Continuous Identity Assurance
for Every Session

H33 profiles every connection across five dimensions: latency distribution, hop count, MTU, TCP window size, and jitter pattern. These form a "network DNA" that is unique to a user's typical connection environment.

Six baseline profiles are maintained — corporate LAN, WPA3 WiFi, open WiFi, 5G cellular, 4G cellular, and VPN tunnel. Each has expected ranges for all five dimensions. A connection that doesn't match any known profile triggers a Major anomaly.

MITM detection is built into the DNA check. Man-in-the-middle interception produces telltale signatures:

• Bimodal latency distribution — two distinct clusters instead of one, indicating a relay
• Extra hops beyond the expected range for the network type
• TCP window size mismatch — the interceptor's stack leaks through
• Double encapsulation — MTU drops below expected minimum, indicating a nested tunnel

One indicator is Minor. Two is Major. Three or more is Critical — score collapses to zero.

Real hardware has measurable physical entropy — clock oscillators drift, memory access times vary based on cache state, DRAM refresh cycles, and thermal conditions. These variations are consistent within physical bounds but impossible to perfectly simulate.

H33 measures two entropy sources continuously:

• Clock jitter variance — expected range 0.1-1000 nanoseconds. Below 0.1ns indicates a software clock (emulator). Above 1000ns indicates deliberate manipulation.
• Memory timing variance — expected range 0.5-5000 nanoseconds. Real DRAM has measurable access time variation. Virtual memory in emulators is too uniform.

A device that fails entropy bounds is flagged as a Major anomaly. Combined with other signals, this catches credential-stuffing bots running in cloud VMs, protocol replay tools, and compromised devices running in emulation layers.

The Silent Canary is a protocol-level honeypot. Every session includes an epoch-based challenge embedded in the normal protocol flow. The challenge rotates on a configured schedule.

Legitimate clients — built on the H33 SDK — respond correctly to the challenge as part of normal operation. They don't need to know it's a security check. The response is computed as a side effect of standard protocol handling.

Scrapers, replay tools, and protocol emulators don't implement the full protocol. They capture and replay traffic, or they implement just enough to extract data. The canary is designed to be invisible to reverse engineering — it looks like normal protocol overhead — but computationally impossible to answer correctly without the full SDK.

One incorrect response = Critical anomaly = score collapse to 0.0.

The attacker receives no alert. No error message. The connection continues to appear functional but all sensitive operations are silently denied. This buys time for threat intelligence collection before the attacker realizes they've been detected.

Timing-oracle resistant: all comparisons are constant-time regardless of correctness.

Every session uses a ratcheting key hierarchy based on ML-KEM-768 (CRYSTALS-Kyber). At each ratchet interval:

• A fresh ML-KEM-768 keypair is generated
• KEM encapsulation produces a new shared secret
• The shared secret feeds into HKDF to derive the next interval's encryption keys
• Previous keys are zeroized — overwritten in memory before deallocation

This provides both forward secrecy (compromising current keys reveals nothing about past intervals) and backward secrecy (compromising current keys reveals nothing about future intervals, since each advance incorporates fresh randomness).

External entropy can be injected at each ratchet advance for additional security — for example, incorporating a proof result or a biometric re-verification signal into the key derivation.

The ratchet is post-quantum secure. Even a quantum computer with Shor's algorithm cannot break ML-KEM-768 to recover session keys.

When a session detects an attack pattern — a suspicious IP, a known exploit signature, a phishing domain — it can report the indicator of compromise (IOC) to the H33 threat network without revealing anything about the reporter.

The reporting mechanism uses ZK commitments:

• The reporter submits a SHA3-256 hash of the IOC pattern
• No reporter identity, session ID, endpoint, or timestamp is included
• The network matches commitments — if multiple independent reporters hash the same pattern, confidence increases

Confidence scoring:

• 1 independent report = 0.3 confidence
• 2 reports = 0.5
• 3 reports = 0.7
• 5+ reports = 0.9

Once confidence exceeds threshold, the IOC is distributed to all active sessions as a preemptive defense signal. Sessions encountering the pattern are warned before the attack completes.

A nullifier store detects repeat attackers across sessions without linking those sessions. Inspired by Zcash's nullifier pattern — reveals only a shared fingerprint, nothing else.

Traditional security is binary — authenticated or not, allowed or denied. H33's adaptive response is graduated across five levels, determined by a decision fusion engine that weighs multiple threat signals simultaneously:

• Allow — trust score high, no threat indicators. Normal operations.
• Step-up — trust degraded or moderate threat. Biometric re-verification required before the specific action proceeds. The session stays active.
• Rate limit — high harvest or attack probability. Operations throttled to limit damage while investigation continues.
• Block — trust below threshold. The specific action is denied. The session is frozen in read-only mode.
• Terminate — critical threat or trust collapse. Connection closed immediately. All cryptographic key material is zeroized from memory. The session cannot be resumed.

The fusion engine evaluates harvest probability (data exfiltration patterns), attack probability (exploit patterns), and trust score simultaneously. Multiple rules can fire — the most restrictive action wins.

A cold-start calibration window prevents false terminations during session establishment. During calibration, only step-up auth can be triggered — not termination.

The Continuous Connection Risk Accumulator (CCRA) is the core trust scoring engine. Its properties are designed around one principle: trust is expensive, distrust is free.

• Non-persistent — the score exists only for the current session. No historical reputation. Every session starts cold.
• Non-monotonic — the score can go up or down at any moment. Good behavior earns trust slowly. A single anomaly drops it instantly.
• Asymmetric — earning trust requires many consistent proof results over time. Losing trust requires one anomaly. This is by design.
• Continuous — recalculated at every micro-proof interval (200-500ms). Not periodic. Not event-driven. Continuous.

Anomaly penalties are exponential:

• Critical anomaly = immediate score 0.0 (no recovery)
• Major anomaly = multiplier of 0.1^(count). Two Major anomalies = 0.01x multiplier.
• Minor anomalies accumulate linearly until threshold, then trigger 0.3x multiplier

A velocity limiter caps the maximum score drop per interval at 0.15 to prevent single-measurement false positives from triggering termination. But Critical anomalies bypass this limit entirely — they collapse instantly.

Device capability sets a ceiling: devices with full Secure Enclave access can reach 1.0. Browser-only sessions cap at 0.70. This means a browser session can never reach "Full" trust — by design.

Layer 1 — Physical (3 proofs)

• Physical Proximity — is the device where it claims to be?
• Ambient Environment — environmental sensor consistency
• Multi-Path — signal path verification

Layer 2 — Device (6 proofs)

• Ephemeral Keys — fresh per-session signing keys
• Behavioral Entropy — hardware jitter and memory timing
• Hardware Attestation — Secure Enclave / TEE verification
• Timing Bounds — operation timing within expected range
• Memory Integrity — memory state consistency
• Entropy Health — randomness quality verification

Layer 3 — Network (5 proofs)

• Network Topology — path structure analysis
• Network DNA — connection fingerprint matching
• Adversarial Latency — MITM relay detection
• Protocol Binding — protocol conformance verification
• Degradation Detection — connection quality monitoring

Layer 4 — Session (5 proofs)

• Temporal Coherence — timestamp monotonicity and interval consistency
• Vitality Micro-Proof — session liveness verification
• Silent Canary — honeypot challenge/response
• Session Ratchet — key freshness verification
• Supply Chain — software integrity verification

Each proof has an independent weight. The weighted sum forms the base score, which is then modified by anomaly multipliers and capability ceilings. Every proof result includes a SHA3-256 commitment binding the analysis to its inputs — verifiable without revealing the raw data.