinTech include financial service providers and


1312

Dr. Souad Bezzaoucha and Dr. Miguel Olivares Mendez are hol-ding many conversations with partners outside Luxembourg’s borders. The two young researchers at SnT are promoting a new project aimed at boosting competence within the Greater Region in a promising field: together with research colleagues and experts from companies and public authorities in Belgium, France, Germany and Luxembourg, they are building a network for the research, development and use of drone technology.

Bezzaoucha and Olivares Mendez work in the Automation & Robotics Research group directed by Prof. Dr. Holger Voos. The SnT group is one of 14 partners in the project »GRONE - Grande Région rObotique aérienNE«, which the EU has been funding for four years in the scope of its Interreg Initiative. »The participating universities, institutes and associations are in Wallonia, Alsace-Lorraine, Rhineland-Palatinate, Saarland and Luxembourg,« Voos explains. The aim is to intensify coopera-tion in the development and use of drones and, by combining forces, to create a hotspot for this booming field of technology. »It is to our advantage that the different areas of the Greater Region have different fortes,« Voos says: in the development of hardware and software, or in the analysis of data collected by the aerial robots.

»Our group has great expertise in the control of drones,« Voos stresses. »Furthermore, we have excellent testing capabilities for aerial vehicles available at our labs.« SnT can therefore

SnT at the controls with the drone-hub

make an important contribution to the innovation network. In the future, the partners in the project, which was initiated by SnT, want to create a database for developers and users of drones. This should make it easier to offer innovative products and services across borders. The cooperation could also give rise to flexibly adaptable modular components for drones. Further plans include training courses, seminars and work-shops. »We will be using these events for bringing people up to date on current legal regulations,« says Souad Bezzaoucha. Regulatory aspects are being discussed in many countries – including notions of a »drone pilot licence« as a prerequisite for flying such an aerial vehicle. »If a pilot licence becomes mandatory, we plan to offer courses to help obtain it,« says Miguel Olivares Mendez.

There are many legitimate applications for drones. For example, abandoned mine shafts must be regularly checked to see whether gas is escaping or if a shaft is even threatening to collapse. »This will one day be a job for drones that can inspect every nook and cranny of the mines autonomously,« says Holger Voos. Agriculture and winegrowing have other potential applications for drones, where fields and vineyards can be monitored from the air. »That would localise precisely where fertiliser or pesticides are needed,« says Voos. Use of these expensive and environmentally harmful substances could then be cut down through more considered, targeted and sparing use.

Automation & Robotics

Dr. Souad Bezzaoucha and Dr. Miguel Olivares Mendez

Automation & Robotics

History with Pepper

A robot is soon to become a new employee at the Luxem-bourg City History Museum. A research lab at SnT is just putting on the finishing touches. »Pepper« is preparing for his new job at the Luxembourg City History Museum. Starting this year, the little robot will be busily bustling about between the antique cannonballs, paintings, medi-aeval tools and baroque porcelain – and eagerly informing

inquisitive visitors about the exhibits.

»The commune wants to use the robot to increase the museum’s appeal,« says Gary Cornelius, researcher in the Automation

& Robotics Research group at SnT. »Its job is to teach visitors about the city’s history in

a modern, informative and entertaining way.« The whimsical bot follows on from

two other robots which served as guides at the Luxembourg Muse-um of Modern Art (MUDAM) in 2015: a small humanoid robot on wheels and a flying drone. These clever little machines, which welcomed museum guests and engaged them in short conversations, were developed within the now ongoing partnership

between SnT and the City of Luxembourg (VdL) by researchers in the team of Dr. Patrice Caire in the Automa- tion & Robotics Research Group of Prof. Dr. Holger Voos.

Another member of the research team is Gary Cornelius, who is currently preparing Pepper for his job at the museum. What is special about this robot from Aldebaran Robotics is that not only can it talk to people, but it can also recognise human emotions – and even show its own emotions. To show what it is feeling, the three-wheeled, child-sized companion uses a tablet computer on its chest and coloured lights in its wide, saucer-like eyes. It per- ceives its environment with a combination of laser scan-ners, sonar sensors and an artificial sense of touch.

»This creates a broad range of interactive communication abilities,« says Cornelius. Pepper is able to answer questi-ons about the museum and about Luxembourg’s history, for example. And, in turn, it can ask its own questions to learn more about the interests of the museum visitors.

Pepper has so far been used mostly in research. The robot’s duties at the museum, selected together with a team from VdL headed by Danièle Wagener, will be new territory. To make Pepper’s integration easier, Cornelius is developing an easily manageable programming tool: a digi-tal interface by which anyone – even without programming knowledge – can teach the robot new motion and reaction patterns and make updates featuring new knowledge and skills.

Gary Cornelius is developing the bot-instructing interface using a method experts call »model-driven software deve-lopment«. »Roughly speaking, it is based on mathematical models that reflect possible application scenarios,« the computer scientist explains. The method is complex and has hardly ever been used in robotics before. And yet, it delivers what the SnT researchers had hoped for: a simple tool that paves the way for introducing robots into daily life. In future, Cornelius is convinced they will work, for example, as helpers around the house and as nurses.

Gary Cornelius and Pepper


1514

Safety in autonomous driving

CritiX

Robot cars are coming. Of this, Prof. Dr. Paulo Esteves-Veríssi-mo and his colleagues at the Critical and Extreme Security and Dependability Research Group (CritiX) of SnT have no doubt. Electronic systems have already been relieving drivers of many critical driving tasks for decades. Cars that drive fully autono-mously are largely ready for deployment, and are already being tested.

»Nearly all car manufacturers are developing autonomous vehicles,« says Dr. Francisco Rocha, a research associate from the CritiX group who is also investigating these problems. These cars will not only revolutionise people’s mobility, they will also bring new requirements for safety technology with them – regarding both safety and security: »Autonomous ve-hicles have to be networked so that they can warn each other about obstacles and let each other know when they are going to turn or overtake.« They also communicate with stationary systems – such as smart traffic lights that tell the cars when to stop and go.

»Road-side units« provide access to the internet or to clouds where traffic reports and data on weather and road conditions are stored. Cars collect these data via sensors and forward them on to other road users. »In the long-term, motorcycles, bicycles and pedestrians will also be integrated into this net-worked and cooperative system,« suggests Antonio Lima. This will produce a big increase in safety in traffic. But also, it will form a complex digital »ecosystem« that presents many possi-bilities for malfunctions – and for manipulation by hackers.

