News

Browser encryption gives protection from prying eyes

Ian Grant

Black Hat, Las Vegas: Hewlett-Packard researchers today unveiled "Veiled", a browser-based encryption system that could allow individuals and firms to conduct their internet communications with more privacy.

Defence contractors such as EADS have developed hardware-based communications encryption systems such as Ectocrypt that allow government and military agencies to create "black core" networks. These are secret networks that run with many internal levels of security on public networks such as the internet and telephone system.

The work by HP researchers Billy Hoffman and Matt Wood aims to give private individuals and firms similar capabilities simply using their internet browsers and peer to peer connections as they would with Skype for voice messages.

The researchers said advances in browser technology such HTML 5 support allowed files to be stored "persistently" on the client. This plus the peering of servers meant files could be available even after the sending browser was closed.

This made the darknet resilient, said Wood. "To destroy it, you would have to take down all of the clients, because if one server gets compromised, you just shift to a different server."

Wood said support for encryption in JavaScript engines such as Google's Chrome V8 and Mozilla's TraceMonkey have helped make browser-based darknets possible. The Veiled darknet used RSA public key cryptography, but any cryptography would work, he said.

Setting up a darknet was as easy as a user responding to an encrypted e-mail that pointed him to a secret website that the sender set up. On going to the website, the visitor's browser started the Veiled application, and he could exchange messages in secret from then on.

Wood said HP had no plans to release the code or to offer Veiled as a commercial product. They were hoping delegates to Black Hat would pick up their ideas and refine them for commercial use.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy