HP researchers reveal details of browser based darknet
A day before its official presentation at the Blackhat security conference, HP researchers Billy Hoffman and Matt Wood allowed heise Security, The H's associated publication in Germany, a first peek at their browser-based darknet software called Veiled. A darknet is a virtual private network that can be used for communicating and sharing data without the risk of being spied on.
When asked why they developed another darknet variety, Hoffman and Wood jointly replied: "Because we wanted to demonstrate that a browser can do more than display stupid web pages. We're also convinced that darknets would be much more widely used without the initial hurdles of having to download, install and configure client software."
Hoffman does point out that darknets are mainly used for illegal data sharing. However, the researcher thinks that the browser darknet will make the widespread use of legal applications more viable. For instance, Hoffman could imagine a darknet-based version of the Wikileaks whistle-blower site, whose configuration would be less likely to incur legal consequences than the traditional web server-based darknets.
Users start Veiled by requesting a specific PHP file, created by the darknet operator, from a web server. The file serves as a quasi router between all the darknet clients. Communication between the clients is RSA encrypted. For added security, the PHP file can be distributed across several web servers. When first requested, the original server notifies the clients of the other addresses, enabling the browser to access one of the backup supernodes in case of a connection failure.
As with other darknets there is no central storage location for the files shared by the darknet users. Every users allocates a freely configurable amount of hard disk space, and the darknet software distributes the shared files across the available disk space in pieces. Opera plans to implement a similar concept called Opera Unite in the forthcoming version of its browser.
In the case of Veiled, however, the disk space is only available for the duration of the browser session. To prevent potential data loss caused by bottlenecks, Veiled will automatically only allocate a fraction of the total storage space.
However, Hoffman and Wood have no intention of ever releasing their browser darknet prototype. According to the researchers, there will be neither a commercial nor an open source version. In the interview with heise Security, Hoffman said the latter is prevented by drawn-out internal HP processes. He said that after all, a number of intellectual property issues need to be clarified in detail first. However, it is planned that the HP researchers' presentation, which will be available to download from the conference website soon, will offer enough details of the researchers' specific solutions to allow other programmers to create Veiled clones.
- Opera says Opera Unite web server is not a security problem, a report from The H.