PeerAI - Distributed AI Communication System
A security engineer's distributed AI communication system that implements peer-to-peer WebRTC networking with AES-GCM encryption, HMAC authentication, and local AI processing for secure, decentralized assistant communication.
Local Test: A Security Engineer’s Deep Dive into Distributed AI Communication
How I built a secure, peer-to-peer AI assistant network that demonstrates advanced networking and cryptography
The Mission
In the world of cybersecurity, secure communication between distributed systems is one of the most challenging problems to solve. As a security engineer, I’ve seen how centralized communication systems become single points of failure and attack vectors. But what if we could create a decentralized network of AI assistants that communicate securely without relying on central servers?
Enter my Local Test project: a sophisticated peer-to-peer communication system that enables AI assistants to talk to each other using WebRTC, end-to-end encryption, and file-based signaling. This project represents my passion for distributed systems security and cryptographic communication—essential skills for any security engineer working on modern network architectures.
As someone deeply passionate about AI and its potential to revolutionize security practices, I’m excited to explore how distributed AI agents can create resilient, self-healing security networks that operate independently of centralized infrastructure.
Architecture: Security-First Distributed Design
Peer-to-Peer Communication Model
1
2
3
4
5
6
7
8
9
10
┌─────────────────┐ WebRTC ┌─────────────────┐
│ Assistant A │◄────────────►│ Assistant B │
│ │ │ │
│ • Local AI │ │ • Local AI │
│ • WebRTC Client │ │ • WebRTC Client │
│ • File Signaling│ │ • File Signaling│
└─────────────────┘ └─────────────────┘
│ │
└─────────── File System ────────┘
(signaling.json)
Security Correlation: This implements decentralized architecture—a fundamental security principle. By eliminating central servers, the system removes single points of failure and attack. Each assistant operates independently, making the network resilient to targeted attacks.
Multi-Transport Communication Layer
1
2
3
4
5
6
7
class HTTPTransport:
def __init__(self, self_name, peer_url, shared_key: str, port=8080):
self.self_name = self_name
self.peer_url = peer_url.rstrip("/")
self.shared_key = hashlib.sha256(shared_key.encode()).digest()
self.inbox = []
self.app = Flask(self_name)
Security Correlation: This demonstrates defense in depth for communication security. The system supports multiple transport protocols (HTTP and WebRTC), ensuring communication can continue even if one method is compromised or blocked.
Cryptographic Security: End-to-End Encryption
AES-GCM Encryption Implementation
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
def _encrypt(self, plaintext: str) -> str:
nonce = get_random_bytes(12)
cipher = AES.new(self.shared_key, AES.MODE_GCM, nonce=nonce)
ciphertext, tag = cipher.encrypt_and_digest(plaintext.encode())
return base64.b64encode(nonce + tag + ciphertext).decode()
def _decrypt(self, payload: str) -> str:
try:
raw = base64.b64decode(payload.encode())
nonce, tag, ciphertext = raw[:12], raw[12:28], raw[28:]
cipher = AES.new(self.shared_key, AES.MODE_GCM, nonce=nonce)
plaintext = cipher.decrypt_and_verify(ciphertext, tag)
return plaintext.decode()
except Exception as e:
print(f"[{self.self_name}] Failed to decrypt message: {e}")
return None
Security Correlation: This implements authenticated encryption using AES-GCM—a critical security control. The system ensures:
- Confidentiality - Messages are encrypted and unreadable to attackers
- Integrity - Messages cannot be tampered with without detection
- Authentication - Messages are verified to come from legitimate sources
HMAC Message Authentication
1
2
3
4
5
6
7
8
9
10
def compute_hmac(message: str) -> str:
return hmac.new(SECRET_KEY, message.encode(), hashlib.sha256).hexdigest()
def handle_handshake(self_id: str, peer_id: str, msg: dict, messenger: Messenger):
sender = msg.get("from")
message = msg.get("message")
sig = msg.get("hmac_sig")
if compute_hmac(message) != sig:
print(f"HMAC mismatch for handshake from {sender}")
return
Security Correlation: This implements message authentication using HMAC-SHA256. Every message is cryptographically signed, preventing:
- Message forgery - Attackers can’t create fake messages
- Replay attacks - Old messages can’t be reused
- Man-in-the-middle attacks - Messages can’t be intercepted and modified
WebRTC: Secure Peer-to-Peer Communication
WebRTC Transport Implementation
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
class WebRTCTransport(BaseTransport):
def __init__(self, name: str, secret_key: str) -> None:
self.name = name
self._cipher = Fernet(secret_key)
self.pc = RTCPeerConnection()
self._recv_queue: asyncio.Queue[str] = asyncio.Queue()
self.channel_ready = asyncio.Event()
def _setup_channel(self, channel):
@channel.on("message")
def on_message(message):
try:
plaintext = self._cipher.decrypt(message.encode()).decode()
asyncio.create_task(self._recv_queue.put(plaintext))
except Exception:
print(f"[{self.name}] Could not decrypt incoming message.")
