Thursday, June 18, 2009

Darknets: Your Own Private Internet


HP's research into ''darknets'' could shed new light on Internet privacy.

BURLINGAME, Calif. -- For those struggling with privacy on the Web, security researchers at Hewlett-Packard might have found the light at the end of tunnel.


A duo from HP's ( HPQ - news - people ) Web security group, Billy Hoffman and Matt Wood, are scheduled to present an idea at the BlackHat security conference in July that could shed new light on an old idea about how to communicate privately over the Internet. The researchers, who previewed their concept to Forbes, say their model works like a private Internet on top of the existing public one: People can share information like files and messages via the Internet medium, but without the kind of public-facing personally identifiable information that Internet protocol addresses provide.

"What we've done is taken the idea of a darknet and moved it into the browser platform," says Wood, the HP Web security researcher who developed the idea over the last several months. "This is really like a darknet for everyone. If you can use the Internet, you can use a darknet."

So-called "darknets" are closed networks for sharing information securely. Although the nomenclature seems to imply some sort of shady behavior--indeed, anonymity is a common feature among today's darknets--their origin is not nefarious. The name was used originally to denote a network of computers that wasn't connected to the bigger one run by the Department of Defense's Advanced Research Projects Agency.

The darknet concept as we know it today has been around for a while, and current implementations usually rely on some sort of third-party technology to make it work. The model Hoffman and Wood are previewing is notable in that it uses the latest in rich Internet technologies to make using a darknet as simple as browsing a Web site. That innovation should drastically reduce the barrier to sharing secure information over darknets.

"We saw what was coming out with HTML 5 and these browsers, and the question was how far can we push this?" says Hoffman, who manages HP's Web security research group. "We started digging in and said, 'Oh my goodness, this might actually be possible.

HP won't give the specifics of its implementation, but here's how the idea works: Someone navigates to a Web site that serves up some JavaScript code that runs in the user's browser. That code uses the local storage capacity built into the latest version of browsers like Google (GOOG - news - people ) Chrome and Internet Explorer. As a result, each user gives up some local storage that holds redundant, encrypted slices of data that together are coordinated and shared by the darknet. As a whole, the information exists so long as the darknet exists.

HP's darknet idea is not another Internet protocol, like HTTP or BitTorrent. It's more like a peer-to-peer network where the computer nodes can't talk to each other directly. That way, the only computer that knows a user's IP address is the machine to which it first connects.

The nascent idea is not nearly as developed as other public privacy efforts like Tor, a software and network that tunnels traffic in a way that improves privacy and security by making traffic analysis more difficult. However, the HP security researchers say unlike Tor and competing privacy technologies, their idea is much simpler for users because it does not involve specially configured software or hardware.

"Tor, in terms of anonymity, is probably better and more robust than what we're proposing," says Hoffman. "What we're creating is a lot easier to use." The innovation behind HP's darknet model is that it is simple, thanks to recent improvements in complex Web browsers and the languages they use to render Web sites. Users don't need to download software or configure hardware to work over new network ports.

For example, the standards implemented in HTML 5, the next iteration of the language used to construct Web pages, means that HP's JavaScript-based darknet could likely be accessed on smart phones, Web-connected TVs or almost anything else that can browse the Internet. Improvements in browsers' JavaScript engines make local encryption much faster.

"With a browser-based darknet, if you can get it to run on a browser platform, that's almost going to work ubiquitously across all the things that can talk to the Internet," says Wood. It's easy to see how a ubiquitous darknet could be used for nefarious purposes--after all, when it comes to technology, ne'er-do-wells are often early adopters. But the researchers say that the opportunities that darknets could provide are compelling.

"It's not really for us to dictate how people use this technology," says Wood. "It's more important to see how privacy can be used by the people who want to use it in a good way."

Wood and Hoffman say they kicked the idea around for a few months before beginning to implement it a couple of weeks ago. The researchers do not yet know if their source code will be released to the general public after their presentation, but they expect that their ideas will generate significant buzz from both privacy buffs and the non-initiated.

"Matt and I know, it's not just us presenting something and saying, 'Look how cool this is,' " Hoffman says. "The cool stuff is not going to come from us, it's going to come from everybody taking the idea and running with it."

Source: http://www.forbes.com/2009/06/15/darknet-hewlett-packard-technology-security-darknet.html

Tags: HP, Darknets, Java script, HTML 5, Forbes, Billy Hoffman, Matt Wood, Global IT News,

Posted via email from Global Business News

No comments:

Post a Comment