hammer/notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Migrate Markdown-Notes: projects, meetings, reference, personal

Browse Source
This commit is contained in:
Hammer
2026-01-26 22:05:01 +00:00
parent 9507ddf856
commit 49025b3586
93 changed files with 3422 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
projects/arcanum/DARPA-ERIS/10-16-25 DARPA ERIS Feedback.md Normal file
View File

@@ -0,0 +1,9 @@
Questions:
- What's the scoring threshold?: There is no threshold
Hit on The Auburn name:
I'm an ex Lockheed martin dev
Explain what we need the money for and why darpa

80
projects/arcanum/DARPA-ERIS/Advancing the SotA slides.md Normal file
View File

@@ -0,0 +1,80 @@
## Slide 1: How nKode Addresses the Topic Area
- Topic Area: Advanced technologies for resilience, efficiency, and effectiveness in strategic systems
- Focus: Critical infrastructure and military C2 systems (strategic, command, operational, tactical edges)
- nKode's Fit: Enhances authentication resilience in contested/low-bandwidth environments
- Benefits: Improves efficiency via intuitive, low-cognitive-load access; boosts effectiveness by preventing bypasses
- Alignment: Supports Zero Trust, edge computing, and secure ops in dynamic conditions
**Speaker Notes:** This slide directly ties nKode to the ERIS topic area from the DARPA announcement, emphasizing improved resilience (e.g., credential reuse/keylogger immunity over unencrypted networks), efficiency (faster logins under stress without keyboards), and effectiveness (reduced errors, mission continuity for Tactical Assault Kits). It addresses vulnerabilities in C2 systems across edges, enabling information superiority against AI-driven threats like cognitive electronic warfare. This positions nKode as a breakthrough for national security, aligning with ERIS's goal of curating disruptive solutions for rapid acquisition.
## Slide 2: Contribution to DARPA's Mission
- DARPA Mission: Create technological surprise for U.S. national security
- nKode's Role: Reinvents "something you know" authentication with keyboard-less, AI-generated icons
- Surprise Element: credential reuse, and keylogger-immune; operable over unencrypted/low-bandwidth networks
- Impact: Adversaries surprised by resilience against credential harvesting in contested environments
- Benefit: Protects missions, lives, and infrastructure from AI-driven cyber threats
**Speaker Notes:** DARPA's mission, as stated in the ERIS announcement, is about technological surprise. nKode contributes by obsoleting text-based passwords, providing an asymmetric advantage in cyber-resilient warfare. For example, in tactical edges with limited bandwidth, it enables secure access to Tactical Assault Kits without traditional vulnerabilities. This aligns with ERIS goals of rapid acquisition for disruptive solutions, fostering information superiority against nation-state threats like cognitive electronic warfare.
## Slide 3: How the Problem is Addressed Today
- Current Methods: Long, complex passwords (12-16 characters) rotated every 60-90 days
- Vulnerabilities: Prone to reuse, keyloggers, shoulder surfing; high cognitive load under stress
- Limitations: Requires keyboards (impractical in tactical gear); needs secure channels for MFA
- Issues: 95 hacks per second globally; bypass in high-risk environments
- Alternatives: Biometrics (facial/iris/fingerprint) fail in duress, dirt, or low light
**Speaker Notes:** Today, authentication relies on outdated standards per NIST/DoD, leading to credential reuse and exploitation. Passwords can be easily compromised via reuse, especially at the tactical edge where bandwidth is low and stress is high. Biometrics help but are constrained in field scenarios (e.g., gloves, environmental factors). This results in mission risks, as warfighters may bypass controls. nKode addresses these deficiencies head-on.
## Slide 4: What's New in nKode's Approach
- Novel Features: Shuffling icons on a patented virtual keypad; AI-generated unique icons per user
- Comparisons to Current Practices:
- Vs. Passwords: No text input; exceeds NIST entropy (1 in 8-24M guess rate for 4 icons)
- Vs. Biometrics: No hardware dependency; works under pressure/duress
- Backend: ChaCha20 CSPRNG for secure shuffling over unsecure networks
- Resilience: Immune to keyloggers, replay attacks; auto-rotates without user action
**Speaker Notes:** What's new is the dynamic, visual paradigm: icons shuffle per login, mapped to tokenized values via backend cipher. Unlike static passwords or biometrics, nKode prevents reuse (unique icons) and operates in low-bandwidth environments. This compares favorably to current practices by flipping the usability-security trade-off easier to remember yet more secure. It's TRL 5-validated, per our prior ERIS feedback, and advances SoTA by closing attack vectors like shoulder-surfing (6.5 observations needed to crack vs. 1).
## Slide 5: Unique Insights for Advancing SoTA
- Insight: Security must be intuitive to ensure adoption; visual memory outperforms text-based
- Advancement: Reduces friction in MFA's "something you know" factor (unchanged since 1961)
- Differentiation: Dispersion-resistant enrollment; attribute renewal for proactive defense
- Why Transformative: Enables Zero Trust in contested edges; scales to commercial (banking/healthcare)
- Evidence: Meets/exceeds DoD password standards while lowering errors
**Speaker Notes:** Our unique insight is that stronger security via ease-of-use leads to reliable adoption, improving mission outcomes. Humans recall images better than complex passwords, reducing cognitive load for warfighters. This advances SoTA by integrating AI icons with cryptographic primitives, resisting AI-driven attacks. Unlike current static inputs, nKode's randomized interface ensures no two logins map the same a paradigm shift for resilience in strategic systems.
## Slide 6: Foreseen Barriers
- Adoption Risk: Authentication changes are high-risk; companies hesitant to be first adopters
- Pitch History: Positive feedback from dozens (e.g., FIS, banks) over 10 years, but no implementations
- Technical: Integration with legacy DoD systems; user training; device compatibility (rugged tablets)
- Evolving Threats: Advanced AI shoulder-surfing; scaling icon generation
- Mitigation: Leverage ERIS for rapid pathways; partner with McCrary Institute for validation
**Speaker Notes:** Barriers include institutional inertia despite excitement from fintech like FIS (Fidelity National Information Services), no one wants to pioneer due to perceived risks. In DoD, integrating with C2 systems or ATACs could face hurdles. We'll address via human factors expertise (as per prior feedback) and field testing. Evolving threats like AI exploits require ongoing R&D, but nKode's design inherently resists them.
## Slide 7: Why nKode Will Succeed
- Market Validation: Independent survey by User Insight 52% prefer nKode (vs. 28% passwords)
- High Acceptance: 17% above "very high" benchmark (35%)
- Team Strength: Veterans with cyber ops experience; TRL 5 proven
- Dual-Use Potential: Defense (tactical edge) + Commercial
- Evidence: Exceeds benchmarks; low friction deployment
**Speaker Notes:** Success is backed by data: User Insight's survey showed exceptional preference (52%), far above norms, indicating strong usability. Our team's expertise (Army/Navy vets) and partnerships ensure execution. nKode's success lies in its intuitive design users remember one nKode for all, with auto-rotation. This will drive adoption, per ERIS goals, leading to safer operations.
## Slide 8: Proposed Plan/Strategy if Funded
- Phase 1: Adapt commercial app for tactical edge; integrate with ATACs/Tactical Assault Kits
- Phase 2: Field validation/testing in simulated environments; address barriers (training/integration)
- Phase 3: Advance to TRL 6-7; deploy OpenID Connect for DoD systems
- Timeline: 12-18 months; focus on low-bandwidth resilience
- Outcomes: Prototype for warfighters; pathway to commercialization
**Speaker Notes:** If funded, we'll pivot our existing commercial app (with OpenID/OAuth support) to defense needs. Develop a glove-friendly version for tactical edges, sans biometrics. Strategy: Collaborate with McCrary/Forge Institutes for demos and integration. Budget for AI enhancements and testing. This aligns with ERIS's rapid acquisition, transitioning from idea to prototype for enhanced strategic system resilience.

