CypherMesh is a distributed, peer-to-peer system designed to simulate the autonomous sharing and verification of Cyber Threat Intelligence (CTI). It implements a mesh architecture where independent nodes automatically discover each other via UDP, establish stable TCP connections, and propagate security events using a Gossip protocol.
⚠️ Project Status: This project is a Proof of Concept (PoC) and an educational exploration of distributed systems, socket programming, and mesh networking. It is designed to demonstrate complex networking concepts in Python and is not intended for production security environments.
CypherMesh solves specific distributed computing challenges without relying on a central server.
- Challenge: How do nodes find each other without a hardcoded list of IPs or a central Seed server?
- Solution: Nodes listen on
UDP:9999. Upon startup, a node broadcasts aPINGpacket to the local subnet (255.255.255.255). Any active peer replies with aPONGcontaining its TCP address, initiating a handshake.
- Challenge: TCP is a stream protocol; packets can be fragmented or coalesced, breaking standard JSON parsers.
- Solution: Implemented a custom Length-Prefixed Framing protocol. Every message is preceded by a 4-byte Big-Endian header indicating the payload size, ensuring atomic message processing.
- Challenge: How to ensure a message reaches every node in a mesh without direct connections to everyone?
- Solution: When a node receives a valid threat event:
- Deduplication: Checks the SQLite DB to see if the Event ID is already known.
- Verification: Validates the RSA-2048 signature of the reporter.
- Relay: If valid and new, it forwards the message to all connected peers (excluding the sender) to prevent loops.
The project is "Docker-First". You can spin up a fully functional mesh network in seconds.
This command builds the image and starts a single node with its web dashboard.
git clone https://github.com/massimofedrigo/cyphermesh.git
cd cyphermesh
docker compose up -d --build
- Dashboard: http://localhost:5050
- TCP Port:
9001 - UDP Port:
9999
To see the auto-discovery in action, run the development composition which spawns two nodes in the same virtual network.
docker compose -f docker-compose.dev.yml up --build
What to observe:
- Check the logs:
docker compose logs -f. - You will see
Node-1broadcasting a PING. Node-2will respond, and they will automatically establish a TCP connection without manual config.
While technically functional within a controlled environment (Docker/LAN), this architecture highlights several real-world distributed system constraints.
- The Byzantine Generals Problem: In a pure P2P network without a consensus algorithm (like PoW or Raft) or a central Trust Authority, the network is vulnerable to poisoning. A malicious node could broadcast false threats (e.g., "Block Google DNS") which would be propagated as valid signed messages.
- Network Boundaries (NAT): The current UDP Broadcast discovery mechanism works exclusively within a LAN or VPN. It cannot traverse the public Internet without implementing complex techniques like STUN/TURN or hole-punching.
- Agent Performance: A production endpoint security agent must be invisible and low-latency. Python, while excellent for prototyping this logic, introduces significant memory and CPU overhead compared to systems languages like Rust or Go.
This project was built to master the following engineering concepts:
- Asynchronous Networking: Handling non-blocking sockets and race conditions.
- Protocol Design: Implementing binary framing and custom headers on top of TCP.
- Cryptography: Applied RSA signing and verification for data integrity.
- Containerization: Orchestrating a distributed environment using Docker Compose and virtual networks.
| File | Component | Description |
|---|---|---|
src/cyphermesh/core/node.py |
Core Logic | Manages the main loop, UDP listener, TCP server, and Gossip routing. |
src/cyphermesh/core/protocol.py |
Transport | Low-level socket handling (send_message, receive_message) with byte packing. |
src/cyphermesh/models.py |
Data | ThreatEvent dataclass with built-in serialization and RSA signature logic. |
src/cyphermesh/db/ |
Persistence | SQLite wrapper with WAL mode for high-concurrency writing. |
src/cyphermesh/web/ |
UI | Flask-based dashboard to visualize network state and logs. |
Massimo Fedrigo Project developed as a study on P2P architectures and distributed systems.