$$\upmu $$ Proxy: A Hardware Relay for Anonymous and Secure Internet Access

Privacy and anonymity on the Internet have become a serious concern. Even when anonymity tools like Tor or VPNs are used, the IP and therefore the approximate geolocation from which the user connects to such a service is still visible to an adversary who controls the network. Our proposal \(\upmu \)Proxyaims to mitigate this problem by providing a relay of user-controlled hardware proxies that allows to connect to a (potentially public) network over a large physical distance. One endpoint is connected to a public Wifi hotspot, while the other end connects (over a chain of relay nodes) to the user’s computer. \(\upmu \)Proxy uses a lightweight protocol to create a secure channel between two endpoint nodes, whereas the communication can be routed over an arbitrary amount of relay nodes. The employed cryptography is based on NaCl, using Curve25519 for the key exchange as well as Salsa20 and Poly1305 for authenticated payload encryption. \(\upmu \)Proxy tunnels TCP/IP connections and can therefore be used to secure and anonymize existing, unprotected protocols. We implemented \(\upmu \)Proxy on the ESP8266, a popular Wifi microcontroller, and show that \(\upmu \)Proxy incurs a latency of 20.4 ms per hop under normal operating conditions.