Security Correlation: This implements secure peer-to-peer communication using WebRTC. The system provides:
- Direct communication - No intermediate servers required
- NAT traversal - Works across different network configurations
- Encrypted channels - All data is encrypted in transit
- Resilient connectivity - Multiple connection paths available
Signaling Handshake Protocol
1
2
3
4
5
6
7
8
9
async def connect(my_id: str, peer_id: str, secret_key: str) -> Tuple[WebRTCTransport, WebRTCTransport]:
# Check if peer already left an offer
state = await _read_state()
peer_offer = state.get(f"{peer_id}_offer")
fresh_offer = peer_offer and time.time() - peer_offer.get("ts", 0) < STALE_SECONDS
if fresh_offer:
print(f"[{my_id}] found fresh offer from {peer_id}, acting as responder")
inbound = await WebRTCTransport.create_responder(my_id, peer_offer["sdp"], secret_key)
Security Correlation: This implements secure signaling—a crucial component of WebRTC security. The file-based signaling system:
- Prevents signaling attacks - Offers and answers are validated
- Implements timeouts - Prevents stale connection attempts
- Uses secure channels - Signaling data is protected
- Supports bidirectional connections - Both assistants can initiate connections
AI Integration: Local Intelligence
Local AI Processing
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
def get_response_from_phi(prompt: str) -> str:
SYSTEM_PROMPT = (
"You are a concise, polite AI assistant. "
"Reply in under 3 sentences. Avoid lists or greetings unless asked."
)
try:
full_prompt = f"{SYSTEM_PROMPT}\n\nUser: {prompt}\nAssistant:"
resp = requests.post(
"http://localhost:11434/api/generate",
json={
"model": "mistral",
"prompt": full_prompt,
"stream": False,
"options": {
"temperature": 0.6,
"top_p": 0.9,
"num_predict": 80
}
},
timeout=60,
)
return data.get("response", "").strip()
except Exception as e:
return f"Error: {e}"
Security Correlation: This implements local AI processing—a critical security principle. By running AI models locally:
- Data privacy - No sensitive data leaves the local system
- Network independence - AI works without internet connectivity
- Attack resistance - No external AI services to compromise
- Audit capability - All AI interactions can be logged and monitored
Message Routing: Intelligent Communication
Message Dispatch System
1
2
3
4
5
6
7
8
9
10
11
12
def dispatch_message(self_id: str, peer_id: str, msg: dict, messenger: Messenger):
mtype = msg.get("type")
if not msg.get("message", "").strip():
print(f"⚠️ {self_id} received empty message, ignoring.")
return
if mtype == "handshake":
handle_handshake(self_id, peer_id, msg, messenger)
elif mtype in ("bot", "user"):
handle_bot_message(self_id, peer_id, msg, messenger)
else:
print(f"⚠️ {self_id}: Unknown message type {mtype}")
Security Correlation: This implements message validation and routing—essential for secure communication. The system:
- Validates message types - Prevents protocol confusion attacks
- Filters empty messages - Reduces noise and potential DoS attacks
- Routes messages appropriately - Ensures proper handling
- Logs unknown types - Helps detect protocol violations
Security Engineering Principles Demonstrated
1. Zero Trust Architecture
The system implements zero trust principles:
- No implicit trust - Every message is authenticated
- Continuous verification - HMAC validation on every message
- Least privilege - Each component has minimal required access
- Defense in depth - Multiple security layers
2. Secure by Design
1
2
3
# Create a salt of 8 characters
N = 8
salt = ''.join(random.choices(string.ascii_lowercase + string.digits, k=N))
Security Correlation: Security is built into every component from the ground up, not added as an afterthought.
