HP Researchers Develop Browser-Based Darknet - InformationWeek
Mobile // Mobile Applications
02:33 PM
Connect Directly

HP Researchers Develop Browser-Based Darknet

HP security experts have developed a browser-based system for secure communications and plan to present their project at the upcoming Black Hat conference.

Veiled Browser Darknet
(click image for larger view)
Veiled Browser Darknet

At the Black Hat USA 2009 security conference next week, two HP researchers plan to discuss their efforts to develop a browser-based darknet.

A darknet is a covert, private computer network that's used for secure communications and, often, file sharing.

Darknets can be created using a variety of desktop software applications. Such programs, however, typically require a certain level of technical knowledge for proper configuration and use.

Now, thanks to the power of the new generation of JavaScript engines -- Chrome's V8 and Firefox's TraceMonkey -- the encryption necessary to make a darknet work can be handled in the browser, on either a computer or a mobile phone.

Billy Hoffman, manager of HP's Web security group, and Matt Wood, senior security researcher at HP, have developed a prototype browser-based darknet called Veiled as a proof-of-concept project.

They don't intend to release the software or make the source code available. Rather their aim is simply to show how capable the Web browser has become as an application platform and to discuss the technical challenges they had to overcome to make their prototype work.

Echoing Google's mantra of late, Wood says that browser-based applications are almost as capable as desktop applications.

"By putting it on the Web, we've lowered the barriers to participate in darknets," he said.

Architecturally, Wood describes Veiled as a hybrid model that's somewhere between the peer-to-peer model and client-server model. He says the system still relies on servers to negotiate communication, but the server acts mainly as a router. Veiled can merge servers together so that clients on different servers can communicate directly, he explains.

The browser-based clients can serve files and Web pages. And if a client leaves, files posted remain accessible to others on the darknet. Wood likens the model to that of Wikileaks.

Hoffman says that Veiled shouldn't be seen as a replacement for an anonymity tool like Tor. He says it would be irresponsible to suggest, for example, that Veiled could be used by political dissidents in Iran. "However, I do think that this is something that can aid where people are wanting to create communities quickly and take them down quickly," he said.

He describes Veiled as a tool for creating instant, online communities to serve a flash mob.

"You'd go to URL and that joins you to the darknet," said Wood. "When you close your browser, it's gone. There's no trace you're participating in this."

Wood said that business travelers face the risk of data seizure at border checkpoints all over the world and this technology, in conjunction with browser privacy modes like Chrome's Incognito, could be developed to prevent darknet sessions from being found.

Of course, one can easily come up with nefarious uses for Veiled, which may explain why HP has no interest in monetizing or patenting the technology.

InformationWeek Analytics and DarkReading.com have published an independent analysis of security outsourcing. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll