Black Hat, Las
Vegas: Hewlett-Packard researchers today unveiled "Veiled", a
browser-based encryption system that could allow individuals and
firms to conduct their internet communications with more
privacy.
Defence contractors such as EADS have developed hardware-based
communications encryption systems such as Ectocrypt that allow
government and military agencies to create "black core" networks.
These are secret networks that run with many internal levels of
security on public networks such as the internet and telephone
system.
The work by HP researchers Billy Hoffman and Matt Wood aims to
give private individuals and firms similar capabilities simply
using their internet browsers and peer to peer connections as they
would with Skype for voice messages.
The researchers said advances in browser technology such HTML 5
support allowed files to be stored "persistently" on the client.
This plus the peering of servers meant files could be available
even after the sending browser was closed.
This made the darknet resilient, said Wood. "To destroy it, you
would have to take down all of the clients, because if one server
gets compromised, you just shift to a different server."
Wood said support for encryption in JavaScript engines such as
Google's Chrome V8 and Mozilla's TraceMonkey have helped make
browser-based darknets possible. The Veiled darknet used RSA public
key cryptography, but any cryptography would work, he said.
Setting up a darknet was as easy as a user responding to an
encrypted e-mail that pointed him to a secret website that the
sender set up. On going to the website, the visitor's browser
started the Veiled application, and he could exchange messages in
secret from then on.
Wood said HP had no plans to release the code or to offer Veiled
as a commercial product. They were hoping delegates to Black Hat
would pick up their ideas and refine them for commercial use.