Cybersecurity technology forms basis for winning pitch at NSIN Foundry competition
Cybersecurity technology developed by Lincoln Laboratory researchers more than a decade ago was at the core of the first-place Foundry award for the 2023 National Security Innovation Network (NSIN) Foundry and Forge Showcase Day on November 15, 2023. The award recipient, startup Runes Solutions, received $20K to advance their secure communications system. This system, called Wireless Hardware with Self-Contained Protection and Reliability (WHSPR), is based on a Laboratory invention for cryptographic key management. David Whelihan, who co-invented the technology while he was a technical staff member in the Laboratory’s Secure Resilient Systems and Technology Group, served as a technical advisor to the Runes Solutions team.
"I came to the Laboratory from startups, so this opportunity to mentor entrepreneurs appealed to me," says Whelihan, who transitioned to the Laboratory’s Advanced Undersea Systems and Technology Group in 2021. "I helped them understand esoteric cybersecurity concepts and what our technology does, and prepare their product pitch for the competition. It was rewarding to see them progress their cryptography knowledge and conceptualize a product based on technology that the Laboratory built, demonstrated, and patented."
"Our success in the NSIN Foundry program is directly attributable to the great mentorship we received, especially from David," says Amanda Pfabe, Runes Solutions co-founder, along with Claire Zebb. "He thoughtfully explained complex technical concepts and provided invaluable feedback on our use case ideas from technical and mission viewpoints."
Driving national security innovation
NSIN is a program office in the U.S. Department of Defense (DoD), nested within the Defense Innovation Unit, which reports directly to the Secretary of Defense. NSIN connects innovators from defense, academic, and entrepreneurial ventures to solve national security challenges. In partnership with FedTech, the NSIN Foundry program, which officially began in 2020, matches cutting-edge DoD technologies developed at government labs with teams of entrepreneurs during virtual five-month cohorts. (Foundry’s sister program, Forge, matches such technologies with early-stage ventures.) Entrepreneurs work closely with lab inventors and subject-matter experts and DoD end users to assess the market viability and commercialization potential of the technologies, perform customer discovery, and identify business and technology development pathways. Teams that determine the technology has sufficient potential to form a company move onto a second phase focusing on company formation, technology licensing, and commercial and public financing. On Showcase Day, top teams pitch their concepts to a panel of investors, government partners, industry experts, and fellow entrepreneurs. Successful teams form new companies, license the government technologies, and develop products benefitting both the DoD and private sector.
Lincoln Laboratory has been participating in the NSIN Foundry program since 2021, when NSIN expanded the applicant pool from DoD labs to federally funded research and development centers (and since then to universities). To date, Laboratory technical staff have guided entrepreneurs in 10 projects exploring the possibility of creating startups based on Laboratory-developed technologies. Staff offer their technical expertise as the entrepreneurs engage in customer discovery and market analysis. Laboratory-advised projects have had strong showings at end-of-cohort pitch competitions, earning first place in 2021 with ELVEE, based on the Human Health and Performance Systems Group’s gait-monitoring technology; second place in 2022 with Microdyne (now Sangtera), based on the Advanced Materials and Microsystems Group’s microhydraulic actuators technology; and now first place in 2023 with WHSPR.
"Technologies developed by Lincoln Laboratory are often fairly mature in terms of technology readiness level, and some even have working prototypes, making them good candidates for commercialization. However, our technical staff are not always steeped in entrepreneurship. The NSIN Foundry is a good way for staff to think about their technologies as the basis for startup companies," says Teresa Fazio, a ventures officer in the Laboratory’s Technology Ventures Office.
"Beyond the obvious benefit of the opportunity to license technology, the Foundry program exposes inventors to the entrepreneurial community, giving them insight into how a technology goes from a great idea to a solution or capability that someone can put to use," says NSIN Program Manager Mark Antholt. "They walk away with a better understanding of how to develop technology to make it ready for this next step."
Dynamically assigning keys
The Laboratory-developed technology at the heart of WHSPR enables a cryptographic approach known as dynamic key management. Keys are secrets used to encrypt communications and data. Dynamic key management is the process of generating, disseminating, and retiring secret keys in a cryptosystem, whether for groups of people or devices.
"The basic idea of crypto is that I can send my friend a message without someone in the middle knowing," Whelihan explains. "The problem is that attackers don't have to crack your encryption algorithms to steal your data or eavesdrop on your communications; they just have to steal the keys used to encrypt the information. So, how do we keep our keys secret when we have to share them with others to communicate? What do you do if you think an attacker has stolen your key? Here's where dynamic key management comes into play."
To enable dynamic key management, the Laboratory, under U.S. Air Force funding, developed a dual hardware-software solution: SHAMROCK (Self-contained High-Assurance MicRO Crypto and Key-management Processor) and LOCKMA (Lincoln Laboratory Open Cryptographic Key Management Architecture). These technologies have since been deployed to secure small uncrewed aerial vehicles (UAVs) for the Army, explosive-ordnance-disposal robots for the Navy, and processors and mission computer architectures for the Air Force.
"Imagine coalition action in which the United States is partnering with a foreign ally," Whelihan says. "SHAMROCK-LOCKMA can dynamically assign keys to members of this trusted group so they can securely talk to each other. Let's say the mission finishes, and now you want to exclude a portion of the group because their participation is no longer relevant. SHAMROCK-LOCKMA can rekey only who you want back in the new trusted group. Similarly, the technology can be used to manage swarms of UAVs; maybe you lose one from the pack, and you want to cut that UAV out of the trusted group because you are concerned that an adversary has access to it."
Runes Solutions co-founders Pfabe and Zebb — who met as lieutenants in the U.S. Marine Corps, are business school graduates, and have backgrounds in government contracting — conceptualized WHSPR as a small communications device deployable in security- or resource-challenged environments. The size of a portable mobile hotspot, the device is intended as a hardware gateway that will only talk to certain other hardware gateways. For example, WHSPR could be used to establish trusted physical end points that can securely communicate over existing untrusted public infrastructure like cellular towers. Following licensing of the Laboratory technology, Pfabe and Zebb are hopeful to produce a working prototype by spring 2024. They are also exploring additional funding paths, including angel investors and Small Business Innovation Research (SBIR) program grants, to move toward productization.
Pfabe and Zebb were initially part of a four-person team that decided to split after the 24 starting teams down-selected themselves to 14 teams for phase two. Runes Solutions would focus on the DoD angle, while the second team, Othentk, on commercial. They did hundreds of hours of discovery calls with chief executive officers, chief security officers, and military experts in signals intelligence and forensic analysis to understand their pain points in cybersecurity. Whelihan separately helped each team generalize these pain points to the technology they sought to productize.
"People try to conceptualize what you are selling to them within a context they are familiar with," Whelihan says. "So, you must have a story that fits into that context."
Though both teams finished the cohort, only Runes was among the six teams invited to pitch on Showcase Day. Runes and Othentk have requested evaluation licenses of the Laboratory's intellectual property, and Othentk was recently accepted into the Tacoma Maritime Innovation Incubator, run by Washington Maritime Blue and in part sponsored by the Port of Tacoma. In this program, Othentk will advance logistics technology enabling zero-trust access for a range of devices, including drones, buoys, ships, and supertanker equipment. This technology aims to facilitate secure information sharing among devices, ultimately streamlining commerce through ports.
As SHAMROCK-LOCKMA is applied to advance security in commercial applications, the Laboratory continues to evolve the technology to address new threats — such as those posed by quantum computing — and provide additional secure communication capabilities to the DoD.
The application for the 2024 NSIN Foundry program will open in early 2024.
Inquiries: contact Ariana Tantillo.