57
projects/arcanum/DARPA-ERIS/DARPA ERIS Feedback 12-17-25.md Normal file
View File

@@ -0,0 +1,57 @@
Defining the Problem & Current State of the Art
Evaluator 1: Superior out of Superior "The submission addresses the challenge of reliable and secure user authentication in denied or sophisticated threat environments, particularly on edge devices. Current state-of-the-art capabilities and regrets are clearly identified."
Evaluator 2: Superior out of Superior "The submission does an excellent job of describing the problem of authentication - especially is use cases involving edge4 devices under stressful conditions. The submission further does a very nice job describing the state-of-the art, i.e. passwords and biometric, and highlighting the challenges associated with these approaches."
Evaluator 3: Highly Satisfactory out of Superior "Summary: Current password approaches to system security presents vulnerabilities Strengths: - Traditional “passwords” are recognized as being prone to hacking and abuse. This is particularly the case where “strong” passwords are not enforced. - “Lazy” users frequently re-use passwords across many sites. - Password expiration creates a burden on users to update and memorize frequent changes to many protected sites, making. Areas to improve: - Many approaches to include random generation of “strong” passwords tied to personal user credentials, dual/multi-factor authentication, biometrics and tokens/CAC cards have helped mitigate traditional PW risks. - The significance of specific tactical (or strategic) system vulnerabilities to AI-orchestrated cyberattacks or other threats was only generally addressed.
Advancing the State of the Art
Evaluator 1: Satisfactory out of Superior "The submission presents a solution to advance the state-of-the-art of authentication by employing a pictograph-based system that is encrypted using an industry-standard stream cypher (ChaCha20). The presented system has several attractive features that simplify reliable authentication in the field, where there are challenges with standard biometric techniques. The white space chart clearly indicates the presented systems capability benefits compared to legacy password approaches. The submission, **however, does not present any technology development of the system beyond scaling up the number of icons, so there is no apparent DARPA role."**
Evaluator 2: Marginal out of Superior "I struggled with this rating because I think the submission presents an innovative solution to the authentication problem, I just think DARPA may not be the right customer given where they are in the development cycle. It looks like the technology is largely developed - **the submission does not do a good job of describing the technical challenges DARPA funding will help them overcome, beyond adapting it for tactical edge devices and integration."**
Evaluator 3: Satisfactory out of Superior "Summary: The submission advocates for a new paradigm for user authentication that is “more secure, intuitive and scalable” than traditional passwords.
Strengths:
- Innovative approach to site protection using AI
- generated icons making “passwords” easier to remember, even across many different applications and domains and preventing PW re-use.
- The visual UI is patented and customizable, with development customized based on operational feedback from fintech, defense and cybersecurity.
- The submission suggest alignment to ESIRs topic area for advanced technologies for improved resilience, efficiency and effectiveness of strategic systems.
**Areas to improve:**
- The submission suggests that biometrics are inferior to the presented technology but often provides highly effective authentication in tactical and other environments.
- The technology is indicated to be TRL 5, with the greatest risks to adoption being integration, training, and “evolving AI threats”. These could be addressed as DOTMLPF gaps verses a need additional transformative research.
- Research goals of the submission lack definition and are generally focused on field trials verses discovery.
Team Capability (Key Personnel Vision, Expertise, and Experience)
Evaluator 1: Superior out of Superior "A very capable project team includes university cyber center personnel, professors with expertise in mathematics and computer science, and members with military experience. The team has already developed and successfully demonstrated a prototype product."
Evaluator 2: Superior out of Superior "The presented team has excellent credentials covering all the relevant expertise required to make the solution a reality - cybersecurity, math, software, operational expertise, etc."
Evaluator 3: Highly Satisfactory out of Superior "Summary: The submitter is a small business affiliated with two not-for-profits focused on cybersecurity. Strengths: - The team has already developed the technology and has IP protection for it. - Partnership provide additional depth of expertise and infrastructure to support development. - The submitting team is indicated to have substantial expertise and experience in cybersecurity, intelligence operations, red teaming, mathematical frameworks, and software development. Areas to improve: - Additional expertise or partnerships with military end-users that would support trials of the technology would strengthen the submission. - Project vision is not indicated.
Defense and/or Commercial Market Use Case/Impact
Evaluator 1: Highly Satisfactory out of Superior "The simplified and robust authentication process would improve user experience and enhance security for military users in a denied or cyber-threat environment."
Evaluator 2: Highly Satisfactory out of Superior "I can imagine a wide variety of military and commercial use cases where this technology would be be very beneficial, especially in a contested environment with operators under stress. The main reason I did not rate as superior is because I am concerned there might be some military applications where it would be difficult to see the small pictograph icons."
Evaluator 3: Highly Satisfactory out of Superior "Summary: The submission indicates broad applicability for the solution, to include tactical edge authentication and any commercial application where traditional PW authentication is employed. Strengths: - A range of defense use cases are indicated including tactical edge authentication, focused on the TAK application. - Commercial applications are suggested to be vast, with healthcare and banking as two exemplars. - Application of the solution of have the impact of more secure systems that are easier for end-users to access. Areas to improve: - None noted.
## Coaches Feedback (Mike Cooper)
- make the demo at the end bigger. push it forward to advancing the state of the art
- testomonials go a long way (go and ask soldiers what they'd use). maybe emphasize User Insight. Discuss operational gap with biometrics
- they don't know what we're going to do with the money. (should borrow from NSF)
- add a slide that says "advancing the state of the art?"
- we'll likely get 2 of the three evaluators
- make sure we are at a 4 but not above. say we're going to take their money and get us to a TRL 6
- Don't be afraid be technical

3
projects/arcanum/DARPA-ERIS/DARPA ERIS Feedback.md Normal file
View File

@@ -0,0 +1,3 @@
DoD specific usecase: gas mask, face mask,
- Need to mark as a resubmission, it's in a drop down menu
-

