HP security researchers are presenting Veiled, a darknet or private file-sharing and communications network, at Black Hat. Veiled can be accessed by any device with a browser, from a PC to an iPhone.
Two researchers from Hewlett-Packard have developed a browser-based darknet
that allows users to share files and communicate anonymously.
Traditionally, darknets are defined as closed, private networks used for
secure communications and file sharing. Popular examples of darknets include
Freenet and WASTE. Typically, users need to download an application to a PC to
However, HP security pros Billy Hoffman and Matt Wood are planning to
demonstrate at Black Hat USA, held July
25 to 30, how advances in Web
browser technology make it possible to develop a darknet that can be
accessed by any platform with a browser-be it a PC or an iPhone.
The researchers dubbed their creation Veiled. The darknet works with any
HTML-5 browser. Once users visit the URL, they automatically join the darknet.
With settings such as Internet Explorer 8's InPrivate browsing, there would be
no sign that the person had visited the site.
Shared files are encrypted, fragmented and redundantly stored locally across
members of Veiled. In addition, articles or Web pages can be published
anonymously into Veiled with hyperlinks to other documents stored within the
There is some concern that darknets can be misused. For example, the
presence of applications such as Freenet or WASTE on a user's computer can set
off red flags for airport security inspectors analyzing laptops. Wood,
senior security researcher with HP's Web Security Research Group,
acknowledged as much, but argued that darknets can be used for legitimate
purposes as well, such as anonymous whistle-blowing.
"One of the things we're building into Veiled is the ability to do
distributed file storage, [which] will allow someone that does want to disclose
a file or something in a reasonably secure and distributed way ... to join the
darknet, upload the file and then close his browser and never be associated
with that file again," Wood explained. "Then what if someone else ...
wants to retrieve this file? I type in the identifier that [someone] told me
about, and then I can retrieve this file. As long as the darknet exists, that
file exists in the network."
According to Hoffman and Wood, the goal of the project is to lower the
technical barriers to participating in darknets. Right now, to use Freenet or
WASTE, for example, users have to jump through a number of hurdles that may be
difficult for those who aren't tech-savvy.
"When you want to use Freenet or WASTE you've got to go to a Website
somewhere, you got to download it, you got to install it, you got to configure
it ... you just can't make the user use them really easily," Wood said. "What
this really boils down to is the browser creates a zero-footprint install, so
you visit the page and once you view the page, you actually have no indication
that you are involved in the darknet."
Hoffman and Wood are slated to make their presentation