SwordNet

India's first compliance-ready VPN, bridging absolute privacy with automated, blockchain-verified legal accountability.

Comment

SwordNet: India's First Compliance-Ready VPN

"India's first compliance-ready VPN, bridging absolute privacy with automated, blockchain-verified legal accountability."

👤 Created By

Hemal Shingloo

📧 Collaboration & Contact

For collaboration inquiries, please reach out to: shingloo93@gmail.com

📖 Overview

SwordNet is a next-generation Virtual Private Network (VPN) architecture designed specifically to address the unique regulatory challenges of the Indian cybersecurity landscape (CERT-In Directions 2022).

Unlike traditional VPNs that either ignore local laws or compromise user privacy completely, SwordNet introduces a "Trust but Verify" model. It protects user privacy from unauthorized surveillance while ensuring that legitimate legal requests (e.g., FIRs, Court Orders) can be serviced through an automated, transparent, and immutable process.

The Problem

  • Regulatory Conflict: New KYC and logging norms (CERT-In 2022) forced many VPN providers to exit India.
  • Privacy Trade-off: Compliant VPNs often become "surveillance tools" with no transparency for the user.
  • Manual Inefficiency: Law enforcement agencies face long delays (weeks/months) to get basic IP logs.

The SwordNet Solution

SwordNet automates the compliance lifecycle using a Forensic Engine and Blockchain Audit Trail.

  • For Users: Transparency Portal shows exactly what data is shared and when.
  • For Government: Dedicated Portal for instant, verified access to specific logs upon submitting legal proof (FIR).
  • For Trust: Every access request is hashed and recorded on a public blockchain, ensuring no "backdoor" lookups.

🏗️ Detailed System Architecture

SwordNet operates on a microservices-based architecture divided into five strictly isolated layers to ensure security, privacy, and compliance.

1. User Layer (The Client)

  • SwordNet Client: A cross-platform VPN client (Windows/Mac/Mobile) designed for "Zero-Trust" access.
  • User Transparency Portal: A unique dashboard where users can see exactly if and when their data was accessed by authorities. If a request is made, the user sees a notification (subject to "gag orders" or legal delays) with the corresponding Blockchain Hash, allowing them to verify the legitimacy of the access.

2. Security Layer (The Shield)

This layer protects the infrastructure from attacks and abuse.

  • TLS 1.3 Termination: All traffic is encrypted in transit using the latest standards.
  • Web Application Firewall (WAF): Filters malicious traffic, SQL injection attempts, and XSS attacks before they reach backend services.
  • Rate Limiting: Intelligent limits prevent DDoS attacks and "fishing expeditions" for data.
  • CORS & CSRF Custom Logic: Strict browser security policies to prevent unauthorized cross-origin access.

3. VPN Provider Layer (The Service)

  • WireGuard Protocol: Uses the state-of-the-art WireGuard protocol for high-speed, secure tunneling.
  • Metadata Separation: The actual VPN traffic is not logged. Only the metadata (Time, IP, and Duration) required by CERT-In laws is temporarily stored.
  • Encrypted Session Logger: This metadata is written to an AES-256 encrypted database. Direct access to this database is impossible for human admins; it can only be queried by the Forensic Engine.

4. Compliance Layer (The Judge)

This is the core innovation of SwordNet.

  • Government Portal: A dedicated interface for LEAs (Law Enforcement Agencies). It does not grant browse access.
  • Automated Verification: The portal demands a valid FIR (First Information Report) number or Court Order ID.
  • Forensic Engine: When a valid request is received, this engine runs a strict query (e.g., "GET session_logs WHERE IP=X AND Time=Y"). It retrieves only the specific rows requested, nothing more.

5. Trust Layer (The Auditor)

  • Immutable Audit Trail: Before any data is returned to the government portal, a SHA-256 hash of the request and the result is generated.
  • Blockchain Anchoring: This hash is written to a public blockchain smart contract (Ethereum/Polygon). This creates an unchangeable, timestamped record of the access event.
  • Anti-Tamper: Even if a provider wanted to hide that they shared data, they cannot, because the blockchain record is public.

(See system_architecture.md for the detailed flowchart)

🛠️ Technology Stack

Frontend

  • Framework: Next.js 14 (React)
  • Styling: Tailwind CSS (v4)
  • Icons: Lucide React
  • Animations: Framer Motion
  • Language: TypeScript

Backend

  • Framework: FastAPI (Python)
  • Database: PostgreSQL (Production), SQLite (Dev)
  • ORM: SQLAlchemy
  • Validation: Pydantic
  • Security: SlowAPI (Rate Limiting), CORSMiddleware
  • Performance: Prometheus Instrumentator (Metrics)

Infrastructure & Security (Planned/In-Progress)

  • VPN Protocol: WireGuard
  • Containerization: Docker & Docker Compose
  • Encryption: AES-256 for Vault Storage, TLS 1.3 for Transport

🚀 Key Features

1. Government Compliance Portal

A specialized interface for Law Enforcement Agencies (LEAs).

  • Automated Verification: Accepts FIR numbers and validates date ranges.
  • Instant Forensics: Generates limited-scope reports (e.g., "Who was using IP X at Time Y?").
  • No Overreach: Prevents fishing expeditions by enforcing strict time/scope limits.

2. User Transparency & Privacy

  • Notification System: Users are notified (if legally permissible) when their data is accessed.
  • Access Logs: Users can verify via Blockchain hash that their data has not been tampered with or accessed without record.

3. Blockchain Audit Trail

  • Immutable Ledger: Every internal or external query to the database is hashed (SHA-256) and anchored to a smart contract.
  • Anti-Tamper: Prevents corrupted admins or providers from deleting logs after the fact.

⚙️ Installation & Setup

Prerequisites

  • Node.js v18+
  • Python 3.9+
  • Docker (optional, for full stack run)

1. Backend Setup

cd backend
python -m venv venv
source venv/bin/activate  # or venv\Scripts\activate on Windows
pip install -r requirements.txt
python -m uvicorn main:app --reload --port 8000

The API will start at http://localhost:8000

2. Frontend Setup

cd frontend
npm install
npm run dev

The Application will start at http://localhost:3000

🛣️ Roadmap & Security Improvements

We are actively hardening the system for production deployment. Current priority tasks include:

🔴 Critical Security Priorities

  • [ ] TLS 1.3 Enforcement: Full HTTPS implementation with Certificate Pinning for mobile.
  • [ ] CORS & CSRF Hardening: Strict origin policies and anti-CSRF tokens.
  • [ ] Security Headers: HSTS, CSP, and X-Content-Type-Options implementation.
  • [ ] API Rate Limiting: Redis-backed distributed rate limiting for DDoS protection.

🟡 Operational Enhancements

  • [ ] Monitoring Stack: Prometheus & Grafana integration.
  • [ ] Key Rotation: Automated API Key rotation service.
  • [ ] Disaster Recovery: Multi-region encrypted backups.

📄 License

Property of Hemal Shingloo. All rights reserved. For licensing and collaboration, contact shingloo93@gmail.com.

Built With

Share this project:

Updates