20
projects/arcanum/DARPA-ERIS/DARPA ERIS Team.md Normal file
View File

@@ -0,0 +1,20 @@
The nKode project team is a unified collaboration between Arcanum Technology LLC and Auburn Universitys McCrary Institute for Cyber and Critical Infrastructure Security, blending Arcanum's proprietary innovation with McCrary's elite cybersecurity, intelligence, and computational expertise.
Brooks Brown, as the inventor and Co-founder of nKode, provides the foundational vision and architectural expertise essential for driving this innovative authentication solution forward. His role as Chief Development Architect positions him uniquely to guide the project's technical direction.
Donovan Kelly, with over seven years of software development experience across defense, healthcare, media, and authentication sectors, including prior work as a Space Ground Software Engineer at Lockheed Martin, is ideally suited to lead the technical implementation of nKode. As CTO of Arcanum Technology LLC, he is actively developing nKode as a cutting-edge multi-factor authentication (MFA) system.
Dr. Craig Whittinghill serves as the Deputy Director for Applied Research and Services at the McCrary Institute. As a Navy Veteran with 29 years of service as a Naval Intelligence Officer, he brings extensive leadership in high-stakes cyber and intelligence operations.
Jonathan Sherk is a Principal Cybersecurity Research Engineer at Auburn Universitys McCrary Institute. He leads a USDA grant on rural cybersecurity and co-leads Alabamas State and Local Cybersecurity Grant Program. As an NSA-certified, CYBERCOM-accredited Red Team Lead, he has performed adversarial assessments on EUDs and Army products at the Threat Systems Management Office. His military service includes Army Special Operations in the 112th Signal Battalion and 7th Special Forces Group
Dr. Luke Oeding, an Associate Professor in the Department of Mathematics and Statistics at Auburn University, contributes advanced algebraic and computational expertise critical for nKode's underlying mathematical frameworks. His research focuses on applications of algebraic geometry and representation theory to tensors, quantum information processing, signal processing, and collaborative navigation.
Dr. Farah Kandah, an IEEE Senior Member and Associate Professor in the Department of Computer Science and Software Engineering at Auburn University, as well as a faculty affiliate with the McCrary Institute, provides specialized knowledge in cybersecurity, networking, and emerging technologies like IoT and quantum credentials. His research encompasses distributed computing, computer security and reliability, computer communications (networks), trust management in wireless mesh networks, and more.
- **Brooks Brown**: Chief Development Architect and Co-founder at Arcanum Technology, inventor of nKode.
- **Donovan Kelly**: Chief Technology Officer at Arcanum Technology.
- **Dr. Craig Whittinghill**: Deputy Director for Applied Research and Services at McCrary Institute.
- **Jonathan Sherk**: Principal Cybersecurity Research Engineer at McCrary Institute.
- **Dr. Luke Oeding**: Associate Professor in Mathematics and Statistics at Auburn University.
- **Dr. Farah Kandah**: Associate Professor in Computer Science and Software Engineering at Auburn University, faculty affiliate at McCrary Institute.

29
projects/arcanum/DARPA-ERIS/DARPA ERIS nKode Solution.md Normal file
View File

@@ -0,0 +1,29 @@
Submission Title (less than 128 characters)
Abstract description (1,500 Characters)
Topic Area: Developing advanced technologies for improved resilience, efficiency, and effectiveness of strategic systems. This topic area supports technologies for critical infrastructure and military command-and-control systems (networks and applications across strategic, command, operational, and tactical edges).
Advancing the state of the art.
Detail why the proposed solution is likely to advance the current state of the art within the solution's relevant field(s). DARPAs mission is to create technological surprise for United States national security;
How does your solution contribute to that mission?
nKode reinvents "something you know" authentication (unchanged since 1961) with a keyboard-less, AI-generated icon system that's phishing-resistant, keylogger-immune, and operable over unencrypted/low-bandwidth networks. Adversaries relying on traditional cyber exploits (e.g., credential harvesting) would be "surprised" by its resilience in contested environments.
How is the problem being addressed today?
Long complex passwords changed every 60-90 days. password can
What is "new" within your approach as it compares to current practices and describe your unique new insight for advancing the state of the art?
Shuffling icons on a virtual keypad.
What barriers do you foresee when attempting to advance the state of the art?
Authentication is a difficult technology to change. Arcanum has been pitching nKode to fintech/banks for almost 10 years. Most potential clients want to use nKode. We've had positive feedback, even excitement, from dozens of company (FIS, ...). However nobody wants to be the first to implement it. Despite all the problems we can solve by replacing passwords and PINs, the risk is to high for most companies to be the first to try the technology.
What is new in your approach and why do you think it will be successful?
We've conducted an independent market acceptance, through User Insight, to see if users would want to use nKode. We were told by the survey team that 35% accepts was a very high score. nKode was preferred by 52% (17% over what's considered high score) of participants over 28% who preferred passcodes and 19% with no preference.
Briefly state your proposed plan/strategy if funded.
We've developed an nKode application that is geared toward commercial partners. We've developed and deployed OpenID connect applications (nKode as an Identity provider).
We want to develop an application for warfighters at the tactical edge. An application that allows them to easily authenticate with gloves and without biometric authentication, just an ATAC.

BIN
projects/arcanum/DARPA-ERIS/ERIS_Slide_v2.pptx Normal file
View File

Binary file not shown.

