A Cryptographically Secured Framework for Tactical Situational Awareness Using Swarms of Small Robots and Drones

Abstract

The maritime domain is transitioning from tethered ROVs to autonomous swarms of AUVs and USVs. However, the efficacy of these swarms is threatened by the acoustic channel's vulnerability to spoofing and a lack of inherent security. This paper presents a comprehensive framework for "AI-based tactical situational awareness" that fuses kinematic behavior with cryptographic verification. We propose a modification to the JANUS physical layer using RC5 encryption and a Location-Based Symmetric Key Management (LBSKM) system to create a "Tactical Bubble" that mathematically gates swarm cohesion. Furthermore, we detail a self-healing command hierarchy where leadership is dynamically inherited based on data quality and clock precision.

1. Introduction: The Convergence of Autonomy and Acoustic Security

The operational paradigm in offshore and maritime domains is shifting toward the deployment of light, agile Autonomous Underwater Vehicles (AUVs). While this transition mitigates the logistical liabilities of heavy tethers, it introduces a critical reliance on Wireless Underwater Communications and Networking (WUCaN) for coordination.

Currently, tactical situational awareness relies on the exchange of state data (location, velocity, intent) over unencrypted bitstreams. As the industry moves toward managing high-value assets—such as nuclear propulsion testbeds and critical energy infrastructure—the absence of a secured "Identification of Friend or Foe" (IFF) capability poses an existential threat. This framework proposes a solution where a drone cannot participate in swarm behaviors unless it proves its spatiotemporal legitimacy within the constraints of the JANUS open standard.

2. Physical Constraints and Cryptographic Adaptation

2.1 Optimizing the JANUS Payload for Security

To operate effectively, the security architecture must respect the physics of the underwater medium, specifically the high latency and limited bandwidth of the acoustic channel. The JANUS standard (NATO STANAG 4748) is the baseline for interoperability, but its 64-bit packet size and 34-bit Application Data Block (ADB) render standard protocols like TLS or X.509 certificates unimplementable.

2.2 The Necessity of Symmetric Cryptography

Consequently, this framework eschews asymmetric cryptography in favor of symmetric pre-shared keys (PSKs). We utilize the RC5 block cipher (RC5-32/12/16), optimized for 32-bit word sizes. This allows the encrypted payload to fit within a single JANUS frame, avoiding the latency and packet loss risks associated with fragmentation.

3. Theoretical Framework: Cryptographically Gated Dynamics

3.1 Redefining Reynolds' Rules

Classical swarm intelligence (Reynolds' boids) relies on raw sensor data for Separation, Alignment, and Cohesion. In a tactical environment, we propose that these behaviors be contingent on the execution of the Téglásy Authentication Protocol:

• Secure Cohesion: The force vector pulling a drone toward the swarm centroid is only calculated using authenticated neighbors. If the distance to a neighbor exceeds a threshold, coordinates are only accepted if the ID and timestamp are successfully decrypted using the session key.

• Secure Separation: If an object encroaches within the minimum safety distance but fails authentication, the "spread" maneuver transitions to an "evasive" maneuver, treating the object as a hostile projectile.

3.2 The "Tactical Bubble" via LBSKM

We adapt Location-Based Symmetric Key Management (LBSKM) to divide the operational theater into cryptographic "Geocells," each associated with a unique symmetric key. Possession of the Geocell Key serves as proof of authorization for that specific volume of water. This creates a "Tactical Bubble" that moves with the swarm; if a drone is removed from the theater, its keys become spatially invalid.

4. The Modified Téglásy-JANUS Protocol

4.1 Bit Allocation Strategy

Rather than utilizing the standard JANUS ADB assignment, we propose a specialized bit-packing strategy to maximize security within the 34-bit limit:

Bit RangeField DescriptionFunctionality1-22HeaderStandard JANUS routing (Unencrypted)23-51Timestamp ($T_A$)29 bits encoding milliseconds (Anti-replay/Ranging)52-54Clock Accuracy ($CD_A$)3 bits describing drift ($10^{-4}$ to $10^{-12}$)55-56FlagsSYN/ACK bits (Cleartext for battery saving)57-64CRCIntegrity check

4.2 Ranging and Verification

The protocol utilizes the Round Trip Time (RTT) of the challenge-response cycle to calculate distance. The inclusion of the Clock Accuracy Descriptor ($CD_A$) allows the AI to assign a confidence interval to this measurement, flagging potential "wormhole attacks" where timing variance is inconsistent with the reported clock quality.

5. Mission Data, Command Redundancy, and Leader Inheritance

To ensure operational resilience, the swarm must manage Mission Data Files (MDF) securely and maintain a command structure that survives the loss of critical nodes.

5.1 Secure Storage and Updates of Mission Data Files

Mission Data Files—containing bathymetric maps and tactical signatures—are stored locally on swarm nodes.

• Cargo Packets with CCM: For tactical updates, the system utilizes "Cargo" packets (extended JANUS frames) secured by CCM (Counter with CBC-MAC) mode. The JANUS header is treated as "Associated Data" (AD), ensuring that routing instructions are authenticated.

• The Mule Concept: For bulk data, a "Mule" drone surfaces for high-bandwidth RF downloads and distributes data via Optical Modems (Blue/Green Laser), creating a secure, line-of-sight channel.

5.2 Dynamic Platoon Leadership and Consensus Selection

The swarm avoids a single point of failure through a "Meritocratic Inheritance" protocol. While Platoon Leaders (Tier 2 nodes) are initially assigned prior to deployment, any Tier 1 Squad Member possesses the cryptographic potential to ascend to leadership.

5.2.1 The Selection Metric: Command Suitability Score (CSS)

Leadership is not inherited by random selection or static ID, but by data quality. Every node continuously calculates its own Command Suitability Score ($CSS$), a weighted metric derived from three critical state variables:

$$CSS = w_1(1/CD) + w_2(E_{rem}) + w_3(L_{qual})$$

Where:

• $CD$ (Clock Drift): The inverse of the clock accuracy. A node with an atomic clock ($10^{-11}$) is prioritized over a TCXO node ($10^{-9}$) because accurate timekeeping is the foundation of the LBSKM security model. A leader with a drifting clock would corrupt the geolocation of the entire squad.

• $E_{rem}$ (Energy Remaining): The percentage of battery life. Leadership requires transmitting on the long-range Global JANUS channel (11.5 kHz), which is energy-intensive.

• $L_{qual}$ (Link Quality): The historical signal-to-noise ratio (SNR) of the node's recent communications with the Mothership or adjacent Platoon Leaders.

5.2.2 Failure Detection and the Election Window

The swarm operates on a "Heartbeat" system. The current Platoon Leader broadcasts a specific "Keep-Alive" flag in the JANUS header every $T_{beat}$ seconds.

1. Trigger: If the squad members do not receive a valid Leader Heartbeat for $2 \cdot T_{beat}$, they declare a Leader Loss Event.

2. The Election Window: The squad enters a 10-second silence period (the Election Window).

3. The Promotion Bid: Nodes with a $CSS$ above a pre-set viability threshold calculate a random back-off timer inversely proportional to their score (higher score = shorter wait). The best candidate transmits a "Promotion Bid" packet first, containing their $CSS$ and the "Claim Leadership" flag.

5.2.3 Consensus and Ratification

When the squad hears a Promotion Bid:

• Comparison: Each node compares the received $CSS$ against its own. If the received score is higher, the node ceases its own attempt to bid (suppression).

• Ratification: If no competing bid with a higher score is heard within the acoustic propagation window, the squad members transmit a hashed "Acceptance" acknowledgment.

• Key Activation: Upon receiving majority acceptance, the new Leader unlocks the dormant "Global Tactical Key" from its secure element and switches its modem to the Tier 2 Global Frequency, restoring the squad's link to the wider tactical network.

6. Risk Assessment and Scalability

6.1 Safety Integration (IEC 62443)

Adhering to IEC 62443-3-2 for Unmanned Offshore Facilities, the swarm is treated as a "Mobile Security Zone". The system prioritizes "Essential Safety Functions" such as collision avoidance. If LBSKM checks fail during an imminent collision state, the system degrades to "Safe Mode," permitting avoidance maneuvers based on raw sensor data while halting data integration.

6.2 Scalability via Hierarchy

To scale to large fleets without acoustic saturation, the system avoids a flat mesh. Tier 1 squads use high-frequency bands for local chatter, while Tier 2 Leaders facilitate inter-squad coordination. This hierarchical approach ensures that the cryptographic overhead remains manageable even as the swarm size increases.

7. Conclusion

This report outlines a robust solution to the paradox of underwater swarm autonomy: the need for constant communication versus the vulnerability of the acoustic channel. By embedding the Téglásy Authentication Protocol into the JANUS physical layer and utilizing RC5 encryption, we transform the swarm into a cryptographically bound entity.

The addition of secure Mission Data File handling and a self-healing, meritocratic command hierarchy ensures that the system is resilient. By allowing leadership to transition dynamically based on clock accuracy and energy reserves, the swarm maintains operational integrity even when high-value nodes are neutralized. This fusion of AI-driven situational awareness with rigorous authentication defines the new standard for secure aquatic robotics.