Dina G. Mahmoud Awarded CYD Doctoral Fellowship

Cyber-attacks can cause big damage: theft of sensitive data, failure of safety-critical equipment or disruption of vital communication networks. In January 2019, the Cyber Defence Campus (CYD) was established to anticipate and counter cyber threats. Since then, CYD has been promoting new solutions to major challenges in the fields of security and data science. In that context, CYD has joined forces with EPFL to launch the “CYD Fellowships – A Talent Program for Cyber-Defence Research.” The program recognizes and supports researchers by awarding Master Thesis, Doctoral and Distinguished Postdoctoral Fellowships. One of the first recipients of the CYD Doctoral Fellowship is Dina G. Mahmoud, Doctoral Assistant at EPFL’s School of Computer and Communication Sciences.

Dina first visited EPFL in summer 2018, as part of the Summer@EPFL internship program (1.9% acceptance rate). In 2019, Dina won an EPFL IC School Fellowship and entered the EDIC doctoral program. Her research, in collaboration with Mirjana Stojilović, focuses on fault attacks on FPGA-based platforms. Dina’s work was published at the “Design, Automation and Test in Europe” (DATE) conference in 2019 and the “Field-Programmable Logic and Applications” (FPL) conference in 2020.

The CYD doctoral fellowship will provide Dina with salary, research and travel expenses for three years (with a possible one-year extension). She was selected based on her strong background on hardware security and her motivation to engage with critical issues in cyber defence.

As a CYD Doctoral Fellow, Dina will conduct research on vulnerabilities and backdoors in heterogeneous hardware platforms, for protecting the confidentiality, integrity and availability of cyber and cyber-physical systems.

The CYD-EPFL joint initiative is expected to play a major role in encouraging the training of the next generation of leading researchers in cyber-security in Switzerland, of which Dina is a prime example. Apart from the Fellowship program to train young researchers, the CYD Campus also works to identify new developments in cyber space, promote technological and market monitoring and international scouting, and develop a collaboration network with industry leaders and academia.

We congratulate Dina G. Mahmoud on her award and hope that the CYD Fellowship will lead her to pioneering scientific achievements.

Read More

EPFL Scientists Generate Laser-based Microwaves Using Built-in Photonic Chips

Microwave and radio signals play a pivotal role in radar technology and telecommunications including wireless networks. Moving away from the current tendency of using high-frequency bands for such applications, EPFL scientists have demonstrated laser-based microwave generators using built-in photonic chips developed at EPFL. This is an important breakthrough because high-frequency bands are prone to logjams because of high demand. On the other hand, microwave photonics offers high bandwidth, low transmission loss, and immunity to electromagnetic interference.

Microwave photonics, a combination of optoelectronics and microwave engineering, is built using optical frequency combs. Recently, a major advancement in this field was the development of chip-scale frequency combs from nonlinear microresonators fueled by continuous-wave lasers. These chip-scale frequency combs are often referred to as “soliton microcombs” because they depend on the development of ultra-short coherent light pulses called solitons.

In their study published in the Nature Photonics journal, EPFL researchers led by Tobias J. Kippenberg present integrated soliton microcombs that have repetition rates down to 10 GHz. They achieved this by significantly reducing the optical losses of integrated photonic waveguides based on silicon nitride, which is already being used in CMOS micro-electronic circuits. The silicon nitride waveguides produced by the researchers have the lowest loss recorded in any photonic integrated circuit. The resulting coherent soliton pulses have repetition rates in the microwave X-band (~10 GHz, utilized in radars) and the microwave K-band (~20 GHz, utilized in 5G network).

The microwave signals through this technology have phase noise characteristics that are on par or lower than that of electronic microwave synthesizers available on the market. By successfully demonstrating built-in soliton microcombs at microwave repetition rates, the research integrates the fields of microwave photonics, nonlinear optics, and integrated photonics.

The low optical losses achieved by the EPFL researchers allow light to spread nearly 1 meter in a waveguide that is only 1 micrometer in diameter, i.e., 100 times smaller than a human hair. The level of loss is the lowest seen in any closely limiting waveguide for integrated nonlinear photonics. The low loss is due to the innovative manufacturing technique called silicon nitride photonic Damascene process, devised by EPFL researchers.

The EPFL team is currently working with U.S. collaborators to create hybrid-integrated soliton microcomb modules. Such highly compact microcombs can be used in LiDAR, transceivers in datacenters, spectroscopy, microwave photonics, optical coherence tomography, and compact optical atomic clocks.

The research was funded by the Swiss National Science Foundation (SNF) and the Defense Advanced Research Projects Agency (DARPA).


Read More

Google-Apple–based “SwissCovid” App in Pilot Test

The first coronavirus digital contact-tracing app using OS updates from Google and Apple is now in a large-scale pilot test. Dubbed as SwissCovid, the app is based on the decentralized protocol, where operations that have data privacy implications are not stored or conducted through a centralized server, but on the phone of individual users. Employees at EPFL, ETH Zurich, the Swiss Army, and select hospitals and cantonal administrations can now download the app for tracing contacts at risk of transmission of COVID-19.

Once downloaded and installed, the app signals to a user that he or she has been in prolonged contact with one or more people who subsequently tested positive for SARS-CoV-2. That not only helps the user take adequate precautions and test for the virus, but also checks the further spread of the disease.

The test, which was launched in late May, will clear the way for a roll out of the app to the public later this month after deliberations in the Swiss Parliament. However, recent research has indicated that 70% of Swiss residents approve the scheme. Professor Edouard Bugnion, Vice-President for Information Systems at EPFL and a key participant in the discussions with Google and Apple to have them adopt the “DP3T” protocol, said, “This is the first time that the operating system updates from Google and Apple enable its deployment and testing on such a large scale.” As observed by project manager Alfredo Sanchez, the Swiss testers now share a great responsibility because their usage could determine the widescale use of SwissCovid.

According to a report, 22 public health agencies have requested the API, while many countries might also switch to the Apple-Google framework because it offers “privacy by design,” minimizing the collection and sharing of information. In this context, Professor Carmela Troncoso, head of the Security & Privacy Engineering Laboratory at EPFL, said, “Our goal is to offer a solution that can be adopted in Europe and around the world…. There are millions of users and we owe it to them to be transparent.”

Although a pilot, the ongoing test phase is driven by real data. Eligible testers can opt to register for the pilot program, and any notification they receive through the app is not simulated. Therefore, they would be expected to take the advised precautions to check the spread of COVID-19.


Read More
picture of USB drive near usb port

New Fuzzing Tool Detects Vulnerabilities in USB Driver Stacks

We often fall back on the Universal Serial Bus (USB) to connect the computer with peripheral devices such as keyboards, external hard drives, mice, and webcams. That process exposes the OS kernels and device drivers to attacks by malicious devices. To detect such attacks, Mathias Payer and Hui Peng have developed a USB software security tool called USBFuzz. Mathias Payer leads the HexHive lab in the School of Computer and Communication Sciences (IC) while Hui Peng is a HexHive researcher and currently pursuing his PhD at Purdue University.

Payer and Peng leveraged open-source components to create the low-cost and hardware-independent tool to fuzz-test USB drivers. It uses a software-emulated USB device to provide random device data to drivers. Since the emulated USB device works at the device level, the tool is portable and easy to use across operating systems including Linux, Windows, and macOS.

USBFuzz has helped the scientists detect 26 new vulnerabilities, including 16 memory bugs of high-security impact in various Linux subsystems (USB Core, USB Sound, and network) that had already been subjected to extensive fuzzing tests. Three of the other vulnerabilities were detected in the macOS operating system, four in Windows, and one in FreeBSD. In a paper that will be presented at the Usenix Security Symposium in August, the researchers observe, “The discovery of bugs in FreeBSD, Windows, and macOS highlights the power of our cross-pollination efforts and demonstrates the portability of USBFuzz.”

Payer and Peng are not only isolating vulnerabilities but also working closely with Linux, Android, Microsoft, and Apple to develop patches to fix the bugs. So far, they have successfully resolved 11 of the new memory bugs.

The researchers plan to release USBFuzz on GitHub as an open source project following their presentation at Usenix.


Read More
Picture of soldiers using contact tracing app

EPFL Field-tests Contact Tracing App

There is global consensus that the best way to combat the spread of the novel coronavirus is to avoid contact with COVID-19 patients. Consequently, there are many ongoing efforts to develop contact- or proximity-tracing technologies. While the world awaits the arrival of the collaborative contact-tracing technology from Google and Apple, leading European institutions have been working together to develop a parallel app-based system that works with its own protocol. The project, initially launched by researchers from EPFL and ETH Zurich, has now been tested in the field with the help of the Swiss Army.

As the name implies, the international Decentralized Privacy-Preserving Proximity Tracing project (DP3T)1 focuses on data privacy and negates any chance of data being misused by hackers. Data is stored on each user’s phone in the form of signals that can only be used for contact tracing and not to collect or disseminate private information such as location, identity, or usage details. Developed within a relatively short time, the DP3T app was first tested on the EPFL campus and then shared with Swiss army personnel for a field test.

In the first stage of the field test held in late April, Swiss Army soldiers were asked to go through daily activities like shopping or sitting on a train, and their locations were recorded and analyzed using special cameras from EPFL’S Computer Vision Laboratory (CVLab), led by Pascal Fua. The data on the physical positions of the soldiers was then compared with the proximity measurements recorded by the DP3T system.

The second stage of the field test was conducted at a military facility by Mathias Payer, head of the HexHive lab in EPFL’s School of Computer and Communication Sciences. A beta version of the Bluetooth-based proximity-tracing app was installed on the phones of about 100 soldiers. The app continued to run as the soldiers went through their normal training schedule, which included physical training, theoretical study, and target shooting. A record was maintained each time a recruit was “less than two meters for more than five minutes” from another person. The DP3T app continued to work regardless of the phone’s location in the pocket, hands, or backpack. The data signals, including those received from nearby phones, were stored on each user’s phone. To test the efficacy of the app, one of the soldiers was designated as if he had tested COVID-19 positive, and his contacts were then traced through the app data without divulging personal details.

As lockdown rules slowly relax, there is a higher possibility of transmission of the virus. DP3T, which ensures “privacy by design,” could help break that chain of transmission. The scientists plan to complete the testing parameters and publish the results online for feedback and improvements. A beta version is expected later this month, and the app could be rolled out to users thereafter, pending approval from the Swiss government.


1  The DP3T team includes researchers from EPFL, ETH Zurich, and many other European institutions.

The EPFL team includes Alfredo Sanchez, Apostolos Pyrgelis, Carmela Troncoso, Dominique Quatravaux, Edouard Bugnion, Daniele Antonioli, James Larus, Jean-Pierre Hubaux, Ludovic Barman, Marcel Salathé, Mathias Payer, Pascal Fua, Sylvain Chatel, Theresa Stadler, and Wouter Lueks.

The ETH Zurich team includes David Basin, Dennis Jackson, Jan Beutel, Kenneth Paterson, and Srdjan Capkun.

Other European researchers include Bart Preneel, Nigel Smart, Dave Singelee, and Aysajan Abidin (KU Leuven); Seda Gürses (TU Delft); Michael Veale (University College London); Cas Cremers (CISPA Helmholtz Center for Information Security); Reuben Binns (University of Oxford); and Ciro Cattuto (University of Torino / ISI Foundation).

In Switzerland, the project is being coordinated by the National COVID-19 Science Task Force of the Swiss Federal Council, and is officially supported by the Swiss Federal Office of Public Health (FOPH).

Read More
Messenger in COVID-19 Communication

Survey Reveals Importance of the Messenger in COVID-19 Communication

The novel coronavirus thrives on proximity. Therefore, most initiatives to combat the pandemic are geared to prevent person-to-person transmission. Social distancing is the call of the hour, and governments have shut down cities, nations, businesses, and events, sacrificing economic growth to save lives. To drive home the importance of social distancing, government spokespersons as well as celebrities have reached out to the people to maintain physical distancing at all times. Two main questions emerge from such campaigns: What is the extent of support for social distancing measures? Who is the better messenger for such campaigns: the government spokesperson or the celebrity?

To find answers to such crucial questions, a survey was conducted in March by researchers from EPFL and the University of Lausanne. A questionnaire was distributed to 705 adults in Switzerland. Participants were asked for their impressions on Switzerland’s response to the coronavirus pandemic and whether they supported social distancing measures. In a second part of the questionnaire, participants were asked to read a social distancing message from a public figure and then indicate how positively or negatively they felt about the message. Some questionnaires had a message from Hollywood actor Tom Hanks, while others included a message from Swiss president Simonetta Sommaruga.

Contrary to the predicted outcome that the celebrity would have a greater influence on people’s opinions and attitudes, the survey revealed that the government spokesperson was more effective, particularly in response to current compliance with social distancing measures. This effect was substantially stronger among older respondents despite their lower risk perception. The study also demonstrated that support and current practice of social distancing were inversely related with city and household size.

Although this was a limited survey, the results could help develop future strategies to mitigate the COVID-19 crisis as well as other challenging situations in the future. Toward that objective, the researchers are awaiting results from similar surveys deployed in many other countries to gather insights from across the world.

The research paper “Who is listening? Spokesperson Effect on Communicating Social and Physical Distancing Measures During the COVID-19 Pandemic” is authored by Andreas Spitz and Ahmad Abu-Akel (Institute of Psychology, University of Lausanne) and Robert West (School of Computer and Communication Sciences, EPFL).


Read More
App-based Self-screener for COVID-19

Coming Soon: EPFL’s App-based Self-screener for COVID-19

Humanity is facing perhaps its biggest challenge in modern times. Governments and healthcare workers around the world are desperately attempting to contain the spread of the highly contagious coronavirus. In the absence of a definitive cure, the next best thing is to identify, isolate, and treat patients. But that is easier said than done; test kits and resources are scarce, and people showing preliminary symptoms are averse to visiting a hospital. In that situation, an AI-based research at EPFL has grabbed global media attention.

A group of five researchers at EPFL’s Embedded Systems Laboratory (ESL) have developed an artificial intelligence-based system that allows you to record your cough and have it analyzed almost instantly to indicate whether you have COVID-19. In a few weeks’ time, the team will release an app, aptly named Coughvid, which will be available for free and direct download to your devices.

Explaining the principle behind the research, ESL head and research team member David Atienza quoted statistics from the World Health Organization, which show that 67.7% of COVID-19 patients have a dry cough without mucus, while the common cold or allergy is usually accompanied by a wet cough. Using artificial intelligence, Coughvid distinguishes between different types of cough based on their sound. The researchers are collecting enough recordings of coughs to train the system to yield results with a 70% accuracy rate. Compared to existing screening systems, Coughvid is a simple diagnostic tool that allows users to self-screen and reduce their apprehensions in these days of fear and uncertainty.

In a recent article, The Wall Street Journal reports that Coughvid could help identify “the signature respiratory problems that make the infections so dangerous” and “help unlock the way to a faster diagnosis.”

Answering critics of computer-science projects on coronavirus, AI researchers say that their primary aim is to gather data that could help develop screening software and diagnostic aids, and they are fully aware of the risks of false positives and negatives. The EPFL researchers will first ensure that they have sufficient data before releasing the Coughvid app. Toward that goal, EPFL is inviting COVID-19 patients to contribute to the development work by recording their cough at

Coughvid is one of around a dozen projects being carried out under HelpfulETH, a joint initiative of EPFL and ETH Zurich to develop solutions to fight COVID-19.


Read More
JEDI Empanels EPFL Scientists in Search for COVID-19 Cure

JEDI Empanels EPFL Scientists in Search for COVID-19 Cure

The Joint European Disruptive Initiative (JEDI) has launched a competition with up to €2 million in prizes for scientific teams that can screen molecules to block the action of COVID-19 on the human body. The competition will involve up to a hundred teams, each of which will be expected to come up with a billion molecules in the hunt for a COVID-19 therapeutic. JEDI has appointed a high-profile scientific committee to run the ‘Billion Molecules against COVID-19’ challenge, including Babak Falsafi and Bryan Ford from EPFL’s School of Computer and Communication Sciences.

JEDI was conceived to function as a moonshot organization oriented toward the future, but the COVID-19 challenge has brought it to the present crisis facing humanity. Although research on COVID-19 is already a crowded field with many concerted efforts by supercomputing centers worldwide, the JEDI initiative adds value by focusing on billions of molecular compounds instead of individual molecules such as hydroxychloroquine.

The competition gets underway on May 1. It will be conducted in three phases. In the first phase, which will last for 33 days, teams will test molecules against SARS-CoV-2 by computational screening of enormous libraries against high-resolution protein structures using supercomputing and potentially machine learning. Cross-correlation of results is expected to lead to a “high potential” compound list that can be fast-tracked for clinical testing. Prize money of €250,000 will be awarded to the top team that uses three independent computational methods and selects 10,000 promising molecules from a library of more than a billion.

In Stage 2, teams will identify compounds that lead to 99% viral suppression. The team or consortium that demonstrates the highest suppression of viral replication using molecules shortlisted in Stage 1 will receive €500,000, while a further €500,000 will be awarded to the team that can identify a compound having the best binding affinity with COVID-19.

Stage 3, which will be conducted concurrently with Stages 1 and 2, offers a cash prize of €500,000 to any team that isolates a molecule for immediate use against COVID-19.

The scientific committee for the ‘Billion Molecules against COVID-19’ challenge is representative of Europe’s top scientists and academics. EPFL is honored by the presence of Babak Falsafi and Bryan Ford on the committee. Other distinguished members include Nobel Laureate Sir Peter Ratcliffe, former CEO of INRA Dr. Marion Guillou, and leading epidemiologist Adolfo Garcia-Sastre.


Read More
Person holding a smartphone

EPFL, ETH Zurich Lead Contact Tracing Technology to Tackle COVID-19

One of the most challenging aspects of the novel coronavirus disease is its rapid person-to-person transmission. Consequently, it is critical for governments to swing into action quickly to physically trace and quarantine persons who have come in contact with a COVID-19 positive case. It is a daunting task for the already strained healthcare resources. To ease that situation, researchers from EPFL and ETH Zurich have developed a digital contact tracing technology by working closely with a large number of European colleagues. They are now very close to releasing a solution called DP-3T (Decentralized Privacy-Preserving Proximity Tracing).

The DP-3T project is supported by the Swiss Federal Office of Public Health (FOPH), and the pan-European open source technology will be adopted by the Swiss government. FOPH Director-General Pascal Strupler said an app based on EPFL’s DP-3T concept will be ready by May 11. It will “leverage the new Google and Apple Contact Tracing APIs as soon as they are available,” he added. In Switzerland, the development of the project is being coordinated nationally as part of the National COVID-19 Science Task Force of the Swiss Federal Council.

Many scientists and researchers feel that contact tracing will endanger privacy of individuals. Their main objection is to the centralization of data because that could lead to data abuse. However, the DP-3T project is backed by more than 300 scientists around the world because it offers a secure, decentralized, privacy-preserving proximity tracing system based on the Bluetooth Low Energy standard. Data is retained on the handset instead of being sent to a central database. This aspect was emphasized by Jim Larus, dean of EPFL’s School of Computer and Communication Sciences: “The innovative efforts of the EPFL-ETH Zurich team, along with their collaborators, show that it is not necessary to trade off personal privacy to put in place an effective technological response to the COVID-19 crisis.”

The decentralized approach toward contact tracing has been endorsed by Apple and Google. Both companies have said that only truly decentralized apps would be able to run continuously using Bluetooth on Apple and Android handsets.

While the DP-3T app is in development, it is already available as an open-source protocol on GitHub, where discussions about DP-3T’s source code are introducing a great deal of transparency to the project.


Read More
EPFL Software Helps Cryptographic Innovation for Swiss Hospitals

EPFL Software Helps Cryptographic Innovation for Swiss Hospitals

Increasing digitization of clinical information holds considerable promise for data sharing in the field of personalized healthcare. However, it potentially opens sensitive patient data to the twin threats of privacy breach and data security. That has prevented wide-scale adoption of clinical and genomic data sharing despite its enormous possibilities.

In a major breakthrough last year, EPFL and the Lausanne University Hospital (CHUV) collaborated to develop a secure software called the MedCo system. The system took shape in the Laboratory for Data Security (LDS), headed by Professor Jean-Pierre Hubaux, and is based on software libraries developed by the Decentralized and Distributed Systems (DEDIS) Lab, headed by Professor Bryan Ford.

After a year’s intense cooperation between IT and legal experts, the MedCo system has now been deployed in the university hospitals of Lausanne, Geneva, and Bern. The system will be expanded to the university hospitals of Basel and Zurich, as well as other hospitals in the Swiss Group for Clinical Cancer Research (SAKK).

MedCo mitigates the risks associated with existing approaches. While the centralized approach of accumulating all the trust in a single repository is susceptible to a single point of failure in the system, the decentralized approach of keeping data at individual clinical sites involves high costs for institutions to maintain an interoperable network. To overcome these limitations, MedCo enables clinical sites to share clinical and genomic data through a hybrid or “somewhat” decentralized approach. According to the researchers, the system “distributes the trust among a set of different ‘storage and processing’ units to which clinical sites can securely outsource the storage of their data.”

MedCo is based on a cryptographic principle called ‘secure multiparty computation.’ According to Juan Troncoso-Pastoriza, senior researcher at LDS, the encryption scheme is homomorphic, which allows “computations to be performed on encrypted data without decrypting it” and “the data remains protected end-to-end from both internal and external attacks.”

The adoption of MedCo by major hospitals in Switzerland represents a major advancement in the use of big data in the healthcare sector because the system provides collective protection of medical data and extends strong security guarantees to clinical sites.

MedCo’s deployment is part of a project funded by the Swiss Personalized Health Network and the Personalized Health and Related Technologies strategic focus area of the ETH Domain.


Read More