1
projects/arcanum/DARPA-ERIS/ERIS_low_bandwidth.md Normal file
View File

@@ -0,0 +1 @@
# ERIS Low Bandwidth

24
projects/arcanum/DARPA-ERIS/Speakers notes.md Normal file
View File

@@ -0,0 +1,24 @@
Hello, My name is Donovan Kelly, CTO at Arcanum Technologies. We've developed nKode, a patented pictographic passcode that reinvents authentication—making it more secure and intuitive for tactical edge environments. Arcanum has partnered with the McCrary Institute at Auburn University to leverage their cybersecurity expertise and veteran insights.
Since their introduction in 1961 with MIT's Compatible Time-Sharing System, passwords have remained the cornerstone of "something you know" authentication. Yet, amid the rapid escalation of cyber threats over the ensuing six decades, this paradigm has undergone little fundamental reinvention. Passwords impose a taxing cognitive burden on warfighters, necessitating the memorization and periodic rotation of 12-16 character sequences every 60-90 days—a process prone to reuse across systems and errors amid high-stress operations. Their vulnerabilities are profound, with breaches occurring at a staggering rate of 95 per second worldwide, rendering them highly susceptible to credential harvesting. At the tactical edge, these deficiencies are amplified by environmental constraints. Inputting credentials while encumbered by tactical gear, such as gloves, proves impractical and often leads to security bypasses in high-risk, low-bandwidth scenarios that also constrain multi-factor authentication. Compounding this, AI-orchestrated attacks from nation-state actors intensify the overall threat landscape, underscoring the urgent need for evolution.
The state of the art includes static text inputs and biometrics like facial recognition or fingerprints, which work well in controlled environments but falter in real-world tactical scenarios—think low light for iris scans, noise for voice, or gloves blocking fingerprints. Systems like Software-Defined Radios and Tactical Assault Kits integrate Zero Trust and edge computing for better security, but they still rely on vulnerable authentication methods that AI exploits, cognitive electronic warfare, and signals intelligence can crack. This is where nKode steps in—addressing these gaps by advancing beyond static, text-based systems to a visual, resilient alternative.
nKode aligns with ERIS Topic Area “advanced technologies for improved resilience, efficiency, and effectiveness of strategic systems,” including critical infrastructure and military C2 across all edges. In real-world degraded comms where passwords, OTPs, or push prompts fail or are vulnerable, nKode strengthens authentication with keyboard-less icon challenges that move over tiny or even unencrypted pipes while staying resistant to capture and replay. This yields quick, low-cognitive-load logins under stress and reduces workarounds, keeping tools like Tactical Assault Kits online. The approach supports DARPAs goal of technological surprise by denying adversaries easy wins from phishing and keylogging and by staying operable when bandwidth and trust are scarce.
Today, authentication relies on outdated standards, leading to credential reuse and exploitation. Passwords can be easily compromised via reuse, especially at the tactical edge where bandwidth is low and stress is high. Biometrics help but are constrained in field scenarios (e.g., gloves, environmental factors). This results in mission risks, as warfighters may bypass controls. What's new is the dynamic, visual paradigm: icons shuffle per login, mapped to tokenized values via backend cipher. Unlike static passwords or biometrics, nKode prevents reuse (unique icons) and operates in low-bandwidth environments. This compares favorably to current practices by flipping the usability-security trade-off easier to remember yet more secure. It's TRL 5, and advances SoTA by closing attack vectors like shoulder-surfing.
Our unique insight is that stronger security via ease-of-use leads to reliable adoption, improving mission outcomes. Humans recall images better than complex passwords, reducing cognitive load for warfighters. This advances SoTA by integrating AI icons with cryptographic primitives, resisting AI-driven attacks. Unlike current static inputs, nKode's randomized interface ensures no two logins map the same a paradigm shift for resilience in strategic systems.
Barriers include institutional inertia—despite excitement from fintech like FIS (Fidelity National Information Services), no one wants to pioneer due to perceived risks. In DoD, integrating with C2 systems or ATACs could face hurdles. Scaling icon generation is key: we need millions or billions of AI-generated icons that are unique and psychologically neutral (free of biases that could make selections predictable), ensuring no AI can train on patterns for attacks. We'll address this via human factors expertise (as per prior feedback), field testing, and ongoing R&D—nKode's design inherently resists many exploits, but this requires advanced AI safeguards.
Success is backed by data: User Insight's survey showed exceptional preference (52%), far above norms, indicating strong usability. Our team's expertise (Army/Navy vets) and partnerships ensure execution. nKode's success lies in its intuitive design users remember one nKode for all, with auto-rotation. This will drive adoption, per ERIS goals, leading to safer operations.
If funded, we'll pivot our existing commercial app (with OpenID/OAuth support) to defense needs. Develop a glove-friendly version for tactical edges, sans biometrics. Strategy: Collaborate with McCrary for demos and integration. Budget for AI enhancements and testing. This aligns with ERIS's rapid acquisition, transitioning from idea to prototype for enhanced strategic system resilience.
The nKode team is a unified collaboration between Arcanum Technology LLC and Auburn Universitys McCrary Institute for Cyber and Critical Infrastructure Security. Brooks Brown, as the inventor and Co-founder of nKode, provides the foundational vision and architectural expertise essential for driving this innovative authentication solution forward. His role as Chief Development Architect positions him uniquely to guide the project's technical direction. Dr. Craig Whittinghill serves as the Deputy Director for Applied Research and Services at the McCrary Institute. As a Navy Veteran with 29 years of service as a Naval Intelligence Officer, he brings extensive leadership in high-stakes cyber and intelligence operations. Jonathan Sherk is a Principal Cybersecurity Research Engineer at Auburn Universitys McCrary Institute. He leads a USDA grant on rural cybersecurity and co-leads Alabamas State and Local Cybersecurity Grant Program. As an NSA-certified, CYBERCOM-accredited Red Team Lead, he has performed adversarial assessments on EUDs and Army products at the Threat Systems Management Office. Dr. Luke Oeding, an Associate Professor in the Department of Mathematics and Statistics at Auburn University, contributes advanced algebraic and computational expertise critical for nKode's underlying mathematical frameworks. His research focuses on applications of algebraic geometry and representation theory to tensors, quantum information processing, signal processing, and collaborative navigation. Dr. Farah Kandah, an IEEE Senior Member and Associate Professor in the Department of Computer Science and Software Engineering at Auburn University, as well as a faculty affiliate with the McCrary Institute, provides specialized knowledge in cybersecurity, networking, and emerging technologies like IoT and quantum credentials. His research encompasses distributed computing, computer security and reliability, computer communications (networks), and more. Lastly me. I have over seven years of software development experience across defense, healthcare, media, and authentication sectors, including prior work as a Space Ground Software Engineer at Lockheed Martin. In my current role as CTO of Arcanum Technology LLC, I am actively developing new ways to apply nKode to a variety of authentication problems.
nKode offers significant impact in both defense and commercial markets, emphasizing the "so what" through practical applications and outcomes. In defense, nKode targets tactical edge challenges where current systems (e.g., passwords/biometrics) falter in DDIL scenarios (Denied, Disrupted, Intermittent, and Limited bandwidth/comms): Warfighters authenticate to secure comms or field kits via intuitive icons, resilient without full encryption, reducing bypass risks and improving continuity amid nation-state threats like signals intelligence. The impact? Stronger defenses, mission success, and warfighter safety. Commercially, it addresses massive markets: Replaces vulnerable passwords in banking (reducing phishing losses) or healthcare (securing patient data), with dual-use for infrastructure like utilities. The "so what": nKode closes usability-security gaps, potentially mitigating the $10.5T in annual global cybercrime costs by 2025, while enabling Zero Trust across sectors. If funded, we'll validate these via DoD pilots and commercial integrations for rapid transition.