3. Resilience and Redundancy
The system supports multiple communication methods:
- HTTP transport - For simple communication
- WebRTC transport - For peer-to-peer communication
- File-based signaling - For connection establishment
Technical Skills Demonstrated
Programming & Networking
- Python - Core development language
- WebRTC - Peer-to-peer communication implementation
- Flask - HTTP server for message transport
- Asyncio - Asynchronous programming for concurrent operations
Security Engineering Skills
- Cryptography - AES-GCM encryption and HMAC authentication
- Network Security - Secure peer-to-peer communication
- Protocol Design - Custom signaling and handshake protocols
- Distributed Systems - Decentralized architecture design
Cybersecurity Knowledge
- End-to-End Encryption - Secure communication protocols
- Zero Trust Architecture - Security-first design principles
- Threat Modeling - Attack surface analysis and mitigation
- Secure Development - Security-focused coding practices
Why This Matters for Security Engineering
Building this distributed AI communication system reinforced several critical security principles:
- Decentralization is Security - Removing central points of failure improves resilience
- Encryption is Essential - Every communication must be encrypted and authenticated
- Local Processing Protects Privacy - AI can be powerful without compromising data
- Protocol Security Matters - Custom protocols must be designed with security in mind
- Resilience Requires Redundancy - Multiple communication methods ensure availability
Future Enhancements
This project has opened my eyes to the potential of secure distributed AI systems. I’m planning to add:
- Blockchain Integration - Immutable message logging and verification
- Federated Learning - Collaborative AI training without data sharing
- Threat Intelligence Sharing - Secure distribution of security information
- Automated Incident Response - Coordinated security responses across agents
- Quantum-Resistant Cryptography - Future-proof encryption algorithms
- Mesh Network Support - Multi-hop communication for larger networks
Security Lessons Learned
1. Complexity is the Enemy of Security
The simpler the protocol, the easier it is to secure. This project demonstrates that complex distributed systems can be made secure through careful design.
2. Local Intelligence is Powerful
AI doesn’t need to be centralized to be effective. Local processing provides better security, privacy, and reliability.
3. Peer-to-Peer is the Future
Centralized systems are vulnerable to attacks and censorship. Peer-to-peer architectures provide resilience and independence.
4. Cryptography is Not Optional
Every communication in a distributed system must be encrypted and authenticated. There’s no such thing as “trusted” networks.
Real-World Applications
This system has practical applications in:
- Secure Communication Networks - Military and government communications
- Decentralized AI Systems - Privacy-preserving AI collaboration
- IoT Security - Secure device-to-device communication
- Blockchain Networks - Secure node-to-node communication
- Emergency Response - Resilient communication during disasters
Final Thoughts
Building this distributed AI communication system taught me that security and decentralization are not mutually exclusive. In fact, they often complement each other. The same cryptographic principles I use to secure centralized systems apply to distributed architectures, but with the added benefit of resilience and independence.
The most valuable lesson? Security is about building systems that can survive attacks, not just prevent them. By distributing intelligence and communication, this system can continue operating even when parts of the network are compromised.
This project demonstrates that security engineering is about building systems that are inherently secure, resilient, and independent. Whether you’re securing centralized systems, building distributed networks, or implementing AI systems, the fundamental principles remain the same: encrypt everything, authenticate everyone, and design for failure.
GitHub: Project Repository
Skills: Python, WebRTC, Cryptography, Distributed Systems, Network Security, AI Integration
What distributed systems have you built that demonstrate the intersection of security, networking, and AI? I’d love to hear your experiences!