HP Researchers Develop Browser-Based Darknet

HP security experts have developed a browser-based system for secure communications and plan to present their project at the upcoming Black Hat conference.

Thomas Claburn, Editor at Large, Enterprise Mobility

July 21, 2009

3 Min Read

Veiled Browser Darknet
(click image for larger view)
Veiled Browser Darknet

At the Black Hat USA 2009 security conference next week, two HP researchers plan to discuss their efforts to develop a browser-based darknet.

A darknet is a covert, private computer network that's used for secure communications and, often, file sharing.

Darknets can be created using a variety of desktop software applications. Such programs, however, typically require a certain level of technical knowledge for proper configuration and use.

Now, thanks to the power of the new generation of JavaScript engines -- Chrome's V8 and Firefox's TraceMonkey -- the encryption necessary to make a darknet work can be handled in the browser, on either a computer or a mobile phone.

Billy Hoffman, manager of HP's Web security group, and Matt Wood, senior security researcher at HP, have developed a prototype browser-based darknet called Veiled as a proof-of-concept project.

They don't intend to release the software or make the source code available. Rather their aim is simply to show how capable the Web browser has become as an application platform and to discuss the technical challenges they had to overcome to make their prototype work.

Echoing Google's mantra of late, Wood says that browser-based applications are almost as capable as desktop applications.

"By putting it on the Web, we've lowered the barriers to participate in darknets," he said.

Architecturally, Wood describes Veiled as a hybrid model that's somewhere between the peer-to-peer model and client-server model. He says the system still relies on servers to negotiate communication, but the server acts mainly as a router. Veiled can merge servers together so that clients on different servers can communicate directly, he explains.

The browser-based clients can serve files and Web pages. And if a client leaves, files posted remain accessible to others on the darknet. Wood likens the model to that of Wikileaks.

Hoffman says that Veiled shouldn't be seen as a replacement for an anonymity tool like Tor. He says it would be irresponsible to suggest, for example, that Veiled could be used by political dissidents in Iran. "However, I do think that this is something that can aid where people are wanting to create communities quickly and take them down quickly," he said.

He describes Veiled as a tool for creating instant, online communities to serve a flash mob.

"You'd go to URL and that joins you to the darknet," said Wood. "When you close your browser, it's gone. There's no trace you're participating in this."

Wood said that business travelers face the risk of data seizure at border checkpoints all over the world and this technology, in conjunction with browser privacy modes like Chrome's Incognito, could be developed to prevent darknet sessions from being found.

Of course, one can easily come up with nefarious uses for Veiled, which may explain why HP has no interest in monetizing or patenting the technology.

InformationWeek Analytics and DarkReading.com have published an independent analysis of security outsourcing. Download the report here (registration required).

About the Author(s)

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights