Illogistician

• 

  dashboard

• 

  QR

• 

  Accepting handoff

The cold-chain logistics industry loses an estimated $35 Billion annually due to cargo tampering, temperature excursions, and damaged goods. However, the biggest problem in supply chain logistics isn't detecting the damage—it’s proving who caused it. Drivers blame warehouses, warehouses blame carriers, and legal disputes drag on for months. We were inspired to build a system that completely eliminates human subjectivity and provides undeniable, cryptographic proof of physical custody and cargo conditions.

What it does

Illogistician is an end-to-end, Zero-Trust IoT cargo monitoring system with a Forensic Tamper Attribution Engine.

IoT Telemetry: An ESP32 hardware simulator streams real-time temperature, accelerometer (shock), and light-breach data. Cryptographic Integrity: Every single packet is signed using timing-safe HMAC-SHA256, completely preventing injection and replay attacks. QR Custody Handoff: Typical trackers just track the box. We track the humans. At every physical handoff, custodians must generate and scan cryptographic QR tokens, creating a non-repudiable chain of custody. Forensic Attribution: If a tamper event occurs (e.g., a massive shock impact), the dashboard instantly flags it red, pulls the exact GPS coordinates, and forensically attributes the breach to the exact custodian who possessed the token at that moment. Web3 Immutability: All data is locked into a SHA-256 hash-chain and pinned to IPFS (via Pinata), ensuring no central database admin can ever alter the logs to protect a vendor.

How we built it

We architected a highly resilient Node.js / Express backend backed by a lightning-fast SQLite WAL database. To handle real-world conditions, we built a sophisticated ESP32 software simulator that generates realistic environmental drift, GPS routes, and scripted tamper scenarios. Security was our priority: we implemented strict payload limits, robust CORS/Helmet headers, and zero-trust cryptographic signature validation on every endpoint. Finally, we designed a premium, "Linear-style" dark-mode UI with live animated SVG gauges and dynamic route tracking using plain HTML/CSS/JS to keep it blazing fast.

Challenges we ran into

Integrating hardware-level HMAC signatures with a Web2 backend while ensuring side-channel attack resistance was extremely difficult. We initially used standard string comparisons for the HMAC tokens, but realized this opened us up to timing attacks. We had to pivot to using Node's crypto.timingSafeEqual(). Additionally, building a real-time polling dashboard that could process and visualize complex hash-chains without crashing the browser thread required meticulous DOM management and optimization.

Accomplishments that we're proud of

We successfully merged IoT hardware constraints with Web3 immutability and Enterprise B2B UI/UX all into a single, cohesive product. Our Tamper Attribution Engine actually works—it seamlessly bridges the gap between digital sensor data and human physical accountability.

What we learned

We learned that combining cryptography with physical supply chain mechanics is incredibly powerful. We also mastered the intricacies of timing-safe cryptography in Node.js, and how to build resilient background workers for IPFS pinning that won't block the main event loop.

What's next for Illogistician

Our immediate next step is integrating Gemini's Multimodal AI Vision API. At every QR custody handoff, the receiving agent will take a photo of the physical cargo. We will feed that image to Gemini alongside our ESP32 accelerometer data. Gemini will cross-reference the sensor telemetry with the visual condition of the box to automatically generate an AI damage assessment report, fully automating logistics insurance claims.

Built With

• cryptography
• css
• express.js
• hmac
• html
• ipfs
• javascript
• node.js
• pinata
• sqlite