Skip to content

Latest commit

 

History

History
139 lines (98 loc) · 5.87 KB

File metadata and controls

139 lines (98 loc) · 5.87 KB

SeaWatch — Anti-Tamper & Self-Destruct Mechanisms

Overview

When buoys are deployed in contested or adversarial waters, there is a real risk of discovery, capture, or tampering. This document outlines self-destruct and anti-capture mechanisms to protect sensitive data, hardware, and operational intelligence.


PROHIBITED APPROACH: Chemical Self-Destruct

WARNING — DO NOT BUILD

A chemical self-destruct mechanism using alcohol and chlorine (or any similar reactive chemical combination) is strictly prohibited. Mixing these substances produces chlorine gas, which is:

  • Banned under the Chemical Weapons Convention (CWC) — regardless of whether the use case is offensive or defensive
  • Lethal — chlorine gas causes severe respiratory injury and death
  • Indiscriminate — it harms anyone in proximity, including friendly personnel, first responders, and bystanders
  • Illegal to build, possess, or deploy — even for military applications

For a hackathon project specifically, this would constitute a serious legal liability and safety hazard for all participants and organizers.

This approach must not be pursued under any circumstances.


Legitimate Self-Destruct & Anti-Tamper Mechanisms

The following are real-world approaches used in defense and intelligence systems for equipment denial and data protection.

1. Cryptographic Zeroization (Recommended for SeaWatch)

Complexity: Low | Cost: $0 (software only) | Effectiveness: High for data protection

Instant erasure of all cryptographic keys, configuration, and stored data when tamper conditions are detected. This is the standard approach defined by FIPS 140-2/140-3.

Implementation:

  • Tamper switch (microswitch or reed switch) on enclosure lid
  • On trigger: overwrite SD card encryption keys, wipe /home/seawatch/, halt system
  • Mesh encryption keys are destroyed — captured ThinkNode is useless without them
  • GPS logs, detection history, and network topology data are erased

Trigger conditions:

  • Enclosure opened (tamper switch)
  • Buoy lifted from water (water contact sensor lost)
  • Manual remote command via mesh (SCUTTLE|buoy_id|auth_token)
  • Dead man's switch — no heartbeat ACK from base for N intervals

2. Tamper-Responsive Enclosure

Complexity: Medium | Cost: ~$15-30 | Effectiveness: High

Physical enclosure designed to detect and respond to unauthorized access.

Components:

  • Microswitch on lid/seals (detect opening)
  • Accelerometer (detect removal from mooring)
  • Water ingress sensor (detect enclosure breach)
  • Light sensor (detect enclosure opened in daylight)

Response chain:

  1. Sensor triggers interrupt on Pi GPIO
  2. Zeroization routine executes (see above)
  3. Alert broadcast to mesh: ALERT|SW-001|TAMPER|enclosure_breach
  4. System halts after wipe completes

3. Scuttling Valve (Hardware Destruction)

Complexity: Medium | Cost: ~$10-20 | Effectiveness: High

A solenoid valve that floods the enclosure with seawater, destroying all electronics permanently.

Design:

  • Small solenoid valve in hull below waterline
  • Triggered by same conditions as zeroization
  • Seawater floods enclosure within 30-60 seconds
  • All PCBs, SD cards, and radio modules are destroyed by saltwater corrosion
  • Non-recoverable — even with immediate retrieval, salt damage is permanent

4. Thermite Circuit Destruction

Complexity: High | Cost: Variable | Regulatory: Restricted

Used in military cryptographic equipment (e.g., KG-84, STU-III) to physically destroy circuit boards and memory.

Note: This is included for reference only. Thermite devices are regulated as incendiary materials and are not appropriate for a hackathon project. This approach requires proper licensing, safety protocols, and is typically only used in classified military equipment.

5. Mesh Network Dead Man's Switch

Complexity: Low | Cost: $0 (software only) | Effectiveness: High for situational awareness

If a buoy stops transmitting heartbeats, the network infers compromise.

Logic:

  • Each buoy expects heartbeat ACKs from neighbors
  • Missing 3+ consecutive heartbeats (15+ minutes) = ALERT|BUOY_SILENT
  • Sequential silence across adjacent buoys = intrusion path detection
  • Base station maps the pattern to determine direction of adversary approach
  • Surviving buoys can increase transmission frequency or enter stealth mode

Already planned in SeaWatch — see mesh/health.py.


Recommended Approach for SeaWatch Hackathon

For the hackathon demo, implement in this priority order:

Priority Mechanism Effort Hardware Needed
P0 Cryptographic zeroization 2 hrs None (software)
P0 Dead man's switch 1 hr None (already in health.py)
P1 Tamper switch + alert 2 hrs $3 microswitch
P2 Remote scuttle command 1 hr None (mesh command)
P3 Scuttling valve 4 hrs $15 solenoid + fitting

Minimum Viable Anti-Tamper (Demo-Ready)

Tamper switch triggers → wipe keys/data → broadcast ALERT → halt
           +
Missed heartbeats → BUOY_SILENT alert → intrusion path mapping
           +
Remote SCUTTLE command → authenticated wipe via mesh

This gives a compelling demo narrative: "If an adversary finds and opens a buoy, the data is already gone and the entire network knows about it."


References