Intent
The high performance proxy framework is designed to allow users to transparently use the features of A3 and other similar specialized networks. The main challenge is to create a low‐overhead architecture using portable technologies and supporting all standard Internet protocols.
Design goals
- Allow any network application to make use of the A3 network
- Allow connections to reach destinations external to the network
- Augment the path selection algorithm to account for the last out‐of‐network hop
Architecture
TCP over UDP is an established concept used primarily in virtual private network (openvpn). Anonymity Proxy Framework is the first system to combine TCP over UDP routing with anonymity. The result is a high-performance protocol capable of routing data over one or more intermediate nodes.
1. User application start sending packets to Tun0 device. This is done transparently.
2. Anonymity framework read and parse the packet for source and destination. The Packet Parsing Module generates packets with specialized headers containing unique 160-bit id. Connection Manager multiplex the new packet based on the connection ID or create a new connection.
3. Data packet is routed from local A3 node to the exit A3 node.
4. Stream Decoder Module decode the incoming packet and generate the original incoming packet. The packet is forwarded through local Tun device.
5. Listen on Tun device for "decoded" packets. For TCP stream, all the packets recieved here will be data packets.
6. Send packets received from TUN to its original destination. For TCP, this will automatically establish connection to the destination.
Consequences
- Applications don’t need explicit proxy (i.e. SOCKS) support
- Portable design – most platforms support virtual network devices
- Compact utilizes kernel implementation of TCP/UDP protocol
- Forward and backward compatible with core protocols
- Preserves anonymity of A3, with packet rewriting so that all virtual network devices can use arbitrary IP addresses
Implementation
We implemented a prototype of the anonymity framework in Python/Java. The framework design proved to have minimal-overhead and clocked download speed of 10Mbps.
