Want to keep eavesdroppers out? HP researchers think they have the answer

Two researchers for HP have created a browser-based darknet, an idea that could make it easier for businesses to keep eavesdroppers from finding out confidential corporate information.

Darknets are encrypted peer-to-peer networks normally used to communicate files between closed groups of people. Most darknets require a certain level of technological literacy to set up and maintain, including taking care of the necessary servers. However, HP researchers Billy Hoffman and Matt Wood plan next week to demonstrate a browser-based darknet called 'Veiled', which they claim requires little proficiency to set up and run.

"This will really lower the barriers to participation," Wood told silicon.com sister site ZDNet UK on Thursday. "If you want to create a darknet, you can send an encrypted email saying 'here's the URL'. When [the recipient visits] the website, the browser can just get [the darknet application] going."

Hoffman and Wood are scheduled to demonstrate the technology next week at the Black Hat security conference in Las Vegas.

Wood said HP does not want to turn the project into a commercial product. While the company does not plan to make the source code available, the researchers do plan to open source their idea, so other security researchers can "pick up the baton".

"HP has no desire to patent or copyright or release any code," said Wood. "Black Hat is one of the top security conferences, and we want to get this cool idea into the hands of people who are really smart."

Businesses could use browser-based darknets to set up workgroups to exchange commercially sensitive information, or to have a means of making anonymous suggestions to management, Wood said. "I like the idea of a suggestions box on the web," he said. "It provides an anonymous way to make suggestions to your boss."

HP's darknet research came about when the researchers realised the potential of new browser technologies, according to Wood. Browsers with HTML 5 support - such as recent versions of Firefox, Safari and Internet Explorer - allow files to be stored 'persistently' on the client, for working on them when offline. This feature, coupled with the distributed grid-computing nature of a darknet, means files can be effectively uploaded in perpetuity, even when the initial browser has been shut down. It also makes the darknet resilient, said Wood.

"One of the benefits of a darknet is that they are distributed," said Wood. "To destroy it, you would have to take down all of the clients, because if one server gets compromised, you just shift to a different server. They can hop around."

Advances in JavaScript engines, such as Google's Chrome V8 and Mozilla's TraceMonkey, have also helped make browser-based darknets possible, according to Wood. These engines allow browser-based communications to be set up quickly and encrypted. The Veiled darknet uses RSA public key cryptography, but any cryptography will work .

"Cool advances in JavaScript technology allow encryption in the browser," said Wood. "Browsers are getting really powerful."

Original article: HP researchers develop browser-based darknet from ZDNet UK