HP Researchers Say Browser-Based 'Veiled' Make Darknets a Snap

Darknets – private networks carved out of the Internet to allow peer-to-peer sharing – can be quickly and easily created among Web browsers making it possible for people to participate anonymously and for the darknet itself to vanish with barely a trace when all the participants close their browsers, researchers told Black Hat yesterday.

Darknets – private networks carved out of the Internet to allow peer-to-peer sharing – can be quickly and easily created among Web browsers making it possible for people to participate anonymously and for the darknet itself to vanish with barely a trace when all the participants close their browsers, researchers told Black Hat yesterday.

Their creation, called Veiled, could be used by political dissidents and others that want to communicate out of the public eye on a network that supports private Web pages not available to non-members of the darknet, say researchers from HP Security Labs who announced their proof of concept browser-based darknet.

Traditional darknets, which include the notorious file-sharing networks that set the music industry on a rampage to tear them down, are more complex to create, requiring configuring of firewalls and network address translation that average Internet users lack the skills to perform.

Veiled can be set up, used to share files and chat and then melt away if all members close their browsers, says Matt Wood, a senior researcher at HP's Web Security Group. The only trace left is a scrap of encrypted code buried in the browser’s history, he says.

Veiled allows people to participate anonymously and to share files that are fragmented and distributed in pieces among the browser memories of participants. No one browser has access to a complete file on its own; it must go through a participating server called router to retrieve all the pieces, he says.

These routers, also called supernodes, are necessary for individuals to participate so the communication is not strictly peer-to-peer. These supernodes also encrypt files, split them and distribute them for storage among the browsers of participants. These file fragments are stored redundantly to ensure the files remain available if a browser fails.

Veiled relies on HTML 5 with its support for browser storage, high quality Java script libraries and cross-origin requests that allow cross-domain HTTP requests, the researchers say. The darknet supports versions of Firefox, Internet Explorer, Chrome, Safari and Opera browsers.

The result is a private network within the Internet that lets users remain anonymous while they communicate via HTTP with access to a distributed file storage system, they say. Communications are protected via public and private keyed SSL.

Wood and his co-researcher Billy Hoffman, manager of HP security Labs within HP Software, did not release code for Veiled. They said getting permission to do so from HP’s intellectual property team would have taken too long and the process wouldn't have been completed before their talk.

But they say the outline they gave during their briefing should enable others to create similar darknets with browsers, perhaps improved. They noted their version has drawbacks, such as verifying the integrity of file pieces supplied to the darknet by individual browsers.

Possibilities for future versions include using the distributed power of Veiled participants to perform distributed computing, splitting up tasks for individual browsers to work on.

This story, "HP Researchers Say Browser-Based 'Veiled' Make Darknets a Snap" was originally published by NetworkWorld .

Join the discussion
Be the first to comment on this article. Our Commenting Policies