Researchers to Unveil Browser-Based Darknet at Black Hat

HP security researchers are presenting Veiled, a darknet or private file-sharing and communications network, at Black Hat. Veiled can be accessed by any device with a browser, from a PC to an iPhone.

Two researchers from Hewlett-Packard have developed a browser-based darknet that allows users to share files and communicate anonymously.

Traditionally, darknets are defined as closed, private networks used for secure communications and file sharing. Popular examples of darknets include Freenet and WASTE. Typically, users need to download an application to a PC to join.

However, HP security pros Billy Hoffman and Matt Wood are planning to demonstrate at Black Hat USA, held July 25 to 30, how advances in Web browser technology make it possible to develop a darknet that can be accessed by any platform with a browser-be it a PC or an iPhone.

The researchers dubbed their creation Veiled. The darknet works with any HTML-5 browser. Once users visit the URL, they automatically join the darknet. With settings such as Internet Explorer 8's InPrivate browsing, there would be no sign that the person had visited the site.

Shared files are encrypted, fragmented and redundantly stored locally across members of Veiled. In addition, articles or Web pages can be published anonymously into Veiled with hyperlinks to other documents stored within the network.

There is some concern that darknets can be misused. For example, the presence of applications such as Freenet or WASTE on a user's computer can set off red flags for airport security inspectors analyzing laptops. Wood, senior security researcher with HP's Web Security Research Group, acknowledged as much, but argued that darknets can be used for legitimate purposes as well, such as anonymous whistle-blowing.

"One of the things we're building into Veiled is the ability to do distributed file storage, [which] will allow someone that does want to disclose a file or something in a reasonably secure and distributed way ... to join the darknet, upload the file and then close his browser and never be associated with that file again," Wood explained. "Then what if someone else ... wants to retrieve this file? I type in the identifier that [someone] told me about, and then I can retrieve this file. As long as the darknet exists, that file exists in the network."

According to Hoffman and Wood, the goal of the project is to lower the technical barriers to participating in darknets. Right now, to use Freenet or WASTE, for example, users have to jump through a number of hurdles that may be difficult for those who aren't tech-savvy.

"When you want to use Freenet or WASTE you've got to go to a Website somewhere, you got to download it, you got to install it, you got to configure it ... you just can't make the user use them really easily," Wood said. "What this really boils down to is the browser creates a zero-footprint install, so you visit the page and once you view the page, you actually have no indication that you are involved in the darknet."

Hoffman and Wood are slated to make their presentation July 29.