282
projects/arcanum/DARPA-ERIS/darpa_eris_slides.md Normal file
View File

@@ -0,0 +1,282 @@
---
marp: true
theme: default
paginate: true
---
<style>
:root { --accent: rgb(218,104,66); }
section {
background: #fff;
color: #000;
font-size: 24px;
line-height: 1.35;
padding: 64px;
}
h1, h2, h3 { color: #000; margin: 0 0 .6em 0; }
strong, b { color: var(--accent); font-weight: 700; }
mark { background: color-mix(in srgb, var(--accent) 18%, white); color: var(--accent); padding: 0 .2em; border-radius: .2em; }
a { color: #000; text-decoration: underline; text-decoration-color: var(--accent); text-underline-offset: 2px; }
ul { margin: .6em 0 .6em 1.2em; }
li { margin: .25em 0; }
blockquote { color: #000; border-left: 4px solid var(--accent); padding-left: .8em; }
code, pre { background: #f7f7f7; color: #000; }
hr.rule { border: 0; height: 2px; background: #000; margin: 24px 0; }
/* Title slide layout */
.title-wrap {
display: grid;
grid-template-columns: 1fr auto 1fr;
align-items: center;
gap: 24px;
}
.logo {
max-height: 250px;
object-fit: contain;
}
.nkode-title {
font-size: 96px;
letter-spacing: .5px;
color: var(--accent);
margin: 24px 0 8px 0;
font-weight: 800;
}
.subtitle { font-size: 28px; margin-top: 0; }
/* Team grid */
.team-grid {
display: grid;
grid-template-columns: repeat(3, 1fr);
gap: 18px 24px;
align-items: start;
}
.person {
display: grid;
grid-template-rows: auto auto auto;
gap: 5px;
}
.person img {
width: 40%;
aspect-ratio: 3/4;
object-fit: cover;
border: 2px solid #000;
border-radius: 6px;
}
.person .name { font-size: 18px; font-weight: 700; color: var(--accent); }
.person .role { font-size: 16px; color: #000; }
.caption { font-size: 14px; color: #000; opacity: .85; }
</style>
<div class="title-wrap">
<img class="logo" src="./eris_imgs/arcanum-logo.png" alt="Arcanum Technologies Logo">
<div></div>
<img class="logo" src="./eris_imgs/mccrary-logo.jpg" alt="McCrary Institute Logo">
</div>
<div class="nkode-title">nKode</div>
<p class="subtitle">Pictographic passcodes for resilient authentication at the edge</p>
<hr class="rule">
<p><strong>Arcanum Technologies</strong> + Auburn Universitys <strong>McCrary Institute</strong></p>
<!--Speaker Notes: Title
Hello, My name is Donovan Kelly, CTO at Arcanum Technologies. We've developed nKode, a patented pictographic passcode that reinvents authentication, making it more secure and intuitive for tactical edge environments. Arcanum has collaborated with Auburn University McCrary Institute to leverage their cybersecurity expertise and veteran insights.
-->
---
# Defining the Problem
- **Historical Context**
- Passwords as cornerstone of "something you know" authentication since 1961 (MIT's Compatible Time-Sharing System)
- No major reinvention in over 60 years, despite evolving threats
- **Key Problems in Authentication**
- High cognitive load: 12-16 character passwords rotated every 60-90 days; prone to reuse and errors under stress
- Vulnerabilities: Hacked at 95 per second globally; susceptible to phishing, keyloggers, and credential harvesting
- **Tactical Edge Challenges:** Difficult with tactical gear (e.g., gloves); bypassed in high-risk, low-bandwidth environments; limits multi-factor authentication (MFA)
<!-- Speakers Notes: Defining the Problem
Since their introduction in 1961 with MIT's Compatible Time-Sharing System, passwords have remained the cornerstone of "something you know" authentication. For warfighters, they impose a high cognitive and operational burden: memorizing and rotating 1216 character strings every 6090 days, often leading to reuse and mistakes under stress. Meanwhile, passwords are under constant attack, making them easy targets for credential harvesting. These weaknesses are amplified at the tactical edge, where gloves and gear make credential entry impractical and low-bandwidth, high-risk conditions limit conventional MFA—driving workarounds and security bypasses.
-->
---
# Current State-of-the-Art
- **Relies on static inputs:** Keyboards, text-based passwords
- **Biometrics (facial/iris/fingerprint/voice):** Effective in ideal conditions but constrained in low-light, noisy, or gloved scenarios
- **Current Tech:** Zero Trust, edge computing, AI-driven security in systems like Tactical Assault Kits, but compromised by AI attacks, signals intelligence, and nation-state exploits
<!-- Speakers Notes: Current State-of-the-Art
The state of the art relies on static text inputs and biometrics like facial recognition and fingerprints. These can work in controlled settings, but in tactical edge conditions—noise, degraded visual environments, motion, low light, or gloves—biometrics probabilistic nature drives high failure rates. Meanwhile, Zero Trust, edge computing, and AI-driven security (e.g., Tactical Assault Kits) are advancing, yet remain vulnerable to AI-enabled attacks, signals intelligence, and nation-state exploitation.
-->
---
<style scoped>
section { font-size: 20px; }
</style>
# nKode Advances the State-of-the-Art
- **Whats New in nKodes Approach**
- Patented virtual keypad with shuffling icons; AI-generated, user-unique icon sets
- **Vs. Passwords:** No text entry; strong guessing resistance with compact inputs
- Zero-trust architectures leveraging ChaCha20 to drive shuffling and OPAQUE (aPAKE) for mutual authentication over low-trust links
- Resilient to keyloggers and replay; auto-rotation without user action; shoulder-surf resistant
- **Why It Matters at the Edge**
- Works in low-bandwidth or contested environments
- Cuts cognitive load and speeds access, reducing bypass behavior
- Preserves mission continuity for edge tools and C2 workflows
<!-- Speakers Notes: nKode Advances the State-of-the-Art
nKode's dynamic, visual paradigm changes “something you know” authentication.
Instead of typed secrets, the user authenticates through a patented virtual keypad whose icons shuffle every session.
Each user gets a unique AI-generated icon set, and selections map to encrypted backend tokens—making offline guessing computationally infeasible and credential stuffing impossible.
Under the hood, we use a zero-trust approach: ChaCha20 drives the deterministic shuffling of the keypad, and OPAQUE, an asymmetric Passcode Authenticated Key Exchange provides mutual authentication over low-trust links.
This flips the usability-security trade-off because it's easier to remember and more secure than a password.
-->
---
# How nKode Aligns with DARPA ERIS
- **Topic area fit:** Advances resilience, efficiency, and effectiveness for strategic systems across critical infrastructure and military C2 at strategic, command, operational, and tactical edges.
- **Mission tie:** Supports DARPAs aim to create technological surprise for U.S. national security.
- **nKodes role:** Reinvents “something you know” with keyboard-less, AI-generated icons to keep auth working in contested or low-bandwidth networks.
- **Surprise element:** Resilient to credential reuse and keyloggers; can operate over unencrypted or bandwidth-constrained links without exposing secrets.
- **Operational benefits:** Faster, low-cognitive-load access under stress; reduces bypasses and maintains mission continuity for edge tools like TAK.
- **Architectural alignment:** Zero Trust, edge computing, and secure operations in dynamic, degraded conditions.
- **Impact:** Hardens C2 and critical infrastructure against AI-driven credential harvesting and disruption in contested environments.
<!-- Speakers Notes: How nKode Aligns with DARPA ERIS
nKode aligns with ERIS Topic Area “advanced technologies for improved resilience, efficiency, and effectiveness of strategic systems,” including critical infrastructure and military Command and Control. In real-world degraded comms where passwords, OTPs, or push prompts fail or are vulnerable, nKode strengthens authentication with zero-trust and keyboard-less icon challenges that move over low-bandwidth pipes while staying resistant to capture and replay. This yields quick, low-cognitive-load logins under stress. The approach supports DARPAs goal of technological surprise by denying adversaries easy wins from phishing and keylogging.
-->
<!--
DEMO
-->
---
# Why nKode Will Succeed
- **Pitch History:** Winner of the FIS VC and Venturetech Pitch competitions
- **Technical:** Integration with legacy DoD systems; user training; device compatibility (rugged tablets)
- **Evolving Threats:** Advanced AI shoulder-surfing; scaling to millions/billions of unique, psychologically neutral icons to prevent AI prediction of user selections
- **Mitigation:** Leverage ERIS for rapid pathways; partner with McCrary Institute for validation
- **Market Validation:** Independent survey by User Insight 62% prefer nKode (vs. 23% passwords)
- **Team Strength:** Veterans with cyber ops experience; TRL 4
- **Dual-Use Potential:** Defense (tactical edge) + Commercial
- **Evidence:** Exceeds benchmarks; low friction deployment
<!-- Speakers Notes: Why nKode Will Succeed
Institutional inertia is one of our biggest challenges.
We've had interest from Fortune 500 fintech companies like FIS.
However, authentication is a risky technology to change and nobody wants to be the first to do it.
nKode has a great chance of succeeding.
We've had a market acceptance study conducted by User Insight.
A 35% favorability score is considered a high score for a new product.