Where potential vulnerabilities exist, and the ways in which developers can eliminate them, was the subject of a paper the researchers presented at a workshop of the Vienna ACM Con-ference on Computer and Communications Security in October 2016. An important conclusion: »The maximum of security in autonomous and cooperating vehicles can only be achieved by tackling the challenge holistically.«

The SnT scientists created a rating system for error- and attack-protection concepts. Errors or manipulations in the network can be detected according to certain patterns and thus

circumvented. Modern encryption technologies and processing on special chips help to protect safety-related data or the driver’s personal information. The data transmission between vehicles and with infrastructural systems can be secured using alternative pathways such as the Internet and mobile telecom networks.

One major fact, the researchers pointed out, is that safety and security cannot be treated separately. Because there are complex links between software, communication units and me-chanical systems, modern safety analyses need to be extended: engineers should equate accidental and malicious threats and analyse the likelihood of safety failures under the perspective of both accidental and intentional causes.

Dr. Francisco Rocha and Antonio Lima

CritiX

change between researchers and institutions, who could be collaborating on a medical study for example. »The general rule is: safe methods are difficult and expensive, while relatively easier and cheaper methods offer little data security,« Fernandes argues.

»In the scope of a current project at SnT, we have made it our goal to resolve this dilem-ma,« says Jérémie Decouchant, a research associate who researches in the same team as Maria Fernandes. »We want to allow the best possible protection of anonymity and confidentiality of personal genetic information, but without hindering the analysis of the data in medicine or research.« The researchers are taking a new approach to this where the DNA reads are classified immediately after their production into different confidentiality levels. An automatic filter developed by the SnT experts accounts for the type of experiment and the »value« that the information could have for potential data thieves. »How the processing continues depends on how a DNA read is rated according to these aspects,« De-couchant explains. »Data that are especially

sensitive are handled with a more elaborate and therefore more secure method than less critical data.«

This »hybrid read alignment« leads to highly efficient genetic analyses overall. Tests in various cloud environments have revealed that costs can be reduced by around 80 percent compared to conventional methods. »At the same time, the hybrid technology offers strong protection of personal data,« Decouchant asserts.

The researcher is convinced that this kind of method will become an important part of the DNA sequencing life cycle – especially in the future as sequencing machines will produce even more data than the machines of today. The cooperation with experts from the Luxembourg Centre for Systems Biomedicine (LCSB), namely Prof. Dr. Reinhard Schneider’s team, which started at the onset of Maria Fernandes’ thesis work, is now bound to reach new heights, as the bioinformatics and biomedicine specialists give critical input to validate the methodologies.

DNA sequencing – secure and efficient

The ability to sequence DNA has revolu- tionised medicine and biological research. Information gained from analysing the carrier of our genetic code facilitates the study of hereditary diseases, research into human development and the solving of crimes. To sequence DNA, researchers and medical professionals use laboratory equipment that breaks the molecule up into many little fragments, each comprising up to a thousand base pairs. These fragments (»reads«) are then aligned to a reference genome.

Modern sequencing machines sometimes deliver several million data sets at a time, requiring enormous computing power to analyse. This analysis is therefore done in a cloud. »A common disadvantage here is a lack of protection of sensitive personal data,« says Maria Fernandes, a PhD candi-date of Prof. Dr. Paulo Esteves-Veríssimo in the CritiX research group at SnT. »While there are various ways to encrypt digital DNA data for sending and processing«, Fernandes says, »they limit the speed of the genetic analysis in an unacceptable way.« They also hinder the necessary data ex-

Maria Fernandes and Jérémie Decouchant


1716

updated and correspond to the needs of em-ployers and employees, the House of Training is working closely with a large number of federations, professional organisations and public institutions. House of Training and SnT entered a network partnership supporting collaboration in dissemination, training, and partnership activities.

LOGOS is a FinTech company specialising in enterprise risk management which publishes and distributes software named iDETECT®. There is a current revolution in the way new services in the financial industry are being designed and developed. The multiple com-munication technologies and alternative payment solutions offer multiple benefits, but also have some serious shortcomings for any crime (fraud, financing terrorism, money laun-dering...) prevention. Most existing financial crime analytic systems rely on custom made

of precise legal rules. The ultimate objectives of the project are to enhance the government’s portals with metadata and to provide citizens and businesses with open, smart access to legal material. The project aligns itself with the »Digital Lëtzebuerg« initiative, which is a common umbrella for the numerous public and private initiatives making up Luxembourg’s digital economy and society. To this end, the project benefits from the insights, feedback and guidance of SMC – a department of the Ministry of State (Ministère d’Etat) which is in charge of coordinating »Digital Lëtzebuerg«.

rules in order to identify potential anomalies and fraud. In this proposal, we aim to address the existing limits of current approaches, by relying on beyond the state of the art research results. The key novelty in this project is the modeling of complex temporal relationships among users, accounts, transactions, and as-sets for both regular and »Big Data« volumes. The business objective is to provide crime analytics and predictive and detection models in real time with no volume limitations.

SCL’s primary responsibility is to publish the Grand Duchy’s legislative documents and administrative procedures. SCL further main-tains a portal through which it provides online access to its publications. The partnership between SnT and SCL aims to develop com- puterised assistance for annotating legal texts with metadata information, and to allow legal searching and facilitate the construction

SnT partners 2016

ARTEC, Eethiq, House of Training, LOGOS, SCL

SnT is a leading international research in-stitute with a strong focus on modern-day information and communication techno-logy (ICT). Together with its partners, the Centre is helping establish Luxembourg as a European centre of excellence and inno-vation in the field of secure, reliable and trustworthy ICT systems and services. A key role in this process is played by SnT’s Partnership Program. In 2016, five new partners committed themselves to the programme.

ARTEC is a company specialising in 3D sen-sing and processing and face recognition. The main research priorities in the joint research programme are in 3D Shape Modelling focus- ing on the following subtasks. 3D Human Body Modelling: defining a new human body model which captures realistic human deformations and which verifies one or multiple predefined

properties. So far existing models come most-ly from the computer graphics community where the focus has been on the visual ap-pearance and not necessarily on the accuracy and robustness of measurements. Robust 3D Face Recognition: while face recognition al-gorithms under controlled settings have today reached a good level of maturity, solutions for faces in the wild are still an open question. Real-world applications such as surveillance must cope with challenges due to changes in appearance, expression, occlusions, and imaging conditions. The focus of this research priority is to define a model for faces that is invariant to occlusions and to expressions.

Eethiq is a Luxembourg start-up founded by a team of executives with experience from finan-cial markets and managerial positions gained from international businesses. The company will develop a portfolio of services targeting

Islamic financing of real estate and wealth management investments. The co-operative project will address the usage of smart con-tracts and more specifically DLT (distributed ledger technology) for the specific case of Is- lamic finance requirement. The main problem to be addressed is the following: given an account which is provisioned by a client and managed by a fund/investment manager, SnT and Eethiq want to develop a solution that can log all in-vestment operations performed on that account while ensuring that compliance with a set of rules is guaranteed. Furthermore, the project will address data analytics approaches which are specific for this type of financial market.

Designed to support the Luxembourg econ-omy, the House of Training offers a very broad range of training modules and pro-grammes in a large variety of sectors and do- mains. In order to ensure that all courses are


1918

CryptoLux

Referee for the crypto-triathlon

Many of the ordinary objects around us today are already linked to a network. Modern cars are like mobile data centres, washing machi-nes and heater thermostats share data with their owner’s smartphone via the internet, and even bulk items with tiny computers stuck to their packaging instead of barcodes could one day become part of the Internet of Things (IoT). Research at SnT is making sure all the data being shared between these »things« remains secure.

Data security has three key aspects: Confi-dentiality – only the intended recipient of a parcel should be informed of the location or delivery date; Integrity – the operating state of the washing machine should be transmitted without data corruption; and Authenticity – the temperature readings for a house should genuinely come from that house. »In order to guarantee this data security, the IoT must have reliable encryption and signature processes built into it. These, however, must not demand too much computing power, because only relatively small computers can be attached to the various things. One prominent example for this is Amazon’s Dash button – a consumer goods ordering service which uses a proprietary device for ordering goods over the internet,« explains Léo Perrin, a PhD candidate at SnT who is looking for the best methods for encrypting data in the Internet of Things.

So-called WPA2 encryption, which is usual for Wi-Fi data traffic on standard PCs, was not designed with lightweight appliances in mind and would demand too much computing power. In the project Acrypt, Léo Perrin, Daniel Dinu and their colleagues from the SnT group CryptoLux of Prof. Dr. Alex Biryukov are investigating which existing, and possibly newly developed, encryption algorithms are especially suitable for the

IoT. They have created a test method for the various encryption methods. »We speak of a triathlon here because every algorithm has to prove its worth on three different microprocessors typically used for the IoT,« Perrin explains. Some of the algorithms are especially fast, while others have a small memory footprint or stand out because of their especially strong data security.

So far the results from two rounds of the triathlon with participants from USA, South Korea, China, Turkey, and France have been posted on a platform for lightweight crypto-graphy, which Perrin and his team operate with a strong international following. On this platform, they compare both the computing power and memory requirements of each encryption method. Another factor they test for in this triathlon is cryptographic security. »We have even developed our own algorithm in this context, which combines acceptable speed and memory footprint with a demon- strable security against certain types of cryptanalytic attacks,« Perrin adds.

The aim of their work is to settle upon a global standard algorithm for lightweight cryptography – a mammoth international project for the coming years, and one through which SnT will have a significant role in shaping the future of the IoT and its security. The best algorithms from the triathlon will be employed by the microcomputers that, in all likelihood, will be used in one of your next appliances.

Léo Perrin and Daniel Dinu

Today, the terms »bitcoin« and »digital currency« are used nearly equivalently. But bitcoin is not the only so-called e-currency. Wikipedia lists nearly one hundred bitcoin-sib-lings with more than 1 million US dollar market capitalisa-tion each.

In many e-currencies, the transfer of coins is recorded in a global ledger called blockchain. The validity of the newest transfers in the blockchain is verified after several minutes. The verification process itself is done by distributed computers worldwide. As a reward for the supply of the computing power necessary for verifying the transfers and creating new blocks for the blockchain, new coins of the currency are awarded to the so-called miners.

The research from SnT has led to a key component for a new e-currency: a new algorithm to verify the transfers. The first currency to use this algorithm, called »Equihash«, is »Zcash«. It started operation in October 2016 and is trying to resolve two main shortcomings of Bitcoin: its lack of privacy of transactions and the centralisation of transaction verification into the hands of a mere dozen miners who have invested in large amounts of specialised

mining hardware. Bitcoin is prone to such centralisation because the mining process is parallelisable and easy to implement in dedicated, energy-efficient and cheap microchips, making it inefficient to use standard hardware. »Centralisation imposes a high risk to the currency: if anyone owned more than half of the computational power of bitcoin, the currency would be open to fraud,« says Dr. Dmitry Khovratovich, computer scientist at CSC/SnT.

Prof. Dr. Alex Biryukov, head of the research group Cryptolux at SnT, and Dmitry Khovratovich have developed the algorithm Equihash, which can resolve this problem. Equihash cannot be split into sub-calculations which can be executed in parallel. Hence, it can be calculated more efficiently on desktop computers with their multiple processing cores and gigabytes of memory than on special hardware chips. Unlike in Bitcoin, the investment in special hardware does not pay off so easily. This creates a more democratic digital currency by allowing more users to contribute to the mining process. Khovratovich adds: »The strength of a cryptocurrency comes from the fact that the ledger is globally distributed. Our Equihash algorithm brings the situation back to this more ideal world.«

»Since Equihash is based on a fundamental computer science problem, advances in Equihash mining algorithms will benefit computer science in general,« says Biryukov: »Equihash is so far unique amongst all the mining algo-rithms since it is memory-hard to mine, but very easy to verify.« And Khovratovich adds: »Equihash is not restricted to usage in Zcash, we hope that other e-currencies will use it as well.«

Creating a more democratic digital currency

CryptoLux

Prof. Dr. Alex Biryukov and Dr. Dmitry Khovratovich


2120

All that glitters becomes gold: proof of concept for potential spin-offs

Technology Transfer Office

An elderly woman has fallen in her apartment and cannot get up by herself. Because she wears a sensor on her wrist with an app for measuring her physical and psychological wellbeing, help is quickly mobilised. Three-year-old Paul is receiving special speech therapy for autistic people. Because he finds it difficult to interact with people for long periods, he goes through his exercises together with QT, a friendly little robot.

There is often a long and rocky road to navigate before research results can culminate in marketable products like the SafeLiveTM app for seniors or the robot QT who supports autistic children. To make the road as smooth as possible, SnT has launched a Tech Transfer initiative giving SnT’s researchers optimal support in their entrepreneurial activities. Dr. Cécile Petit is the project coordinator at SnT’s Technology Transfer Office (TTO). She organises the activities of the TTO and manages the training courses that SnT offers: »We are helping the researchers to formulate their business cases, supporting them in negotiating with financers or cooperation partners, and offering advice on how to obtain public funding.« Patenting issues are especially important in this regard: scientists get advice on how to apply for patents or negotiate licences.

A key instrument for the TTO are the proof-of-concept projects (PoC). The PoCs are financially supported by the Fonds National de la Recherche (FNR) and internal univer-sity resources. »They are not driven by research objectives but are launched when we see a commercial exploitation

potential, either by licensing IP (intellectual property) to an existing business or launching an SnT spin-off,« says Petite: »Based on research outcomes, the PoC is a great opportunity to develop a prototype, protect IP, discuss with potential customers or investors and work on a business plan. Researchers can also participate in our PoC training sessions on every aspect of entrepreneurship. All these activities enjoy great success – we have a success rate of 100% for PoC applications submitted to the FNR for funding.«

The PoC training courses were conceived for SnT emplo-yees, but they can also be taken by other researchers at the University of Luxembourg. »Nearly 200 scientists have made use of the offer so far,« reports Cécile Petit: »The special training courses make a real difference to our re-searchers.« With convincing results: the first social robots of the QT prototype, for example, will go on sale in 2017. And the researchers are open to sharing their knowledge: in PoC courses the developers of QT – the cute, toddler-like robot – are discussing with other scientists how to recog-nise whether their idea has commercial potential.

LuxAI – artificial intelligence for social robots

The startup LuxAI which emerged from an SnT project funded by the Fonds National de la Recherche (FNR) is developing social robots – automated assistants for use in education or health systems. Former PhD candidate Dr. Pouyan Ziafati founded the company. Co-founder Aida Nazariklorram says: »These easily programmable robots will support trainers and therapists in their work.« They can be programmed to practice vocabulary with children or do rehabilitation exercises with stroke patients. While not designed to replace caregivers, they assist in many ways and can efficiently handle routine tasks.

To date, the LuxAI team has won several prizes for the development of its robot, winning first place at the Mind & Market Forum in Luxembourg in July 2016. They took third place in the »Pitch your start-up« competition, in which 90 participants from Luxembourg, France, Germany, Italy, and Korea took part. The team also qualified for the Pirate Summit Global – a European start-up conference that took place in September 2016 in Cologne.

20 f back to table of contents

2322

NetLab

relaxed or nervous, which could perhaps be because they are on their way to an important job interview, or possibly because they are planning a malicious act,« Machalek continues.

Understandably, Machalek cannot reveal too many details of this behavioural analysis. But he can say this much: smart surveillance cameras and image analysis play a major role in the study of behavioural patterns. Based on these patterns, FLYSEC is designed to give security personnel at the airport a risk-based recommendation on how thoroughly travellers need to be checked. People whom the system classifies as especially trustworthy then make their way more quickly through the security gate, while those behaving conspicuously are monitored more closely. Machalek specifies that, »because the analysis completely disregards things like skin colour and religious symbols, our process is ethical by design.«

SnT’s second FLYSEC work stream involves field testing. Proofs of concept will be conducted on increasingly large scales at three different airports. These will qualify and quantify the system’s success rate in practice. The first will start in February 2017 at the regional business airport Schönhagen in the south of Berlin, Germany. A field test at Luxembourg airport will follow by December 2017. After this, other methods of passenger guidance developed within the scope of the project will also be tested. Using new smartphone apps and other visitor guidance systems, for example, passengers will receive personalised messages about which security gate they need to go through and when. Based on its risk analysis, the system anticipates how long it will take each indivi-dual passenger to pass the security check.

If FLYSEC proves successful, then the methods from the SnT laboratory could serve at many airports as the basis for entirely new security concepts that encroach less on traveller comfort.

Security gates at airports have long been the slowest bot-tleneck for air travellers and this will only become worse as security requirements continue to tighten. The aim of »FLYSEC« is to learn how the security process for passen-gers can be accelerated and how passenger screening can be done objectively, without regard to people’s outward appearance. In this international, EU-funded project, the research group NetLab, headed by Prof. Dr. Thomas Engel, at SnT is responsible for two important parts.

»First, we want to gain a better understanding of what behaviour is normal for airport visitors and what is not,« explains Aurel Machalek, an SnT researcher in the FLYSEC project. »An overview of typical behavioural patterns will then emerge.« Being based on objective raw data, this pattern analysis will be completely unpreju-diced. »Working from our catalogue of behaviours, we then want to determine whether a person’s behaviour is

Ethical risk analysis

Daniel Conrardy, Head of Airport Security, Luxembourg Airport, and Dr. Aurel Machalek

Anyone who accesses or sends sensitive data via the internet is well advised to secure their communications using, for example, HTTPS, WPA2 encryption, a virtual private network (VPN) or even to anonymise connections using the Tor network. However, none of the existing methods can guarantee absolute privacy. This is the conclusion to which SnT researcher Dr. Andriy Panchenko from the NetLab research group came in a preliminary study for the CORE project »Privacy Enhancing Techniques for Future Internet« (PETIT), which is being funded by the Fonds National de la Recherche (FNR).

The PETIT project is studying and developing methods that offer better protection of privacy on the web. Andriy Panchenko is concentrating in particular on the patterns of data packets, rather than the encrypted data itself. »We are looking at the metadata of a connection,« Panchenko explains. Because data is sent throughout the internet in small packets, the length of these packets and the interdependency between them represents a kind of fingerprint. Panchenko continues: »These metadata fingerprints are unique for every website, and so they reveal what services you are using in the network.« Data is sent as a different sequence of packet sizes while visiting the product page of an online retailer, for example, than when reading a news article or editing a document in the cloud.

In fact, it takes very few data packets to determine with high precision what specific websites a user has visited. »Not a single part of the actual content transmitted has to be decrypted to reveal this,« Panchenko stresses. »A big chunk of everyone’s surfing habits on the internet is therefore funda-mentally exposed to potential attackers. These fingerprints of timing, packet lengths and sequences can be collected by simply eavesdropping on Wi-Fi communication at up to a hundred metres distance.«

So how can we effectively prevent unwanted eavesdropping on our surfing habits? »A trivial solution would be to fill the data stream with useless data packets so that attackers can no longer distinguish the actual data packets from the »noise«. This, however, would overload the capacity of the networks,« Panchenko explains. Accordingly, the PETIT project will spend the next two and a half years identifying smarter methods through which user information can be further obscured.

That is in fact only half of the story. Ideally, the smart methods developed by the PETIT project will also ensure that criminal use of data lines can still be traced back regardless of any advanced concealment. Panchenko continues: »Only if these conflicting interests – privacy and protection against abuse – can be reconciled will it be possible to increase the acceptance and use of ‘privacy enhance-ment techniques’.«

Well encrypted, but still not secret

NetLab

Dr. Andriy Panchenko


2524

Computer science at UL reaches 58th place worldwide

THE Ranking

The University of Luxembourg belongs to the circle of the world’s 200 best universities. In 2016, it ranked 178th in the prestigious »Times Higher Education (THE) World University Ranking«. »A very important factor for attaining this admirable position is our sus-tained, determined effort to attract excellent first-rate researchers in computer science«, says Prof. Dr. Rainer Klump, President of the University. And these efforts have met with tremendous results: the University is ranked 58th in the field of computer science, placing it in the league of highly-regarded universities such as King’s College London (ranked 52nd), the University of Stuttgart (ranked 60th) and the KTH Royal Institute of Technology in Sweden (ranked 73rd).

SnT hosts a large number of computer science researchers and today has over 250 employees. »At SnT, we place a strong empha-sis on going beyond excellent research to create socioeconomic impact«, says Prof. Dr. Björn Ottersten, the founding director of SnT. Some 30 long-term partnerships have been established with infra-structure and service providers, technology and system integrators, banks and financial institutions, as well as public agencies. »By creating efficient synergies between public and private invest-ments in research, we can ensure that our partners become more competitive and continue to invest in the country«, says Ottersten. Hiring outstanding computer scientists is the key to the recognition; among SnT recruitments are two FNR PEARL chair holders and two ERC advanced grant awardees. »We are convinced that excellence and impact directly result from our focus on areas aligned with national priorities and industrial needs,« says Ottersten.

ERC Grant for Prof. Dr. Lionel Briand

Prof. Dr. Lionel Briand, FNR PEARL Chair and Vice Director of SnT, has been awarded an »Advanced Grant« by the European Research Council (ERC) for his research in the field of software reliability and security. The Advanced Grant is the most prestigious of the European Commission research grants and Briand’s project is the first one awarded to Luxembourg.

With a total award of 2.3 million euros over the next five years, Briand aims to expand his research collaborations with industry partners in Luxembourg and Europe. Briand’s research tackles the problem of bringing more automation and effectiveness to the testing and verification of systems used in numerous fields such as finance, aerospace, and the automotive sector.

The ultimate goal is to increase system reliability, security, and safety. This funding added to a series of recent successes at the University of Luxembourg in acquiring research funding, including two ERC Consolidator Grants.


2726

SEDAN

Business models for apps are often based on advertising. Users install a game or a service for free and, in turn, the app producers use the app as an advertising platform. The key to this model is that better targeting of adverts results in higher rates of purchase, allowing app developers to charge advertisers higher fees. So far, however, ads tend to appear more or less randomly. More often than not, all they do is bother the user.

And yet it is possible to make advertising more targeted, and thereby less intrusive, even under strict observa-tion of the user’s privacy. That is the aim of a strategic partnership between SnT and OLA mobile. OLA mobile is a marketing company specialising in user acquisition and so-called Mobile Performance Marketing. It helps developers of applications and games for mobile devices to acquire more users.

Manxing Du, who is doing her PhD in the SnT research group SEDAN of Dr. Radu State, describes the approach of the project with OLA mobile: »The time of day, app usage patterns, location, or the user’s anonymised purchase his-tory can deliver valuable indications as to what products a mobile user is interested in. This data must be processed in large volumes and in real time. We are developing algorithms that will do this and will thus learn to better understand the user.« Advertising messages would then be more relevant to the specific customer.

The success of such algorithms is measured by how many clicks an ad generates and how many of these clicks lead to sales. Marketing companies know from experience that only a very low proportion of clicks result in sales – less than 0.4 percent, in fact. It will take sophisticated models to achieve an improvement even on this modest level. The SnT team has developed and successfully tested such a model. »We have included many factors in our algorithms,« Manxing Du explains. »Time-related features are corre-lated with additional system-level and campaign-related performance statistics.« Efficient implementations and real field trials are also essential and are done within this research project, explains Dr. Georgios Varisteas, Research Associate in the SEDAN research group.

The theoretical findings are highly promising. The next step is for the algorithms to prove themselves in the real-world advertising of OLA mobile. The SnT researchers are not looking to fuel consumerism, but rather to gain funda-mentally new knowledge that will make the advertising market more transparent. »We have the opportunity here to advance our mathematical developments in the field of Big Data working on real data,« says the head of the SEDAN group, Dr. Radu State. »This is far more realistic and therefore far more relevant than if we were to work with data that were generated artificially for a research project.« Consumer protection will also benefit from the work, State asserts. »We are publishing the fundamental knowledge generated in our collaboration with OLA mobile in scientific journals. This promotes greater transparency in the field of e-commerce.«

Algorithms for phone ads that don’t bother you

Manxing Du

Big data against electricity theft

SEDAN

Newly industrialised countries such as Brazil and other countries in Latin America, Eastern Europe, the Middle East and Asia are undergoing extremely rapid expansion of their infrastructure, and their power grids along with it. Electric utilities are commonly confronted with power losses that have nothing to do with technical faults, but result from electricity theft. The Brazilian company CHOICE specialises in this issue, and is cooperating with SnT within the scope of its Partnership Program. »We use our techno-logy, based on machine learning algorithms, to continuously analyse the utilities’ data to detect patterns and to predict any theft or other irregularities,« says Denis Maia, CEO of CHOICE. »When we do detect such an anomaly, field inspectors on-site investigate its cause.«

Such field inspections are difficult and ex-pensive. Accordingly, evidence of theft must be firmly substantiated, factoring in as many measurable parameters as possible. This is where Dr. Jorge Augusto Meira comes in: Meira is a research associate in the SnT re-search group SEDAN of Dr. Radu State. Since May 2016, Meira has been researching in the cooperative project with CHOICE. »CHOICE has to make quick and reliable decisions as to whether it is worth sending out an inspector. This requires computer programs, for which we are researching into powerful algorithms at SnT.«

It is not as simple as merely measuring power consumption: rather, evidence of anomalies is only gained when one also accounts for power consumption in neighbouring grids, climatic data such as temperature and precipitation, and economic development – such as the performance of factories. »Our algorithms have to be capable of processing numerous data sources and even data

overlapping,« says Meira. He and his team of two other research associates and two PhD candidates made a significant leap last year: »We tested our algorithms on historical data that CHOICE provided us with. With our algorithms, we succeeded very well in tra-cing back electricity thefts that CHOICE had positively identified – we would have been able to send out inspectors very selectively.«

Of course, the methods being developed at SnT ultimately have to prove better than the methods currently employed. Meira continues: »The data from CHOICE are biased. That means they have a history that repeatedly points towards some patterns but obscures others. We want to eliminate this bias with our algorithms – and catch on to electricity thieves who would otherwise go undetec-ted.« Meira is confident they will succeed in this: »The first on-site inspections based on our algorithms are underway. If they are successful, then CHOICE will be able to offer its customers even better service based on our research.«

Dr. Jorge Augusto Meira


2928

DJI Developer Challenge

The SnT Automation & Robotics Research Group led by Prof. Dr. Holger Voos has participated in the 2016 »DJI Developer Challenge«, an international competition for researchers in the field of unmanned aerial vehicles, known as drones. Organised by one of the world’s leading companies for camera-drones and quadcopters, DJI challenged participants to design an unmanned rescue aircraft able to take on search missions. To succeed, drones had to autonomously enter a simulated disaster area, gather information on the location of »survivors«, transmit the data back to a nearby operations vehicle and return safely. DJI received more than one hundred applications in 2016, from which 25 were selected – one of them from the SnT team. The successful teams received DJI’s new quadcopter and sensor equipment for the upcoming development work.

Fresh money for ICT start-ups

Digital Tech Fund

Luxembourg has a new tool to support its start-up scene in the high-tech sector: the Digital Tech Fund. Since the spring of 2016, this fund has been providing capital to innovative and promising young technological companies and start-ups from the ICT industry. The Interdisciplinary Centre for Security, Reliability and Trust (SnT) has played a major role in helping Luxembourg’s government set up the Fund.

The Fund is aimed at facilitating the transfer of new tech-nologies from public research into commercial application. The main investor is the government of the Grand Duchy of Luxembourg, which contributes five million euros. Other stakeholders include, for example, the world’s leading satellite operator, SES, with an investment of three million euros, and the University of Luxembourg with one million euros.

SnT Director Prof. Dr. Björn Ottersten says that the Digital Tech Fund will play an important role in the process of eco-nomic diversification in Luxembourg: »Start-ups have had a hard time finding funding, especially in the early stages of their development. This is changing with the establishment of the Fund. The idea is to create a favourable environment for start-ups to settle in Luxembourg.«

When the Fund started operations in May 2016, Deputy Prime Minister and Minister of the Economy Etienne Schneider explained that there was a need to respond to the financial requirements of start-up businesses and that the Digital Tech Fund, an initiative taken in the context of the Digital Lëtzebuerg initiative, complements other natio-nal funding schemes made available by the government.

The fund focuses primarily but not exclusively on making venture capital investments in areas such as cybersecurity, FinTech, Big Data, Digital Health, the media and next-generation communication networks, digital learning, the »Internet of Things«, and satellite telecommunications and services.

Etienne Schneider

29f back to table of contents

3130

A marketplace for the Internet of Things

SerVal

Devices of all kinds will soon be connected with one another in the Internet of Things (IoT). Such devices include home automation, weather sensors, vehicles, bicycles, street illumination and much more. Forecasts predict many disruptive innovations will emerge at various levels from the intelligent combination of data from these devices. The international EU-funded bIoTope project aims to create an open IoT ecosystem for Europe, to give companies the chance to be involved in this process.

»Today, we observe the emergence of large, vendor-controlled IoT ecosystems with little interoperability between different vendors’ solutions,« explains Dr. Sylvain Kubler from SnT. Kubler heads the interoperability group of bIoTope in the SERVAL research group headed by Prof. Dr. Yves LeTraon. »This is even more true of the big US-based IT giants such as Google and Apple, who are very active in IoT service development. Europe’s many smart and agile – yet comparatively small – companies need to cooperate through open IoT ecosystems,« Kubler advises.

The vision of bIoTope is to develop an open toolbox for companies who are producing IoT components. This toolbox will include a marketplace-like interface allowing the arbitrary connection of IoT components of different types. »Companies will be able to use this framework in their products,« Kubler advertises. Furthermore, they can use this open connectivity to develop cross-platform services that make use of the multitude of data delivered within and across IoT sectors.

An example of such an IoT-based service developed with bIoTope’s marketplace is a bicycle-sharing service in Brussels that can combine bicycle parking spot-related data with weather measurements and smart light control in the house of the user. The service can therefore predict what time a specific user will have to leave home in order

to pick up a bike at a given station and notify the user to hurry up by turning the room light to some specific colour if the amount of available bikes is decreasing rapidly. The system accounts for the delay due to wind or weather in reaching the planned destination on time and the availability of bikes at the various stations.

»Since basically all IoT services depend on the location of the »thing«, cities are going to be a very important part of the IoT ecosystem,« Kub-ler adds. A city could play a key role in the growth and sustainability of the ecosystem since local businesses can generate their applications with minimum effort by looking for different IoT information sources within a defined area.

Kubler’s IoT marketplace already has a reference implementation for the city of Brussels, which developers can use for locating and connec-ting IoT devices and services. As of the end of 2016, the first busines-ses have started to join the bIoTope ecosystem using this reference implementation.

Prof. Dr. Yves Le Traon, Dr. Jérémy Robert and Dr. Sylvain Kubler

Automated buildings could be made truly smart

SerVal

Every sunny day, the same scenario plays out across thousands of buildings: sunlight floods over sensors, automatically triggering blinds to fully close – every last one of them. Just a little later, however, some of the blinds open up again to allow light back into the rooms. This time, however, it was the people inside the building that activated them. Much the same thing happens with air conditioning. The buildings’ automated features are therefore arbitrarily controlled in a continuous back-and-forth between its defaults and the users’ wishes. The balance of control must be optimised to help the buildings become more energy efficient, because improperly controlled heating, cooling or lighting is costly and becomes a burden on the environment.

»It is very expensive to replace the technical infrastructure with instrumentation and control systems. Control software, on the other hand, can be improved with relative ease,« Daoyuan Li, a PhD candidate in the SERVAL workgroup at SnT, explains the aim of his work. In truth, automated buildings do not behave very smartly yet, and that is what he wants to change. In cooperation with the Luxembourg company Paul Wurth S. A., whose department Geprolux specialises in constructing and operating large buildings, he is studying how the users of a building in-teract with its control technology; a specially developed control system shows when and by how much users correct, or overcorrect, a building’s automation commands.

»Other companies are also investigating where the automated behaviour of a building differs from the user’s wishes,« Li explains. »But rather than using intelligent analysis, they are looking at average user interaction

with the controls. Essentially they are trying to design operation rules that will be (semi-)hardcoded in control systems. And this makes it difficult for finer grained control, customi-sation and flexibility.« Daoyuan Li is therefore taking a smarter approach in his project.The object of his research is the modern building automation system of a newly built school in Luxembourg. First, Li aggregates data from the light and temperature sensors with data from the automatic control system and user changes, and then runs automatic searches for repeating patterns in this data. After automatically analysing the time series, his software identifies clusters of rooms and controls that behave in a similar fashion. Ulti-mately, this should explain, for example, why the building has so far failed to meet the high expectations for low power consumption.

The immediate goal is therefore to find out what patterns emerge from the user-building interaction. What personal factors are there, what structural factors, and where might there simply be a technical fault? Once these

factors have been analysed and interpreted, one ought to have a framework for a smart building control system that can be retrofitted into an existing building infrastructure.

Li is convinced that an adaptive control system that learns for itself will increase user satisfaction with modern buildings. Poorly set heating, ventilation or light controls could ultimately cause a smart building to use even more energy than a building with no automa-tion at all, but it should be possible to avoid or even correct such planning flaws by installing an adaptive system.

Daoyuan Li with colleagues Dr. Tegawendé Bissyande and Dr. Jacques Klein


3332

The Interdisciplinary Centre for Security, Reliability and Trust (SnT) is a member of the Collaborative Research Centre (CRC) »Methods and Tools for Understanding and Controlling Privacy« (SFB 1223), which is funded by the German Research Association DFG. The centre was established in early 2016. »It will make scientific and technological contributions for providing privacy in tomorrow’s internet,« says Prof. Dr. Lionel Briand, head of SnT’s Software Verification and Validation Lab, SnT’s vice-director, and Principal Investigator of the CRC in Lux-embourg. The SnT team participating in the CRC, co-led by Dr. Domenico Bianculli and Dr. Shar Lwin, will investigate methods for analysing how web and mobile applications handle private information, and new techniques for determining potential privacy violations and assessing the impact on privacy of online interactions and mobile encounters.

From a mere communication network, the internet has rapidly evolved into a global platform for social networking, enter-tainment, education, trade, and political activism, with more than two billion users. Assuring the online privacy of individual end-users has become a largely unsolved problem and remains a formidable challenge for users, providers, and legislators. »Achieving an overarching foundation for providing privacy in tomorrow’s internet goes far beyond traditional security and privacy research,« says Briand. »It necessitates a paradigm shift to cope with the wealth and heterogeneity of user-to-user and user-to-provider interactions as well as the resulting challenges to privacy, requiring expertise from a wide range of computer science areas. The Collaborative Research Center will tackle this challenge.«

The centre is supported by the Fonds National de la Recherche (FNR) through its INTER programme. The hosting institution is the University of Saarland with its Computer Science Depart-ment and the Center for IT-Security, Privacy, and Accountability (CISPA). The other partners are the Max Planck Institute for Software Systems (MPI-SWS), the German Research Center for Artificial Intelligence (DFKI), the Max Plank Institute for Informatics (MPI-INF) and the Lorraine Research Laboratory in Computer Science and its Applications (LORIA).

SnT is partner in DFG-funded Collaborative Research Centre

Collaborative Research Centre

Prof. Dr. Lionel Briand

200 visitors from around the world attend IEEE CloudCom 2016

IEEE CloudCom is the premier annual conference on cloud computing worldwide. The Interdisci-plinary Centre for Security, Reliability and Trust (SnT) of the University of Luxembourg hosted the event in 2016. In mid-December, roughly 200 participants from around the world came to Luxembourg to discuss the latest developments in »Big Data« and topics such as security, data privacy and other important concerns in the context of »the Cloud«. Cloud computing refers to users sharing resources for processing power and data storage in the internet. »While cloud computing has already been the paradigm for computer work in large networks for many years now, many of the cloud services are still in their infancy,« says Dr. Sébastien Varrette who together with Prof. Pascal Bouvry, was general chair of the conference. Bouvry adds: »The participants at the IEEE CloudCom agreed unanimously: we still have a lot of research and development to do if we are to cope with the large quantities of data while assuring security, privacy and the compatibility of classical supercomputers with cloud computing.« It is a mammoth task, and the scientists at SnT are working on it intensively.


3534

SIGCOM

Avoiding accidents – saving lives

Advances in automobile tech have undoubtedly improved the safety of today’s cars; from the humble seatbelt to anti-lock brake systems, each development has helped save lives. But when it comes to safety, the ultimate design challenge remains to avoid accidents altogether.

SnT researchers Dr. Bhavani Shankar and Dr. Yogesh Nijsure from the SIGCOM research group at Snt, led by Prof. Dr. Björn Ottersten, have set out to improve upon the latest advance in car safety – collision detection. Through a partnership with the Luxembourg based company IEE, Shankar and Nijsure are looking at ways to take the next step in collision avoidance through a project based on Multiple Input – Multiple Output Radar (MIMO).

»The systems we have on automobiles today have been a big step towards making cars safer,« says Shankar. »But in their current state, there are known limitations.«

Conventional systems for collision avoidance rely on sig-nals sent and received using ultrasound. As the signals go out into the world, they bounce back and carry with them information used by the car’s computers to assess dangers and take action, like braking to avoid a rear-end collision. A key vulnerability though in the current ultrasound tech, is its inability to differentiate objects when they are very close together.

»Imagine a scenario where you have a pedestrian walking near a large object like a truck, and the collision avoidance system sees the pair as one; the situation can be danger- ous.« The solution lies in a car’s ability to see the world in greater resolution. By using radar instead of ultrasound waves, the MIMO system will have the ability to distinguish objects more clearly, and won’t be limited by changing weather conditions like rain and fog. This makes MIMO radars an all-weather solution to improve safety.

The recently formed Radar research group is currently working on processing techniques and algorithms to handle the increased data load coming from a high resolution signal. They’re also investigating the use of multiple transmitters to improve the car’s depth perception.

Much like our eyes, notes Shankar, this offset placement of sensors gives the car greater awareness of outside risks by estimating distances more accurately. The team anticipates having proof of concept designs and laboratory demonstrations around the end of 2017.

»This project is another step towards the ultimate goal of making cars safer,« says Yogesh, »Not only for their occupants, but also the outside world.«

Dr. Bhavani Shankar, Dr. Yogesh Nijsure and Hossein Dokhanchi

Satellite communications in the 5G era

SIGCOM

As the information age surges into the future, the world’s 3.5 billion online user population will continue to grow and consume data at an unprecedented rate. With that demand comes strain on the systems that exchange, relay, and ultimately deliver the vital information. From 2014-2015 alone, the number of online users increased nearly eight percent worldwide – with no sign of stopping.

»In the next few years, the internet’s massive growth will come not only from new users, but new business cases as well,« says Dr. Symeon Chatzinotas, SIGCOM Deputy Head. »Application areas like E-health, E-Industry, connected vehicles, and millions of new devices connec-ting to the Internet of Things will create a persistent draw on the system.«

Chatzinotas and his team of researchers are taking this challenge head-on by partnering with Société Europé-enne des Satellites (SES), a global leader in satellite technology. Together they are working to find innovative new ways to address these issues.

»The direct approach would be to acquire new frequen-cies or to add to the infrastructure,« says Chatzinotas. »But these methods are inherently costly and difficult given the high level of spectrum regulation.«

Through their project, »Satellite Precoding Hardware Demonstrator« (SERENADE), Chatzinotas and his team are working to improve satellite transmissions through a number of methods. One is to make aggressive reuse of the available frequencies used by satellites. In many systems, satellites have an exclusive spectrum, but they don’t necessarily make use of it all the time across its coverage area, wasting potential communication band-width. Through a technique called »precoding,« the team is able to create a multi-beam system that can improve transmission rates. When successfully implemented, per-formance gains will be significant, with nearly four times the throughput, improved flexibility and energy efficiency.

Working closely with SES and other stakeholders, the SERENADE team is developing in the lab proof of concept models and algorithms to be used on multi-antenna transmitters. Their goals are to identify potential com-plications in the system and address any issues of signal interference. »By 2020, nearly 75% of internet traffic will be mobile video,« says Chatzinotas, »That will be a huge draw on the system, and as we start to usher in the 5G era in 2020, it will be crucial to find ways to address these bandwidth challenges.«

Dr. Symeon Chatzinotas


3736

Simulation of satellite systems

SVV

In summer 2016, hundreds of millions of people around the world were watching the European Football Championships in France live. This was made possible by satellites. But what viewers can enjoy on TV at the push of a button involves an enormous technological effort from the satellite operators.

The software systems that ensure controlled, flawless operation of the technology behind communication networks are complex »integrated« systems comprising many compo-nents. They perform a wide range of functions – such as controlling the position of satellites, transmitting data securely, reliably and efficiently while ensuring timeliness and low cost. Satellite systems are developed in a highly-distributed way where different parts are made and shipped by various suppliers. Engineers have to ensure that the integrated systems behave as intended and meet their requirements for functionality, performance, and robustness. This requires satellite systems to undergo extensive verification and validation.

»Companies use simulation tools to do this, which imitate the functioning of, say, a satellite-based service already during the system design phase,« explains Dr. Seung Yeob Shin, who is a researcher in the SnT group Software Verification and Validation Lab, led by Prof. Dr. Lionel Briand. Sophisticated simulation platforms reduce the cost and increase the effectiveness of verification and validation activities. Yet they still

have a weakness. »So far, there isn’t a single system-level simulation tool that has been tailored to the nuanced and emerging needs of the telecommunications industry,« Shin says. Consequently, the results of many simulations are not thorough or reliable enough, and the engineers still have to check critical functions manually in the end.

But that could soon change. In the scope of a newly-started FNR CORE project, titled MOSIS (»Model-based Simulation of Integrated Software Systems«), Dr. Seung Yeob Shin and his colleagues Dr. Shiva Nejati and Dr. Mehrdad Sabetzadeh at the SVV lab led by Prof. Lionel Briand want to develop a novel simulation platform targeted specifically at complex tele-communications systems. The SnT researchers are cooperating with experts from SES Techcom – a sub- sidiary of the world-leading, Luxem-

bourg-based satellite operator, the SES Group. The main collaborators from SES Techcom are Frank Zimmer and his team.

»Our solution needs to ensure that system developers can quickly and reliably identify malfunctions by automated simulation,« says Shin. For this, he and his colleagues are following the Model-Driven Engin- eering approach – a design method oriented around building abstract and yet precise models of an applica-tion under development. »This way, the engineers can easily adapt the simulation as needed at any time,« Shin explains. He is convinced that the outcomes of the project will not only increase the reliability of inte-grated software systems, but also lower their development costs.

Dr. Seung Yeob Shin and Dr. Shiva Nejati

SVV

Reliability and data security are of vital importance for web services and web applications. If hackers manage to infiltrate a system and steal user data, it can have severe consequences. Popular web technologies such as XML, XPath and SQL, when not used carefully, can be entry points for potential attackers to hack into a web system. This threat makes detecting and eliminating software vulnerabilities a critical activity, which should be perfor-med as early as possible, before the software goes into operation.

Dr. Domenico Bianculli, Dr. Shar Lwin, and Julian Thomé of the SnT Software Verification and Validation Labora-tory (SVV), led by Prof. Dr. Lionel Briand, have developed a novel analysis method to effectively track down and

The vulnerability sweepers

eradicate vulnerabilities at an early development stage in software used for web applications.

»Developers these days have various technologies at their disposal for automatically detecting vulnerabilities in software; however they frequently raise false alarms,« says Bianculli. »And when they do detect a genuine vulne-rability, they often give no indication of where to find the actual cause in the program source code. This is of little or no help for developers«, adds Lwin.

The team of researchers has tackled the challenge of detecting vulnerabilities in web applications using a hybrid approach. »It combines several technologies in an effective way,« Thomé explains. A special analysis method called »security slicing« extracts only those parts of a program (»slices«) that are relevant for security analysis. These potentially vulnerable slices can then be checked for the presence or absence of vulnerabilities by using »symbolic execution«. This check is powered by the combination of constraint-solving technology and meta-heuristic searches.

The security slicing approach produces concise slices (on average 1 percent of the size of the original program) that are far smaller than those obtained with conventional tools. »When compared to existing approaches, ours is much more scalable; it can be used to analyse large web applications« Thomé says. Further, the constraint-solving technology developed by the SVV team leads to a signifi-cant improvement of the number of detected vulnerabili-ties (more than 95 percent) and yields a low (less than 5 percent) false alarm rate.

The SnT researchers have demonstrated the benefits of their approach so far through experiments on representa-tive open source applications, but they plan to collaborate with a partner company in the near future to analyse industrial software products. Ultimately, their goal is to protect web applications and online services against many costly

Editorial...made in recognition of her thesis titled »Compressive Sensing Based Candidate Detector...

Documents

Transcript of Editorial...made in recognition of her thesis titled »Compressive Sensing Based Candidate Detector...