DOI: https://doi.org/10.32515/2414-3820.2024.54.106-116
Comparison of HTTP 2 Header Compression Methods
About the Authors
Olexandr Ulichev, PhD in Technics (Candidate of Technics Sciences), Central Ukrainian National Technical University, Kropyvnytskyi, Ukraine, e-mail: askin79@gmail.com, ORCID ID: 0000-0003-3736-9613
Olexandr Revniuk, post-graduate, Central Ukrainian National Technical University, Kropyvnytskyi, Ukraine, e-mail: o.revnyuk@edu.ua
Abstract
The primary aim of this research is to analyze the key methods of header compression in the HTTP 2 protocol to optimize data transmission over the network. This study explores the prerequisites for developing the HPACK compression algorithm, assesses the potential threats and data loss risks associated with compression, and identifies strategies to minimize these risks. Additionally, the research focuses on the challenges of handling cookies in HTTP headers and determining optimal compression methods for reducing the volume of transmitted data, with practical examples from commercial code.
Introduced in 2015, HTTP 2 significantly improves web communication efficiency by utilizing multiplexing and header compression. Unlike HTTP 1.1, which involves repetitive transmission of headers for each request, HTTP 2 addresses this redundancy through HPACK, which uses static and dynamic header tables alongside Huffman coding. These techniques substantially reduce the data volume transmitted between client and server, lowering the load on network resources, especially in mobile environments with limited bandwidth. This paper examines how HPACK achieves data optimization by compressing frequently used headers while maintaining secure data transmission. It also explores various methods of implementing compression, including Huffman coding and lookup tables, to enhance efficiency in practical web applications. The findings highlight the trade-offs between compression efficiency and security, especially concerning the transmission of sensitive information like cookies.
The use of HPACK for header compression in HTTP 2 drastically reduces the volume of transmitted data, thereby improving network request efficiency. While Huffman coding is often effective, its benefits may not always outweigh those of traditional ASCII encoding, particularly for larger or less frequently used headers. The study concludes that effective compression strategies must consider both data optimization and security, especially when transmitting sensitive information such as cookies. By selecting the appropriate compression methods, it is possible to balance the efficiency of data transfer with the protection of confidential information. Future research should focus on enhancing HPACK's balance between compression and security as technologies evolve and potential vulnerabilities emerge.
Keywords
HTTP2, header compression in HTTP2, HPACK, cookies, Huffman coding, HTTP requests
Full Text:
PDF
References
1. Singh, V. (2023, October 1). Evolution of internet protocols: episode 573. Software Engineering Radio. https://podcasts.apple.com/ua/podcast/software-engineering-radio-the-podcast-for/id120906714?i=1000621654154
2. Kravchuk, O. (2016). Aspects of transition to HTTP/2. Visnyk Khmelnytskoho Natsionalnoho Universytetu, (5), 221. [in Ukrainian]
3. Peon, R., & Ruellan, H. (2015). HPACK: Header compression for HTTP/2 (No. RFC 7541). https://www.rfc-editor.org/rfc/rfc7541.html
4. Perevoznikov, S. I., & Horobets, Y. V. (2020). Comparison of page loading time using HTTP1 and HTTP2 protocols. In Proceedings of the XII International Scientific-Practical Conference “Internet-Education-Science” (IES-2020), Vinnytsia, Ukraine (pp. 88-91). VNTU. [in Ukrainian]
5. Drovovozov, V. I., & Khemraiev, A. K. (2020). Analysis of redundancy in TCP/IP protocols stack. Informatyzatsiia ta upravlinnia, (26). [in Ukrainian]
6. Kerschbaumer, C., Gaibler, J., Edelstein, A., & van der Merwey, T. (2021). HTTPS-only: Upgrading all connections to HTTPS in web browsers. In Workshop on Measurements, Attacks, and Defenses for the Web. Internet Society. https://doi.org/10.14722/madweb.2021.23010
7. Chobanu, V. V. (2021). Research and development of a system for selecting the optimal data compression algorithm for backup. Informatsiini Tekhnolohii ta Systemy, (7). [in Ukrainian]
8. Khataei, A., & Bazargan, K. (2024, April). CompressedLUT: An open-source tool for lossless compression of lookup tables for function evaluation and beyond. Proceedings of the 2024 ACM/SIGDA International Symposium on Field Programmable Gate Arrays (pp. 2-11).