nKode was favored by 62% of participants.
This is an exceptionally high favorability rating.
That underscores just how needed a password alternative is.
-->
---
# Proposed Plan/Strategy if Funded
- **Target:** TRL 4 → TRL 6 (operationally relevant prototype)
- **De-risking milestone 1 — independent validation:** Obtain an **independent, implementation-agnostic** review of the systems **zero-trust architecture**, including threat model, assumptions, and security claims.
- **De-risking milestone 2 — implementation testing:** Conduct **penetration testing / red-teaming** of the prototype to uncover practical vulnerabilities and harden the deployed system under tactical-edge constraints (low bandwidth, intermittent connectivity).
- **De-risking milestone 3 — scale enabler:** Deliver a repeatable pipeline capable of producing **millions to billions** of **psychologically neutral** icons to support scale without introducing bias.
- **Result:** A validated design and hardened, scalable prototype ready for operationally relevant evaluation.
<!-- Speakers Notes: Proposed Plan/Strategy if Funded
If we are awardable, our goal is to move from TRL 4 to TRL 6 by building an operationally relevant prototype.
First, we will commission an independent, implementation-agnostic validation of the zero-trust architecture—confirming the threat model, key assumptions, and security claims separate from any particular prototype build.
Second, we will perform implementation-focused security assessment (penetration testing / red-teaming) of the prototype in realistic tactical-edge conditions, including low bandwidth and intermittent connectivity, to identify exploitable weaknesses, harden the system, and document residual risk.
Third, we will deliver a scalable, repeatable pipeline to generate millions to billions of psychologically neutral icons so the system can scale without introducing biasing or emotionally “loaded” imagery.
-->
---
# Arcanum and McCrary Technical Team
<div class="team-grid">
<div class="person">
<img src="./eris_imgs/brown.jpg" alt="Brooks Brown headshot">
<div class="name">Brooks Brown</div>
<div class="role">Chief Development Architect, Co-founder (nKode inventor)</div>
</div>
<div class="person">
<img src="./eris_imgs/cwhit.jpg" alt="Dr. Craig Whittinghill headshot">
<div class="name">Dr. Craig Whittinghill</div>
<div class="role">Deputy Director, McCrary Institute (USN Veteran)</div>
</div>
<div class="person">
<img src="./eris_imgs/jsherk.png" alt="Jonathan Sherk headshot">
<div class="name">Jonathan Sherk</div>
<div class="role">Principal Cybersecurity Research Engineer (NSA-cert Red Team Lead)</div>
</div>
<div class="person">
<img src="./eris_imgs/oeding.jpg" alt="Dr. Luke Oeding headshot">
<div class="name">Dr. Luke Oeding</div>
<div class="role">Associate Professor, Math & Statistics (Algebraic/Computational)</div>
</div>
<div class="person">
<img src="./eris_imgs/kandah.jpg" alt="Dr. Farah Kandah headshot">
<div class="name">Dr. Farah Kandah</div>
<div class="role">Associate Professor, CSSE (Cybersecurity, Networks, IoT)</div>
</div>
<div class="person">
<img src="./eris_imgs/DonovanKelly.png" alt="Donovan Kelly headshot">
<div class="name">Donovan Kelly</div>
<div class="role">CTO, Arcanum Technology (Defense, Healthcare, Auth)</div>
</div>
</div>
<!-- Speakers Notes: Arcanum and McCrary Technical Team
The nKode team represents a collaborative effort between Arcanum Technology LLC and Auburn Universitys McCrary Institute for Cyber and Critical Infrastructure Security. It comprises cybersecurity experts, university professors, and innovators focused on advanced authentication solutions.
-->
---
<style scoped>
section { font-size: 18px; }
</style>
# Team Bios
- **Brooks Brown**, as the inventor and Co-founder of nKode, provides the foundational vision and architectural expertise essential for driving this innovative authentication solution forward. His role as Chief Development Architect positions him uniquely to guide the project's technical direction.
- **Dr. Craig Whittinghill** serves as the Deputy Director for Applied Research and Services at the McCrary Institute. As a Navy Veteran with 29 years of service as a Naval Intelligence Officer, he brings extensive leadership in high-stakes cyber and intelligence operations.
- **Jonathan Sherk** is a Principal Cybersecurity Research Engineer at Auburn Universitys McCrary Institute. He leads a USDA grant on rural cybersecurity and co-leads Alabamas State and Local Cybersecurity Grant Program. As an NSA-certified, CYBERCOM-accredited Red Team Lead, he has performed adversarial assessments on EUDs and Army products at the Threat Systems Management Office.
- **Dr. Luke Oeding**, an Associate Professor in the Department of Mathematics and Statistics at Auburn University, contributes advanced algebraic and computational expertise critical for nKode's underlying mathematical frameworks. His research focuses on applications of algebraic geometry and representation theory to tensors, quantum information processing, signal processing, and collaborative navigation.
- **Dr. Farah Kandah**, an IEEE Senior Member and Associate Professor in the Department of Computer Science and Software Engineering at Auburn University, as well as a faculty affiliate with the McCrary Institute, provides specialized knowledge in cybersecurity, networking, and emerging technologies like IoT and quantum credentials. His research encompasses distributed computing, computer security and reliability, computer communications (networks), and more.
- **Donovan Kelly** brings software development experience across defense, healthcare, media, and authentication sectors, including prior work at Lockheed Martin Space. In my current role as CTO of Arcanum Technology LLC, I am actively developing new ways to apply nKode to a variety of authentication problems.
<!-- Speakers Notes: Team Bios
The key members of the nKode team include Brooks Brown, who serves as the inventor, co-founder, and chief development architect; Dr. Craig Whittinghill, the deputy director and a Navy veteran with deep expertise in cyber and intelligence operations; Jonathan Sherk, a principal cybersecurity research engineer leading grants and red team assessments; Dr. Luke Oeding and Dr. Farah Kandah both associate professors at Auburn Univeristy; and Lastly me. I'm the CTO at Arcanum. I bring software development experience from defense, and healthcare sectors.
-->
---
# Defense and Commercial Market Use Case/Impact
- **Defense Use Cases**
- Tactical edge authentication: Secure access to Tactical Assault Kits/comms platforms in DDIL environments
- Warfighter resilience: Keyboard-less icons reduce errors under stress; resists keyloggers, phishing, AI attacks
- Zero Trust enablement: Auth over unencrypted/low-bandwidth channels; integrates with C2 systems/edge compute
- **Commercial Use Cases**
- Banking/Healthcare: Replaces passwords for online accounts; phishing-resistant, no credential reuse
- Dual-Use Potential: Scales to consumer apps; reduces MFA friction in high-volume sectors
- **Market Impact ("So What")**
- Enhances mission success/safety: Faster logins, fewer vulnerabilities in contested ops
- Broad Adoption: Safeguards critical ops across sectors
<!-- Speakers Notes: Defense and Commercial Market Use Case/Impact
nKode offers significant impact in both defense and commercial markets.
In defense, nKode targets tactical edge challenges where current authentication systems falter.
Commercially, nKode addresses massive markets. Replaces vulnerable passwords in banking (reducing phishing losses) or healthcare (securing patient data).
nKode closes usability-security gaps, created by passwords.
-->
---
# Partnering with DARPA for Authentication's Next Leap
- **Historical Full Circle**: In 1961, DARPA (as ARPA) funded MIT's Project MAC, birthing the Compatible Time-Sharing System (CTSS), the origin of computer passwords. Now, as authentication faces escalating nation-state threats, nKode represents its disruptive evolution, closing vulnerabilities in denied, degraded, intermittent, and low-bandwidth (DDIL) scenarios.
- **DARPA as Prime Mover**: DARPA's mission to make pivotal investments in high-risk, high-reward innovations for national security makes you the ideal partner. Your support can accelerate nKode from TRL 4 to operational deployment, enabling revolutionary advances in Zero Trust and edge computing for warfighters.
- **Why We Need DARPA**: As our strategic catalyst, your funding, expertise, and ecosystem will scale nKode globally, ensuring resilient authentication safeguards missions and lives. This is our call to collaborate: Join us in evolving what you pioneered.
<!-- Speakers Notes: Partnering with DARPA for Authentication's Next Leap
Back in 1961, ARPA, funded MIT's Project MAC, which led to the Compatible Time-Sharing System, and the very first use of computer passwords.
DARPA is the prime mover in transformative tech. Your mission is to make pivotal investments in high-risk, high-reward innovations for national security.
That's why we need DARPA now, as our strategic catalyst. Your funding, expertise, and vast ecosystem will help us scale nKode, ensuring resilient authentication that safeguards missions, infrastructure, bank accounts, healthcare and more. Together, we can close this 60-year loop.
-->

