When buoys are deployed in contested or adversarial waters, there is a real risk of discovery, capture, or tampering. This document outlines self-destruct and anti-capture mechanisms to protect sensitive data, hardware, and operational intelligence.
WARNING — DO NOT BUILD
A chemical self-destruct mechanism using alcohol and chlorine (or any similar reactive chemical combination) is strictly prohibited. Mixing these substances produces chlorine gas, which is:
- Banned under the Chemical Weapons Convention (CWC) — regardless of whether the use case is offensive or defensive
- Lethal — chlorine gas causes severe respiratory injury and death
- Indiscriminate — it harms anyone in proximity, including friendly personnel, first responders, and bystanders
- Illegal to build, possess, or deploy — even for military applications
For a hackathon project specifically, this would constitute a serious legal liability and safety hazard for all participants and organizers.
This approach must not be pursued under any circumstances.
The following are real-world approaches used in defense and intelligence systems for equipment denial and data protection.
Complexity: Low | Cost: $0 (software only) | Effectiveness: High for data protection
Instant erasure of all cryptographic keys, configuration, and stored data when tamper conditions are detected. This is the standard approach defined by FIPS 140-2/140-3.
Implementation:
- Tamper switch (microswitch or reed switch) on enclosure lid
- On trigger: overwrite SD card encryption keys, wipe
/home/seawatch/, halt system - Mesh encryption keys are destroyed — captured ThinkNode is useless without them
- GPS logs, detection history, and network topology data are erased
Trigger conditions:
- Enclosure opened (tamper switch)
- Buoy lifted from water (water contact sensor lost)
- Manual remote command via mesh (
SCUTTLE|buoy_id|auth_token) - Dead man's switch — no heartbeat ACK from base for N intervals
Complexity: Medium | Cost: ~$15-30 | Effectiveness: High
Physical enclosure designed to detect and respond to unauthorized access.
Components:
- Microswitch on lid/seals (detect opening)
- Accelerometer (detect removal from mooring)
- Water ingress sensor (detect enclosure breach)
- Light sensor (detect enclosure opened in daylight)
Response chain:
- Sensor triggers interrupt on Pi GPIO
- Zeroization routine executes (see above)
- Alert broadcast to mesh:
ALERT|SW-001|TAMPER|enclosure_breach - System halts after wipe completes
Complexity: Medium | Cost: ~$10-20 | Effectiveness: High
A solenoid valve that floods the enclosure with seawater, destroying all electronics permanently.
Design:
- Small solenoid valve in hull below waterline
- Triggered by same conditions as zeroization
- Seawater floods enclosure within 30-60 seconds
- All PCBs, SD cards, and radio modules are destroyed by saltwater corrosion
- Non-recoverable — even with immediate retrieval, salt damage is permanent
Complexity: High | Cost: Variable | Regulatory: Restricted
Used in military cryptographic equipment (e.g., KG-84, STU-III) to physically destroy circuit boards and memory.
Note: This is included for reference only. Thermite devices are regulated as incendiary materials and are not appropriate for a hackathon project. This approach requires proper licensing, safety protocols, and is typically only used in classified military equipment.
Complexity: Low | Cost: $0 (software only) | Effectiveness: High for situational awareness
If a buoy stops transmitting heartbeats, the network infers compromise.
Logic:
- Each buoy expects heartbeat ACKs from neighbors
- Missing 3+ consecutive heartbeats (15+ minutes) =
ALERT|BUOY_SILENT - Sequential silence across adjacent buoys = intrusion path detection
- Base station maps the pattern to determine direction of adversary approach
- Surviving buoys can increase transmission frequency or enter stealth mode
Already planned in SeaWatch — see mesh/health.py.
For the hackathon demo, implement in this priority order:
| Priority | Mechanism | Effort | Hardware Needed |
|---|---|---|---|
| P0 | Cryptographic zeroization | 2 hrs | None (software) |
| P0 | Dead man's switch | 1 hr | None (already in health.py) |
| P1 | Tamper switch + alert | 2 hrs | $3 microswitch |
| P2 | Remote scuttle command | 1 hr | None (mesh command) |
| P3 | Scuttling valve | 4 hrs | $15 solenoid + fitting |
Tamper switch triggers → wipe keys/data → broadcast ALERT → halt
+
Missed heartbeats → BUOY_SILENT alert → intrusion path mapping
+
Remote SCUTTLE command → authenticated wipe via mesh
This gives a compelling demo narrative: "If an adversary finds and opens a buoy, the data is already gone and the entire network knows about it."
- Chemical Weapons Convention (CWC) — Prohibits development, production, stockpiling, and use of chemical weapons
- FIPS 140-2 Section 4.7.6 — Zeroization requirements for cryptographic modules
- NSA/CSS EPL — Equipment destruction standards for classified systems