HP Researchers Develop Browser-Based Darknet
HP security experts have developed a browser-based system for secure communications and plan to present their project at the upcoming Black Hat conference.
(click image for larger view)
Veiled Browser Darknet
At the Black Hat USA 2009 security conference next week, two HP researchers plan to discuss their efforts to develop a browser-based darknet.
A darknet is a covert, private computer network that's used for secure communications and, often, file sharing.
Darknets can be created using a variety of desktop software applications. Such programs, however, typically require a certain level of technical knowledge for proper configuration and use.
Now, thanks to the power of the new generation of JavaScript engines -- Chrome's V8 and Firefox's TraceMonkey -- the encryption necessary to make a darknet work can be handled in the browser, on either a computer or a mobile phone.
Billy Hoffman, manager of HP's Web security group, and Matt Wood, senior security researcher at HP, have developed a prototype browser-based darknet called Veiled as a proof-of-concept project.
They don't intend to release the software or make the source code available. Rather their aim is simply to show how capable the Web browser has become as an application platform and to discuss the technical challenges they had to overcome to make their prototype work.
Echoing Google's mantra of late, Wood says that browser-based applications are almost as capable as desktop applications.
"By putting it on the Web, we've lowered the barriers to participate in darknets," he said.
Architecturally, Wood describes Veiled as a hybrid model that's somewhere between the peer-to-peer model and client-server model. He says the system still relies on servers to negotiate communication, but the server acts mainly as a router. Veiled can merge servers together so that clients on different servers can communicate directly, he explains.
The browser-based clients can serve files and Web pages. And if a client leaves, files posted remain accessible to others on the darknet. Wood likens the model to that of Wikileaks.
Hoffman says that Veiled shouldn't be seen as a replacement for an anonymity tool like Tor. He says it would be irresponsible to suggest, for example, that Veiled could be used by political dissidents in Iran. "However, I do think that this is something that can aid where people are wanting to create communities quickly and take them down quickly," he said.
He describes Veiled as a tool for creating instant, online communities to serve a flash mob.
"You'd go to URL and that joins you to the darknet," said Wood. "When you close your browser, it's gone. There's no trace you're participating in this."
Wood said that business travelers face the risk of data seizure at border checkpoints all over the world and this technology, in conjunction with browser privacy modes like Chrome's Incognito, could be developed to prevent darknet sessions from being found.
Of course, one can easily come up with nefarious uses for Veiled, which may explain why HP has no interest in monetizing or patenting the technology.
InformationWeek Analytics and DarkReading.com have published an independent analysis of security outsourcing. Download the report here (registration required).
About the Author
You May Also Like