BIN
projects/arcanum/DARPA-ERIS/darpa_eris_slides.pptx Normal file
View File

Binary file not shown.

BIN
projects/arcanum/DARPA-ERIS/eris_imgs/DonovanKelly.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 139 KiB

BIN
projects/arcanum/DARPA-ERIS/eris_imgs/arcanum-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

BIN
projects/arcanum/DARPA-ERIS/eris_imgs/brown.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 25 KiB

BIN
projects/arcanum/DARPA-ERIS/eris_imgs/cwhit.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 104 KiB

BIN
projects/arcanum/DARPA-ERIS/eris_imgs/jsherk.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 496 KiB

BIN
projects/arcanum/DARPA-ERIS/eris_imgs/kandah.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 111 KiB

BIN
projects/arcanum/DARPA-ERIS/eris_imgs/mccrary-logo.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 199 KiB

BIN
projects/arcanum/DARPA-ERIS/eris_imgs/oeding.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.1 MiB

168
projects/arcanum/DARPA-ERIS/slides.md Normal file
View File

@@ -0,0 +1,168 @@
---
marp: true
---
# nKode
<!--
Hello, My name is Donovan Kelly, CTO at Arcanum Technologies. We've developed nKode, a patented pictographic passcode that reinvents authentication—making it more secure and intuitive for tactical edge environments. Arcanum has partnered with the McCrary Institute at Auburn University to leverage their cybersecurity expertise and veteran insights.
-->
---
# Defining the Problem
- Historical Context
- Passwords as cornerstone of "something you know" authentication since 1961 (MIT's Compatible Time-Sharing System)
- No major reinvention in over 60 years, despite evolving threats
- Key Problems in Authentication
- High cognitive load: 12-16 character passwords rotated every 60-90 days; prone to reuse and errors under stress
- Vulnerabilities: Hacked at 95 per second globally; susceptible to phishing, keyloggers, and credential harvesting
- Tactical Edge Challenges: Difficult with tactical gear (e.g., gloves); bypassed in high-risk, low-bandwidth environments; limits multi-factor authentication (MFA)
<!--
Since their introduction in 1961 with MIT's Compatible Time-Sharing System, passwords have remained the cornerstone of "something you know" authentication. Yet, amid the rapid escalation of cyber threats over the ensuing six decades, this paradigm has undergone little fundamental reinvention. Passwords impose a taxing cognitive burden on warfighters, necessitating the memorization and periodic rotation of 12-16 character sequences every 60-90 days—a process prone to reuse across systems and errors amid high-stress operations. Their vulnerabilities are profound, with breaches occurring at a staggering rate of 95 per second worldwide, rendering them highly susceptible to credential harvesting. At the tactical edge, these deficiencies are amplified by environmental constraints. Inputting credentials while encumbered by tactical gear, such as gloves, proves impractical and often leads to security bypasses in high-risk, low-bandwidth scenarios that also constrain multi-factor authentication. Compounding this, AI-orchestrated attacks from nation-state actors intensify the overall threat landscape, underscoring the urgent need for evolution.
-->
---
# Current State of the Art
- Relies on static inputs: Keyboards, text-based passwords, and mental models outdated for modern threats
- Alternatives like biometrics (facial/iris/fingerprint/voice): Effective in ideal conditions but constrained in low-light, noisy, or gloved scenarios
- Emerging Tech: Zero Trust, edge computing, AI-driven security in systems like Tactical Assault Kits—but compromised by AI attacks, signals intelligence, and nation-state exploits
<!--
The state of the art includes static text inputs and biometrics like facial recognition or fingerprints, which work well in controlled environments but falter in real-world tactical scenarios—think low light for iris scans, noise for voice, or gloves blocking fingerprints. Systems like Software-Defined Radios and Tactical Assault Kits integrate Zero Trust and edge computing for better security, but they still rely on vulnerable authentication methods that AI exploits, cognitive electronic warfare, and signals intelligence can crack. This is where nKode steps in—addressing these gaps by advancing beyond static, text-based systems to a visual, resilient alternative.
-->
---
<style scoped>
section {
font-size: 24px; /* Adjust to a smaller value like 20px or 1.5rem; default is around 35px */
}
</style>
# How nKode Aligns with DARPA ERIS
- Topic area fit: Advances resilience, efficiency, and effectiveness for strategic systems across critical infrastructure and military C2 at strategic, command, operational, and tactical edges.
- Mission tie: Supports DARPAs aim to create technological surprise for U.S. national security.
- nKodes role: Reinvents “something you know” with keyboard-less, AI-generated icons to keep auth working in contested or low-bandwidth networks.
- Surprise element: Resilient to credential reuse and keyloggers; can operate over unencrypted or bandwidth-constrained links without exposing secrets.
- Operational benefits: Faster, low-cognitive-load access under stress; reduces bypasses and maintains mission continuity for edge tools like TAK.
- Architectural alignment: Complements Zero Trust, edge computing, and secure operations in dynamic, degraded conditions.
- Impact: Hardens C2 and critical infrastructure against AI-driven credential harvesting and disruption in contested environments.
<!--
nKode aligns with ERIS Topic Area “advanced technologies for improved resilience, efficiency, and effectiveness of strategic systems,” including critical infrastructure and military C2 across all edges. In real-world degraded comms where passwords, OTPs, or push prompts fail or are vulnerable, nKode strengthens authentication with keyboard-less icon challenges that move over tiny or even unencrypted pipes while staying resistant to capture and replay. This yields quick, low-cognitive-load logins under stress and reduces workarounds, keeping tools like Tactical Assault Kits online. The approach supports DARPAs goal of technological surprise by denying adversaries easy wins from phishing and keylogging and by staying operable when bandwidth and trust are scarce.
-->
---
<style scoped>
section {
font-size: 20px; /* Adjust to a smaller value like 20px or 1.5rem; default is around 35px */
}
</style>
# Current Approaches vs. nKode
- How the Problem Is Addressed Today
- Long, complex passwords (1216 chars), rotated every 6090 days
- Prone to reuse, keyloggers, shoulder surfing; high cognitive load under stress
- Requires keyboards (impractical with tactical gear); MFA often needs secure channels
- High global breach cadence; controls get bypassed in high-risk environments
- Biometrics (face/iris/fingerprint): fragile under duress, dirt, gloves, or low light
- Whats New in nKodes Approach
- Patented virtual keypad with shuffling icons; AI-generated, user-unique icon sets
- Vs. Passwords: No text entry; strong guessing resistance with compact inputs
- Vs. Biometrics: No special hardware; reliable under pressure and harsh conditions
- Backend uses a CSPRNG (e.g., ChaCha20) to drive shuffling over low-trust links
- Resilient to keyloggers and replay; auto-rotation without user action; shoulder-surf resistant
- Field-ready path with TRL 5 progression
- Why It Matters at the Edge
- Works in low-bandwidth or contested environments
- Cuts cognitive load and speeds access, reducing bypass behavior
- Preserves mission continuity for edge tools and C2 workflows
<!--
