Mobile // Mobile Applications
News
7/21/2009
02:33 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

HP Researchers Develop Browser-Based Darknet

HP security experts have developed a browser-based system for secure communications and plan to present their project at the upcoming Black Hat conference.

Veiled Browser Darknet
(click image for larger view)
Veiled Browser Darknet

At the Black Hat USA 2009 security conference next week, two HP researchers plan to discuss their efforts to develop a browser-based darknet.

A darknet is a covert, private computer network that's used for secure communications and, often, file sharing.

Darknets can be created using a variety of desktop software applications. Such programs, however, typically require a certain level of technical knowledge for proper configuration and use.

Now, thanks to the power of the new generation of JavaScript engines -- Chrome's V8 and Firefox's TraceMonkey -- the encryption necessary to make a darknet work can be handled in the browser, on either a computer or a mobile phone.

Billy Hoffman, manager of HP's Web security group, and Matt Wood, senior security researcher at HP, have developed a prototype browser-based darknet called Veiled as a proof-of-concept project.

They don't intend to release the software or make the source code available. Rather their aim is simply to show how capable the Web browser has become as an application platform and to discuss the technical challenges they had to overcome to make their prototype work.

Echoing Google's mantra of late, Wood says that browser-based applications are almost as capable as desktop applications.

"By putting it on the Web, we've lowered the barriers to participate in darknets," he said.

Architecturally, Wood describes Veiled as a hybrid model that's somewhere between the peer-to-peer model and client-server model. He says the system still relies on servers to negotiate communication, but the server acts mainly as a router. Veiled can merge servers together so that clients on different servers can communicate directly, he explains.

The browser-based clients can serve files and Web pages. And if a client leaves, files posted remain accessible to others on the darknet. Wood likens the model to that of Wikileaks.

Hoffman says that Veiled shouldn't be seen as a replacement for an anonymity tool like Tor. He says it would be irresponsible to suggest, for example, that Veiled could be used by political dissidents in Iran. "However, I do think that this is something that can aid where people are wanting to create communities quickly and take them down quickly," he said.

He describes Veiled as a tool for creating instant, online communities to serve a flash mob.

"You'd go to URL and that joins you to the darknet," said Wood. "When you close your browser, it's gone. There's no trace you're participating in this."

Wood said that business travelers face the risk of data seizure at border checkpoints all over the world and this technology, in conjunction with browser privacy modes like Chrome's Incognito, could be developed to prevent darknet sessions from being found.

Of course, one can easily come up with nefarious uses for Veiled, which may explain why HP has no interest in monetizing or patenting the technology.

InformationWeek Analytics and DarkReading.com have published an independent analysis of security outsourcing. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 20, 2014
CIOs need people who know the ins and outs of cloud software stacks and security, and, most of all, can break through cultural resistance.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.