Federal Funding for Blockchain Security and Identity Verification Technologies

Do you know that the U.S. Federal Government has a seed funding program that can provide up to $850,000, over 3 years, to conduct federally-funded research and development? And that it is specifically meant for small, innovative organizations that are majority U.S. owned?

It is called the Small Business Innovation Research (SBIR) program and eleven Federal agencies, who administer their individual programs, participate in it. The U.S. Department of Homeland Security is one such Agency and you can find out more about their program here.

The DHS S&T Directorate’s SBIR program has the goal of increasing the participation of innovative and creative U.S. small businesses in federal research and development programs and challenging industry to bring innovative homeland security solutions to reality. The program consists of three phases:

• Phase I: Determine the scientific and technical merit and the feasibility of the proposed effort during a duration not to exceed 6 months.
  • Awards limited to $100,000.
• Phase II: Continue the research and development effort from the completed Phase I project for a duration up to 24 months. Only SBIR Phase I awardees are eligible to participate in subsequent phases.
  • Awards are limited to $750,000.
• Phase III: Work is typically oriented toward commercialization of SBIR research or technology and may be for products, production, services, research and development or any such combination.
  • Funded by sources other than the SBIR program.

Translating Government-speak

Government-speak has a language all its own, so let me attempt to translate it from the official-speak:

1. Pre-solicitation Announcement - Actual announcement of the R&D topics that the Government is interested in funding.
   • Made fifteen days before the actual program solicitation.
   • The 15 day window is important because it is the only time that a small biz interested in the topic can talk to the actual technical program manager who authored the topic.
   • Take advantage of this window, because once the Program Solicitation comes out, so does the cone of silence for the PM who is then not allowed to talk to you!
2. Program Solicitation - This is the actual request for proposals to be submitted as responses to the R&D topics.
   • This time window lasts roughly a month.
   • The solicitation will contain the information on the format and logistics for the submission.
3. Everything Else - The usual things happen here. Proposal reviews and selections followed by award notifications and the actual contract award.

The FY16 DHS SBIR Pre-Solicitation Announcement

Now we get to the good part! On Dec 1, 2015 the DHS SBIR Program made its Pre-Solicitation Announcement.

For those who are interested in moving the security and privacy domain forward via R&D, I would (selfishly) point you to the following two topics:

Applicability of Blockchain Technology to Privacy Respecting Identity Management (SBIR Topic # H-SB016.1-002)

UPDATE (12/16/2015): The full FY16.1 DHS SBIR Program Solicitation is now available.

Design and prototype information security and privacy concepts such as confidentiality, integrity, availability, non-repudiation and pseudonymity on the blockchain to support identity management capabilities that increase security and productivity while decreasing costs and security risks for the Homeland Security Enterprise (HSE).

• PHASE I
  • Analyze the current implementation of the public blockchain technology and develop the concepts and methods needed to demonstrate the implementation of information security principles of confidentiality, integrity, availability, non-repudiation and provenance as well as privacy concepts such as pseudonymity and selective disclosure of information on the public blockchain.
  • This phase will demonstrate the various information security and privacy concepts and methods using a multi-user information-sharing prototype and provide detailed architecture and technical details that document and explain the implementation.
  • In addition, this phase will explore, analyze and document the feasibility of applying the developed concepts and methods to a private or consortium based blockchain.
• PHASE II
  • Apply the concepts and methods developed in Phase I to the domain of identity management – in particular to the assertion and validation of identity information (i.e., attributes).
  • Phase II will demonstrate via a prototype how such a system could interoperate with existing identity assertion, validation and attribute sharing infrastructure built on top of current protocols such as SAML 2, OpenID Connect and OAUTH2. It will provide detailed architectural papers, technical details and prototype code that explain and document the implementation.
  • In addition, this phase will explore, analyze and provide documentation on the incentive structures that need to be put into place for the adoption of this technology over the status quo.

Remote Identity Proofing Alternatives to Knowledge Based Authentication / Knowledge Based Verification (SBIR Topic # H-SB016.1-010)

UPDATE (12/16/2015): The full FY16.1 DHS SBIR Program Solicitation is now available.

Design and demonstrate the feasibility of high assurance alternatives to knowledge-based verification techniques for population scale remote identity proofing.

• PHASE I
  • Identify and define five or more non-KBV/KBA approaches that exist in practice and in theory to establish a link between a particular set of data and an individual.
  • Perform an analysis to determine the technical feasibility of each approach as well as the threats and potential mitigations for each approach.
• PHASE II
  • Analyze and rank the approaches, or combination of approaches, identified in Phase I based on the assurances of identity they provide.
  • In addition, to the extent feasible, provide a mapping to the levels of identity assurances as articulated by standards organizations such as International Organization for Standardization (ISO) and National Institute of Standards and Technology (NIST).
  • Provide an analysis of the various approaches that take into account identity assurance, data privacy, and user experience.
  • Using data from the analysis, develop, demonstrate, and validate the most promising approaches that provide the best combination of identity assurance, privacy and user experience via a prototype using existing standardized identity protocols such as Security Assertion Markup Language 2.0 (SAML 2.0) or OpenID Connect / OAUTH2.

An Opportunity to Solve Interesting Problems

SBIRs are a great opportunity for innovators, small businesses, and start-up’s in the U.S. to solve real and interesting problems which exist in the marketplace. The fact that the Government wants to help you succeed in your go-to-market strategy is simply an indicator that the commercialization opportunity for these topics aligns with a potential public good.

The FY16 pre-solicitation announcement came out on Dec 1, 2015, so the window of time when you can talk to the Program Manager (to get any questions answered) closes on Dec 15, 2015. The PM’s official contact information is provided with the full text of the topics - Just sayin’. If you believe that you have an approach or solution that should be explored when it comes to these topics, I would urge you to act.

UPDATE (12/16/2015): The full FY16.1 DHS SBIR Program Solicitation is now available.

RELATED INFO

• DHS S&T Small Business Innovation Research Program
• Department of Homeland Security (DHS) Small Business Innovation Research (SBIR) FY16.1
• Applicability of Blockchain Technology to Privacy Respecting Identity Management (SBIR Topic # H-SB016.1-002)
• Remote Identity Proofing Alternatives to Knowledge Based Authentication/ Verification (SBIR Topic # H-SB016.1-010)