Today, authentication relies on outdated standards, leading to credential reuse and exploitation. Passwords can be easily compromised via reuse, especially at the tactical edge where bandwidth is low and stress is high. Biometrics help but are constrained in field scenarios (e.g., gloves, environmental factors). This results in mission risks, as warfighters may bypass controls. What's new is the dynamic, visual paradigm: icons shuffle per login, mapped to tokenized values via backend cipher. Unlike static passwords or biometrics, nKode prevents reuse (unique icons) and operates in low-bandwidth environments. This compares favorably to current practices by flipping the usability-security trade-off easier to remember yet more secure. It's TRL 5, and advances SoTA by closing attack vectors like shoulder-surfing.
-->
---
# Foreseen Barriers
- Adoption Risk: Authentication changes are high-risk; companies hesitant to be first adopters
- Pitch History: Positive feedback from dozens (e.g., FIS, banks) over 10 years, but no implementations
- Technical: Integration with legacy DoD systems; user training; device compatibility (rugged tablets)
- Evolving Threats: Advanced AI shoulder-surfing; scaling to millions/billions of unique, psychologically neutral icons to prevent AI prediction of user selections
- Mitigation: Leverage ERIS for rapid pathways; partner with McCrary Institute for validation
<!--
Barriers include institutional inertia—despite excitement from fintech like FIS (Fidelity National Information Services), no one wants to pioneer due to perceived risks. In DoD, integrating with C2 systems or ATACs could face hurdles. Scaling icon generation is key: we need millions or billions of AI-generated icons that are unique and psychologically neutral (free of biases that could make selections predictable), ensuring no AI can train on patterns for attacks. We'll address this via human factors expertise (as per prior feedback), field testing, and ongoing R&D—nKode's design inherently resists many exploits, but this requires advanced AI safeguards.
-->
---
# Why nKode Will Succeed
- Market Validation: Independent survey by User Insight 52% prefer nKode (vs. 28% passwords)
- High Acceptance: 17% above "very high" benchmark (35%)
- Team Strength: Veterans with cyber ops experience; TRL 5 proven
- Dual-Use Potential: Defense (tactical edge) + Commercial
- Evidence: Exceeds benchmarks; low friction deployment
<!--
Success is backed by data: User Insight's survey showed exceptional preference (52%), far above norms, indicating strong usability. Our team's expertise (Army/Navy vets) and partnerships ensure execution. nKode's success lies in its intuitive design users remember one nKode for all, with auto-rotation. This will drive adoption, per ERIS goals, leading to safer operations.
-->
---
# Proposed Plan/Strategy if Funded
- Phase 1: Adapt commercial app for tactical edge; integrate with ATACs/Tactical Assault Kits
- Phase 2: Field validation/testing in simulated environments; address barriers (training/integration)
- Phase 3: Advance to TRL 6-7; deploy OpenID Connect for DoD systems
- Timeline: 12-18 months; focus on low-bandwidth resilience
- Outcomes: Prototype for warfighters; pathway to commercialization
<!--
If funded, we'll pivot our existing commercial app (with OpenID/OAuth support) to defense needs. Develop a glove-friendly version for tactical edges, sans biometrics. Strategy: Collaborate with McCrary for demos and integration. Budget for AI enhancements and testing. This aligns with ERIS's rapid acquisition, transitioning from idea to prototype for enhanced strategic system resilience.
-->
---
# Arcanum and McCrary Technical Team
pictures
<!--
The nKode team is a unified collaboration between Arcanum Technology LLC and Auburn Universitys McCrary Institute for Cyber and Critical Infrastructure Security. Brooks Brown, as the inventor and Co-founder of nKode, provides the foundational vision and architectural expertise essential for driving this innovative authentication solution forward. His role as Chief Development Architect positions him uniquely to guide the project's technical direction. Dr. Craig Whittinghill serves as the Deputy Director for Applied Research and Services at the McCrary Institute. As a Navy Veteran with 29 years of service as a Naval Intelligence Officer, he brings extensive leadership in high-stakes cyber and intelligence operations. Jonathan Sherk is a Principal Cybersecurity Research Engineer at Auburn Universitys McCrary Institute. He leads a USDA grant on rural cybersecurity and co-leads Alabamas State and Local Cybersecurity Grant Program. As an NSA-certified, CYBERCOM-accredited Red Team Lead, he has performed adversarial assessments on EUDs and Army products at the Threat Systems Management Office. Dr. Luke Oeding, an Associate Professor in the Department of Mathematics and Statistics at Auburn University, contributes advanced algebraic and computational expertise critical for nKode's underlying mathematical frameworks. His research focuses on applications of algebraic geometry and representation theory to tensors, quantum information processing, signal processing, and collaborative navigation. Dr. Farah Kandah, an IEEE Senior Member and Associate Professor in the Department of Computer Science and Software Engineering at Auburn University, as well as a faculty affiliate with the McCrary Institute, provides specialized knowledge in cybersecurity, networking, and emerging technologies like IoT and quantum credentials. His research encompasses distributed computing, computer security and reliability, computer communications (networks), and more. Lastly me. I have over seven years of software development experience across defense, healthcare, media, and authentication sectors, including prior work as a Space Ground Software Engineer at Lockheed Martin. In my current role as CTO of Arcanum Technology LLC, I am actively developing new ways to apply nKode to a variety of authentication problems.
-->
---
<style scoped>
section {
font-size: 24px; /* Adjust to a smaller value like 20px or 1.5rem; default is around 35px */
}
</style>
# Defense and Commercial Market Use Case/Impact
- Defense Use Cases
- Tactical edge authentication: Secure access to Tactical Assault Kits/comms platforms in DDIL environments
- Warfighter resilience: Keyboard-less icons reduce errors under stress; resists keyloggers, phishing, AI attacks
- Zero Trust enablement: Auth over unencrypted/low-bandwidth channels; integrates with C2 systems/edge compute
- Commercial Use Cases
- Banking/Healthcare/Infrastructure: Replaces passwords for online accounts; phishing-resistant, no credential reuse
- Dual-Use Potential: Scales to consumer apps; reduces MFA friction in high-volume sectors
- Market Impact ("So What")
- Enhances mission success/safety: Faster logins, fewer vulnerabilities in contested ops
- Broad Adoption: Safeguards critical ops across sectors
<!--
nKode offers significant impact in both defense and commercial markets, emphasizing the "so what" through practical applications and outcomes. In defense, nKode targets tactical edge challenges where current systems (e.g., passwords/biometrics) falter in DDIL scenarios (Denied, Disrupted, Intermittent, and Limited bandwidth/comms): Warfighters authenticate to secure comms or field kits via intuitive icons, resilient without full encryption, reducing bypass risks and improving continuity amid nation-state threats like signals intelligence. The impact? Stronger defenses, mission success, and warfighter safety. Commercially, it addresses massive markets: Replaces vulnerable passwords in banking (reducing phishing losses) or healthcare (securing patient data), with dual-use for infrastructure like utilities. The "so what": nKode closes usability-security gaps, potentially mitigating the $10.5T in annual global cybercrime costs by 2025, while enabling Zero Trust across sectors. If funded, we'll validate these via DoD pilots and commercial integrations for rapid transition.
-->