Speeding up Tor with SPDY (Master's Thesis)

Using SPDY with Tor via proxies

SPDY is a rather new protocol which is an alternative to HTTP. It was designed to address inefficiencies in the latter and thereby improve latency and reduce bandwidth consumption.

[1] presents the design and implementation of a setup for utilizing SPDY within the anonymizing Tor network for reducing latency and traffic in the latter. A C library implementing the SPDY server protocol is introduced together with an HTTP to SPDY and a SPDY to HTTP proxy which are the base for the presented design.

Moreover, the real profit from using SPDY within the Tor network on loading some of the most popular web sites is presented.

How to run the proxies with Tor (30.12.2013)

1. How to run SPDY-to-HTTP proxy on Tor exit node

The following software is needed:
- libmicrospdy -- ~~it can be found together with libmicrohttpd: http://www.gnu.org/s/libmicrohttpd/~~
  (23.01.2016: The library is not maintained anymore. The latest version can be found at
  https://github.com/andreyuzunov/microhttpd/tree/7eb43cdad7616be3b74a81e4e8f6e3ad4a20f640 )
The proxy should listen on IPv4 address 192.0.2.80 and port 9980. This address is not routed on the Internet. It should be assigned to the node. As an example for doing this, Debian file /etc/network/interfaces could be used:
```
  auto lo:0
  allow-hotplug lo:0
  iface lo:0 inet static
    address 192.0.2.80
    netmask 255.255.255.0
```
Tor may want to use this address, so it is possibly a good idea to use 'Address' in Tor configuration file to tell Tor which is actually your public address.
Make sure that the exit node have such an exit policy (in file torrc) that 192.0.2.80:9980 is allowed. You can put to the beginning of your ExitPolicy:
```
  accept 192.0.2.80:9980,
```
After compiling and installing libmicrohttpd, the proxy executable is called microspdy2http. Run it like this:
```
  microspdy2http -p 9980 -l 192.0.2.80 -rDt4 -T 120
```
Note: SPDY header compression is enabled in libmicrospdy. This can be a security risk (CRIME attack).

2. How to run HTTP-to-SPDY proxy on Tor client

The following software is needed:
- spdylay -- http://spdylay.sourceforge.net/
- libmicrohttpd -- http://www.gnu.org/s/libmicrohttpd/
  (23.01.2016: The required examples can be found at
  https://github.com/andreyuzunov/libmicrohttpd/tree/7eb43cdad7616be3b74a81e4e8f6e3ad4a20f640/src/examples )
- torsocks -- http://code.google.com/p/torsocks/. (The Tor SOCKS proxy by default listens on port 9050, but Tor from Tor Browser Bundle listens on 9150. You may need to edit torsocks.conf -- search where it is located -- to configure this.)
For now, Tor client cannot automatically find an exit node with proxy. Thus, this has to be configured in the file 'torrc':
```
  ExitNodes 1.2.3.4
  StrictNodes 1
```
The HTTP-to-SPDY proxy is called mhd2spdy. ~~You can find it in the examples folder of libmicrohttpd.~~ Run it together with torsocks like this:
```
  torsocks src/examples/mhd2spdy -p 1980 -b http://192.0.2.80:9980 -o
```
To start using the proxy, you have to configure the Tor Browser.

You should set an HTTP proxy: the address is 127.0.0.1 and the port is the same you used for starting mhd2spdy (e.g. 1980 here in this example). To have a fully functional browser, do NOT remove the SOCKS proxy. In this way, all HTTP connection will go through the HTTP-to-SPDY proxy and all HTTPS connections will go directly through the Tor proxy. This works in the Tor Browser!

To gain performance, you have to open 'about:config' and set 'netowrk.http.proxy.pipelining' to 'false'!

Note: Tor will issue warnings like this:
```
  Your application (using socks4 to port 9980) is giving Tor only an IP address.
  Applications that do DNS resolves themselves may leak information. ...
```
For now, this cannot be avoided. It does not mean that there are leaks.

Note: SPDY header compression is disabled in spdylay because of the CRIME attack.

Contact

Andrey Uzunov <andrey.uzunov at online6.eu>