9. Moffat, A. (2019). Huffman coding. ACM Computing Surveys (CSUR), 52(4), 1-35. https://doi.org/10.1145/3338521
10. Methods of image compression. (n.d.). Kafedra programnoho zabezpechennia Dniprovskoho derzhavnoho tekhnichnoho universytetu. https://pzs.dstu.dp.ua/ComputerGraphics/ic/index.html [in Ukrainian]
11. Ivanov, O., Ruzhentsev, V., & Oliynykov, R. (2018, October). Comparison of modern network attacks on TLS protocol. In 2018 International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T) (pp. 565-570). IEEE. https://doi.org/10.1109/PICST.2018.8632037
12. Parveen, K., & Fatima, N. (2023). Cookie hijacking: Privacy risk. International Journal for Electronic Crime Investigation, 7(4), 61-72. https://doi.org/10.1016/j.ijeci.2023.03.002
13. Beckett, D., & Sezer, S. (2017, September). HTTP/2 tsunami: Investigating HTTP/2 proxy amplification DDoS attacks. In 2017 Seventh International Conference on Emerging Security Technologies (EST) (pp. 128-133). IEEE. https://doi.org/10.1109/EST.2017.7890109
14. Jiang, M., Luo, X., Miu, T., Hu, S., & Rao, W. (2017, June). Are HTTP/2 servers ready yet? In 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS) (pp. 1661-1671). IEEE. https://doi.org/10.1109/ICDCS.2017.192
15. Kontaxis, G., & Chew, M. (2015). Tracking protection in Firefox for privacy and performance. arXiv preprint. https://arxiv.org/abs/1506.04104
Citations
1. Singh V. Evolution of internet protocols: episode 573. Software engineering radio. URL: https://podcasts.apple.com/ua/podcast/software-engineering-radio-the-podcast-for/id120906714?i=1000621654154 (дата звернення: 01.10.2023).
2. Кравчук О. Аспекти переходу на HTTP/2. Вісник Хмельницького національного університету. 2016. № 5. С. 221.
3. Peon R., Ruellan H. HPACK: Header compression for HTTP/2 (No. RFC 7541). URL: https://www.rfc-editor.org/rfc/rfc7541.html (дата звернення: 14.11.2024).
4. Перевозніков С. І., Горобець Ю. В. Порівняння часу завантаження сторінки за протоколами HTTP1 та HTTP2. Матеріали XII Міжнародної науково-практичної конференції «Інтернет-освіта-наука» (IES-2020), Україна, Вінниця, 26-29 травня 2020 р. Вінниця, 2020. С. 88-91.
5. Дрововозов В. І., Хемраєв А. К. Аналіз надлишковості протоколів стека TCP/IP. Інформатизація та управління. 2020. № 26.
6. Kerschbaumer C., Gaibler J., Edelstein A., van der Merwey T. HTTPS-Only: Upgrading all connections to HTTPS in web browsers . Workshop on measurements, attacks, and defenses for the web. 2021. URL: https://doi.org/10.14722/madweb.2021.23010 (дата звернення: 14.11.2024).
7. Чобану В. В. Дослідження та розроблення системи вибору оптимального алгоритму стиснення даних при резервному копіюванні. Інформаційні технології та системи. 2021. № 7.
8. Khataei A., Bazargan K. CompressedLUT: An Open Source Tool for Lossless Compression of Lookup Tables for Function Evaluation and Beyond. Proceedings of the 2024 ACM/SIGDA International Symposium on Field Programmable Gate Arrays. 2024. С. 2-11.
9. Moffat A. Huffman coding ACM Computing Surveys (CSUR). 2019. Т. 52, № 4. С. 1-35.
10. Методи стиску зображень / Кафедра програмного забезпечення Дніпровського державного технічного університету. URL: https://pzs.dstu.dp.ua/ComputerGraphics/ic/index.html (дата звернення: 14.11.2024).
11. Ivanov O., Ruzhentsev V., Oliynykov R. Comparison of modern network attacks on TLS protocol 2018 International Scientific-Practical Conference Problems of Infocommunications. Science and Technology (PIC S&T). 2018. С. 565-570.
12. Parveen K., Fatima N. Cookie Hijacking: Privacy Risk International Journal for Electronic Crime Investigation. 2023. Т. 7, № 4. С. 61-72.
13. Beckett D., Sezer S. HTTP/2 tsunami: Investigating HTTP/2 proxy amplification DDoS attacks 2017 Seventh International Conference on Emerging Security Technologies (EST). 2017. С. 128-133.
14. Jiang M., Luo X., Miu T., Hu S., Rao W. Are HTTP/2 servers ready yet? 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS). 2017. С. 1661-1671.
15. Kontaxis G., Chew M. Tracking protection in Firefox for privacy and performance. arXiv:1506.04104. URL: https://arxiv.org/abs/1506.04104 (дата звернення: 14.11.2024).
