NEWS
Two researchers for HP have created a browser-based darknet, an idea that could make it easier for businesses to keep eavesdroppers from finding out confidential corporate information.
Darknets are encrypted peer-to-peer networks normally used to communicate files between closed groups of people. Most darknets require a certain level of technological literacy to set up and maintain, including taking care of the necessary servers. However, HP researchers Billy Hoffman and Matt Wood plan next week to demonstrate a browser-based darknet called 'Veiled', which they claim requires little proficiency to set up and run.
"This will really lower the barriers to participation," Wood told silicon.com sister site ZDNet UK on Thursday. "If you want to create a darknet, you can send an encrypted email saying 'here's the URL'. When [the recipient visits] the website, the browser can just get [the darknet application] going."
Hoffman and Wood are scheduled to demonstrate the technology next week at the Black Hat security conference in Las Vegas.
Wood said HP does not want to turn the project into a commercial product. While the company does not plan to make the source code available, the researchers do plan to open source their idea, so other security researchers can "pick up the baton".
"HP has no desire to patent or copyright or release any code," said Wood. "Black Hat is one of the top security conferences, and we want to get this cool idea into the hands of people who are really smart."
Businesses could use browser-based darknets to set up workgroups to exchange commercially sensitive information, or to have a means of making anonymous suggestions to management, Wood said. "I like the idea of a suggestions box on the web," he said. "It provides an anonymous way to make suggestions to your boss."
HP's darknet research came about when the researchers realised the potential of new browser technologies, according to Wood. Browsers with HTML 5 support - such as recent versions of Firefox, Safari and Internet Explorer - allow files to be stored 'persistently' on the client, for working on them when offline. This feature, coupled with the distributed grid-computing nature of a darknet, means files can be effectively uploaded in perpetuity, even when the initial browser has been shut down. It also makes the darknet resilient, said Wood.
"One of the benefits of a darknet is that they are distributed," said Wood. "To destroy it, you would have to take down all of the clients, because if one server gets compromised, you just shift to a different server. They can hop around."
Advances in JavaScript engines, such as Google's Chrome V8 and Mozilla's TraceMonkey, have also helped make browser-based darknets possible, according to Wood. These engines allow browser-based communications to be set up quickly and encrypted. The Veiled darknet uses RSA public key cryptography, but any cryptography will work .
"Cool advances in JavaScript technology allow encryption in the browser," said Wood. "Browsers are getting really powerful."
Comments
There is 1 comment. Join the discussion
1. karen challinor
oh the government are going to love this idea, after all the legislation they've just passed to monitor the internet at the users expense, along come darknets to render the effort obsolete
so I guess it's time for yet more legislation, laws and stealth taxes when the MP's get back from their holidays then
maybe Lord Carter can be persuaded to modify his report to account for darknets before he swans off
actually it's probably already covered under one of the internet censorship headings (IP, URL, port or protocol blocking) or one of the broadband crippling headings (bandwidth shaping or data capping), encrypted traffic will just be regarded as sufficiently suspicious to warrant one or more of these measures