Veiled: A Browser-based Darknet - Not for Porn, Says HP - InformationWeek
IoT
IoT
Software // Information Management
Commentary
7/29/2009
04:00 PM
Adam Ely
Adam Ely
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Veiled: A Browser-based Darknet - Not for Porn, Says HP

For those living in a box, Black Hat is currently underway in Las Vegas. The first talk of the day I attended was by Bill Hoffman and Matt Wood from HP's Security Labs. They discussed their browser-based darknet called Veiled. Billy is best known for his web security research while working for SPI Dynamics, acquired by HP, and authoring a book on AJAX security. Matt leads development on HP's Scwaler and SWFScan security tools.

For those living in a box, Black Hat is currently underway in Las Vegas. The first talk of the day I attended was by Bill Hoffman and Matt Wood from HP's Security Labs. They discussed their browser-based darknet called Veiled. Billy is best known for his web security research while working for SPI Dynamics, acquired by HP, and authoring a book on AJAX security. Matt leads development on HP's Scwaler and SWFScan security tools.The idea is fairly straightforward. "A World Wide Web built on top of the World Wide Web", says Hoffman while on stage. Encrypt and upload files to a "routers" that split and store the files across the browser based network. The idea is to provide a way to store files remotely inside the darknet in a secure and distributed manner. P2P meets PGP meets distributed storage - sorry no P acronym for that.

The first usage case that came to many minds is illegal porn. The authors are very clear that this is not for illegal porn. After watching the presentation though, it is obvious that if an implementation of this went mainstream it would be used for all kinds of illegal activities.

Online storage of files for later retrieval by the owner, recipient or a group of recipients are examples of legitimate usage. Since files are encrypted and split across multiple members of the darknet, the files are not under the single control of any one party and they are secure from access by anonymous parties.

This research came out of HP's Security Labs but HP will not release the technology to make this a reality. The researchers are free to discuss and present the technology, but not release this technology into the wild.

Follow my random thoughts of Black Hat on twitter @adamely.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll