Cypher Maze
In this era of internet ubiquity, Cyber-attacks and surveillance have made internet users privacy conscious. Therefore, safe and confidential transfer of data has now become a necessity. One prime way of ensuring privacy is to stay anonymous online by using a variety of anonymity solutions like
2025-06-28 16:31:02 - Adil Khan
Cypher Maze
Project Area of Specialization Cyber SecurityProject SummaryIn this era of internet ubiquity, Cyber-attacks and surveillance have made internet users privacy conscious. Therefore, safe and confidential transfer of data has now become a necessity. One prime way of ensuring privacy is to stay anonymous online by using a variety of anonymity solutions like Virtual Private Networks (VPNs), Proxies and The Onion Routing Project (TOR).
These widely used solutions come with some critical shortcomings. Many VPNs leak user’s IP address through DNS, WebRTC and otherwise. Proxies, widely used to stay anonymous, do not employ encryption to maintain user anonymity. Similarly, TOR browser appears to be the best available anonymity solution but is not trustworthy due to a variety of issues as mentioned below.
- It is based on Firefox and prone to its inherent vulnerabilities.
- It logs users’ IP upon download
- It is under the surveillance of US Navy thereby raising trust issues
- Few de-anonymization attacks have been successfully performed on TOR
- Like Iran, China and Russia, TOR might become illegal in Pakistan anytime.
Therefore, a complete indigenous Anonymity solution was required to counter growing surveillance issues. This intrigued us to come up with Cypher Maze, that maintains absolute anonymity and confidentiality of users’ data by making use of the Onion Routing based encryption methodology. It would help common users, government organizations, corporate sector and financial organizations to maintain complete anonymity and curb all sorts of surveillance practices and privacy threats posed by adversaries.
Cypher Maze operates in two modes:
- Complete Anonymity Mode (CAM), which provides end to end anonymity.
- Partial Surveillance Mode (PSM), which provides partial anonymity. In this mode only the subject organization can see employee/client activity.
Cypher Maze comes with hardware to maintain code security, MAC binding and licensing. These are the major advantages of Cypher Maze over its competitors (VPNs, Proxies, TOR):
- It can work on any browser, OS and smartphone
- It is an indigenous solution thereby solving trust issues linked with foreign VPNs, free web proxies and Tor
- It is faster as compared to TOR, free VPNs and proxies because Cypher Maze server and nodes do not route general internet traffic and are reserved for customer traffic only.
- Partial Surveillance Mode (PSM) that only allow organizations to keep an eye on users’ web activity
- Cypher Maze also blocks 32000 malicious URLs
- Designing of a complete, efficient and scalable indigenous anonymity solution that makes use of Onion Routing based layered encryption to provide browsing anonymity
- The proposed solution is objected to address anonymity and security concerns of defense organizations, law enforcement agencies, financial sector, security researchers and privacy conscious populace at large.
- The project, Cypher Maze, will open newer avenues of research and innovation along with a drive towards developing indigenous solutions. It can be modified to build a National level Virtual Private Network (VPN)
- The project is also objected to boost research on performing security analysis of such solutions like proxies, VPNs and TOR. The project would delineate a series of security and anonymity tests which can be considered a metric to validate all confidentiality and anonymity solutions.
The client, requiring anonymity and security, connects the Cypher Maze device, Raspberry Pi, to his PC. He then installs and activates it by entering the license key of registered device, thus initiating the connection with Directory Server for information retrieval about active intermediary nodes. This information contains Public IP, Port Numbers and Public Keys of these nodes. The DS selects the intermediary nodes randomly
The information sharing between Raspberry (Proxy) and Directory Server is secured with AES-128 symmetric-encryption and Diffie-Hellman key exchange algorithm.
Now the CM device connects to these intermediary nodes via information provided by teh Directory Server in order to exchange symmetric keys with them. After getting N symmetric keys (for N nodes, as given by the DS) it then encrypts the message header layer by layer (N, N-1, ..., 1). The request now encrypted is routed to the destination through intermediary nodes. Decryption is performed at every node, based on its symmetric key shared with the client (proxy). The last node gets to know about the final destination IP as requested originally by the client. It then performs a rapid check to know whether the requested IP belongs to the database of 32000 malicious IPs or not. If it is safe, the check will not be performed when it is requested next. Finally the browsing request reaches the destination. The same process is followed by the data on its way back from internet to the client via the same route in same fashion as shown.
- Cypher Maze would provide complete and thoroughly tested anonymity to web traffic of its customers
- It would aid people working in defense and law enforcement sector to undergo anonymized and secure communication without leaking out their IP address and other digital artefacts
- Cypher Maze would render anonymity for law officers to engage in online undercover operations; act against censorship and mass surveillances
- Provide business executives with anonymity and security of their information on the Internet
- Cypher Maze would further aid in maintaining browsing and system security by blocking almost 32000 malicious URLs.
- Partial Surveillance Mode of Cypher Maze is extremely useful for organizations who want to complete control over egress browsing traffic yet maintaining complete anonymity
To establish an indigenous secure anonymous network, we've made use of
– Hardware
- Raspberry Pi 3 as Proxy
– Software
- Windows 10
- Raspbian
- PyCharm 2018.2.2
- Bash Scripting
– Networks
- Socket programming, TCP/IP
- Threading/Multi-threading
– Symmetric Cryptography
- Advanced Encryption Standard-128 (Counter Mode)
– Asymmetric Cryptography
- RSA Algorithm
– Key Exchange/Management
- Diffie Hellman Algorithm
| Item Name | Type | No. of Units | Per Unit Cost (in Rs) | Total (in Rs) |
|---|---|---|---|---|
| Total in (Rs) | 63950 | |||
| Raspberry Pi | Equipment | 1 | 6200 | 6200 |
| 6 | Equipment | 2 | 6200 | 12400 |
| SD Card | Equipment | 2 | 1500 | 3000 |
| Router | Equipment | 1 | 8500 | 8500 |
| Switch | Equipment | 1 | 2400 | 2400 |
| Cables and Converters | Equipment | 1 | 1300 | 1300 |
| Casing | Equipment | 1 | 2500 | 2500 |
| Powerbank for Charging Raspberri | Equipment | 1 | 9000 | 9000 |
| Zong 4G Device for seamless internet at Nodes and DS | Equipment | 1 | 5000 | 5000 |
| Printing of CypherMaze Shirts | Miscellaneous | 2 | 600 | 1200 |
| Printing of Standee | Miscellaneous | 1 | 800 | 800 |
| Brochures | Miscellaneous | 50 | 50 | 2500 |
| Contact Cards | Miscellaneous | 50 | 15 | 750 |
| Cloud Subscription/Hosting | Equipment | 2 | 4200 | 8400 |