Copyright (c) 2024 Olexandr Ulichev, Olexandr Revniuk
Comparison of HTTP 2 Header Compression Methods
About the Authors
Olexandr Ulichev, PhD in Technics (Candidate of Technics Sciences), Central Ukrainian National Technical University, Kropyvnytskyi, Ukraine, e-mail: askin79@gmail.com, ORCID ID: 0000-0003-3736-9613
Olexandr Revniuk, post-graduate, Central Ukrainian National Technical University, Kropyvnytskyi, Ukraine, e-mail: o.revnyuk@edu.ua
Abstract
The primary aim of this research is to analyze the key methods of header compression in the HTTP 2 protocol to optimize data transmission over the network. This study explores the prerequisites for developing the HPACK compression algorithm, assesses the potential threats and data loss risks associated with compression, and identifies strategies to minimize these risks. Additionally, the research focuses on the challenges of handling cookies in HTTP headers and determining optimal compression methods for reducing the volume of transmitted data, with practical examples from commercial code. Introduced in 2015, HTTP 2 significantly improves web communication efficiency by utilizing multiplexing and header compression. Unlike HTTP 1.1, which involves repetitive transmission of headers for each request, HTTP 2 addresses this redundancy through HPACK, which uses static and dynamic header tables alongside Huffman coding. These techniques substantially reduce the data volume transmitted between client and server, lowering the load on network resources, especially in mobile environments with limited bandwidth. This paper examines how HPACK achieves data optimization by compressing frequently used headers while maintaining secure data transmission. It also explores various methods of implementing compression, including Huffman coding and lookup tables, to enhance efficiency in practical web applications. The findings highlight the trade-offs between compression efficiency and security, especially concerning the transmission of sensitive information like cookies. The use of HPACK for header compression in HTTP 2 drastically reduces the volume of transmitted data, thereby improving network request efficiency. While Huffman coding is often effective, its benefits may not always outweigh those of traditional ASCII encoding, particularly for larger or less frequently used headers. The study concludes that effective compression strategies must consider both data optimization and security, especially when transmitting sensitive information such as cookies. By selecting the appropriate compression methods, it is possible to balance the efficiency of data transfer with the protection of confidential information. Future research should focus on enhancing HPACK's balance between compression and security as technologies evolve and potential vulnerabilities emerge.Keywords
Full Text:
PDFReferences
1. Singh, V. (2023, October 1). Evolution of internet protocols: episode 573. Software Engineering Radio. https://podcasts.apple.com/ua/podcast/software-engineering-radio-the-podcast-for/id120906714?i=1000621654154
2. Kravchuk, O. (2016). Aspects of transition to HTTP/2. Visnyk Khmelnytskoho Natsionalnoho Universytetu, (5), 221. [in Ukrainian]
3. Peon, R., & Ruellan, H. (2015). HPACK: Header compression for HTTP/2 (No. RFC 7541). https://www.rfc-editor.org/rfc/rfc7541.html
4. Perevoznikov, S. I., & Horobets, Y. V. (2020). Comparison of page loading time using HTTP1 and HTTP2 protocols. In Proceedings of the XII International Scientific-Practical Conference “Internet-Education-Science” (IES-2020), Vinnytsia, Ukraine (pp. 88-91). VNTU. [in Ukrainian]
5. Drovovozov, V. I., & Khemraiev, A. K. (2020). Analysis of redundancy in TCP/IP protocols stack. Informatyzatsiia ta upravlinnia, (26). [in Ukrainian]
6. Kerschbaumer, C., Gaibler, J., Edelstein, A., & van der Merwey, T. (2021). HTTPS-only: Upgrading all connections to HTTPS in web browsers. In Workshop on Measurements, Attacks, and Defenses for the Web. Internet Society. https://doi.org/10.14722/madweb.2021.23010
7. Chobanu, V. V. (2021). Research and development of a system for selecting the optimal data compression algorithm for backup. Informatsiini Tekhnolohii ta Systemy, (7). [in Ukrainian]
8. Khataei, A., & Bazargan, K. (2024, April). CompressedLUT: An open-source tool for lossless compression of lookup tables for function evaluation and beyond. Proceedings of the 2024 ACM/SIGDA International Symposium on Field Programmable Gate Arrays (pp. 2-11).
9. Moffat, A. (2019). Huffman coding. ACM Computing Surveys (CSUR), 52(4), 1-35. https://doi.org/10.1145/3338521
10. Methods of image compression. (n.d.). Kafedra programnoho zabezpechennia Dniprovskoho derzhavnoho tekhnichnoho universytetu. https://pzs.dstu.dp.ua/ComputerGraphics/ic/index.html [in Ukrainian]
11. Ivanov, O., Ruzhentsev, V., & Oliynykov, R. (2018, October). Comparison of modern network attacks on TLS protocol. In 2018 International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T) (pp. 565-570). IEEE. https://doi.org/10.1109/PICST.2018.8632037
12. Parveen, K., & Fatima, N. (2023). Cookie hijacking: Privacy risk. International Journal for Electronic Crime Investigation, 7(4), 61-72. https://doi.org/10.1016/j.ijeci.2023.03.002
13. Beckett, D., & Sezer, S. (2017, September). HTTP/2 tsunami: Investigating HTTP/2 proxy amplification DDoS attacks. In 2017 Seventh International Conference on Emerging Security Technologies (EST) (pp. 128-133). IEEE. https://doi.org/10.1109/EST.2017.7890109
14. Jiang, M., Luo, X., Miu, T., Hu, S., & Rao, W. (2017, June). Are HTTP/2 servers ready yet? In 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS) (pp. 1661-1671). IEEE. https://doi.org/10.1109/ICDCS.2017.192
15. Kontaxis, G., & Chew, M. (2015). Tracking protection in Firefox for privacy and performance. arXiv preprint. https://arxiv.org/abs/1506.04104
Citations
1. Singh V. Evolution of internet protocols: episode 573. Software engineering radio. URL: https://podcasts.apple.com/ua/podcast/software-engineering-radio-the-podcast-for/id120906714?i=1000621654154 (дата звернення: 01.10.2023).
2. Кравчук О. Аспекти переходу на HTTP/2. Вісник Хмельницького національного університету. 2016. № 5. С. 221.
3. Peon R., Ruellan H. HPACK: Header compression for HTTP/2 (No. RFC 7541). URL: https://www.rfc-editor.org/rfc/rfc7541.html (дата звернення: 14.11.2024).
4. Перевозніков С. І., Горобець Ю. В. Порівняння часу завантаження сторінки за протоколами HTTP1 та HTTP2. Матеріали XII Міжнародної науково-практичної конференції «Інтернет-освіта-наука» (IES-2020), Україна, Вінниця, 26-29 травня 2020 р. Вінниця, 2020. С. 88-91.
5. Дрововозов В. І., Хемраєв А. К. Аналіз надлишковості протоколів стека TCP/IP. Інформатизація та управління. 2020. № 26.
6. Kerschbaumer C., Gaibler J., Edelstein A., van der Merwey T. HTTPS-Only: Upgrading all connections to HTTPS in web browsers . Workshop on measurements, attacks, and defenses for the web. 2021. URL: https://doi.org/10.14722/madweb.2021.23010 (дата звернення: 14.11.2024).
7. Чобану В. В. Дослідження та розроблення системи вибору оптимального алгоритму стиснення даних при резервному копіюванні. Інформаційні технології та системи. 2021. № 7.
8. Khataei A., Bazargan K. CompressedLUT: An Open Source Tool for Lossless Compression of Lookup Tables for Function Evaluation and Beyond. Proceedings of the 2024 ACM/SIGDA International Symposium on Field Programmable Gate Arrays. 2024. С. 2-11.
9. Moffat A. Huffman coding ACM Computing Surveys (CSUR). 2019. Т. 52, № 4. С. 1-35.
10. Методи стиску зображень / Кафедра програмного забезпечення Дніпровського державного технічного університету. URL: https://pzs.dstu.dp.ua/ComputerGraphics/ic/index.html (дата звернення: 14.11.2024).
11. Ivanov O., Ruzhentsev V., Oliynykov R. Comparison of modern network attacks on TLS protocol 2018 International Scientific-Practical Conference Problems of Infocommunications. Science and Technology (PIC S&T). 2018. С. 565-570.
12. Parveen K., Fatima N. Cookie Hijacking: Privacy Risk International Journal for Electronic Crime Investigation. 2023. Т. 7, № 4. С. 61-72.
13. Beckett D., Sezer S. HTTP/2 tsunami: Investigating HTTP/2 proxy amplification DDoS attacks 2017 Seventh International Conference on Emerging Security Technologies (EST). 2017. С. 128-133.
14. Jiang M., Luo X., Miu T., Hu S., Rao W. Are HTTP/2 servers ready yet? 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS). 2017. С. 1661-1671.
15. Kontaxis G., Chew M. Tracking protection in Firefox for privacy and performance. arXiv:1506.04104. URL: https://arxiv.org/abs/1506.04104 (дата звернення: 14.11.2024).