Veiled: a new Darknet technology
Date : August 07, 2009
Overview
At the Black Hat USA security conference that held from July 25th to 30th 2009, a pair of researchers from the HP’ Web Security Research Group, Billy Hoffman and Matt Wood, presented the results of their research regarding Veiled, an anonymous and encrypted network, concept also called Darknet. The strength of Veiled: the connection to this network does not require anything else than a simple web browser.
What is a Darknet?
A Darknet is a virtual private network connecting closed groups of people, a network generally used to communicate and share files. Darknets can potentially be created by anyone and for any purpose.
One of the benefits of Darknets is that they are distributed. So if one wants to destroy the Darknet, he would have taken down all of the clients, because if one server gets compromised, you just have to shift to a different server. They can hop around. In other words, a Darknet is resilient.
Darknets traditionally require various software or components to be installed and configured on each client. This technical barrier may often limit the number of persons who might be interested in participating in a Darknet.
Veiled, the new Darknet technology
At the Black Hat conference, Billy Hoffman and Matt Wood thus discussed their researches. They have discovered a way to use modern browsers in order to build Darknets, a technology they called Veiled, where users can share content and ideas securely and anonymously. It does not require anything else than a web browser, and its use may be platform independent (Windows, Linux, iPhone, etc…)
In order to create a Darknet and invite someone to participate in it, one just has to send an encrypted mail containing a connection URL. Once the recipient gets the email, he just has to connect to the provided URL so that the browser downloads a peer-to-peer application. Users can then communicate together through encrypted channels. Shared files are encrypted, fragmented, and redundantly stored locally across members of the Veiled network.
Veiled distinctive features
Darknets,
themselves, are nothing new. Networks like FreeNet, Waste, Tor and Gnutella are
well-established. The two researchers say Veiled consists of the same idea. It
is only much easier to use, and just provides anonymous communications and
confidentiality.
1/ Ease of use
One of the specific features of Veiled is its ease of configuration, ease of use, contrary to a solution like Tor. In fact, Tor requires downloading, installing and configuring an application. Veiled does not require a specific application, but just an HTML5-based browser. Therefore, this allows inexperienced users to access this service.
2/ Privacy
Ensuring
privacy becomes possible thanks to the private mode of modern web browser.
Veiled e.g. allows creating workgroups to exchange sensitive information
(commercial information, researches…), or to have a means of making
anonymous suggestions to management, as suggested by the two researchers. It is
thus possible to share files, notes, URL… within Veiled anonymously.
3/ Confidentiality
Confidentiality and privacy on Internet are high users’ expectations. Although browsers have partially answered by integrating different browsing modes, Veiled offers an additional layer of confidentiality, even if, of course, no technology can be foolproof.
In particular, Veiled ensures secure communications from end to end (browser to browser) and does not allow another person to intercept data. In the past, the anonymity and privacy on the Tor network had shown its limitations, because they could be compromised via the exit nodes of the network, which needs to decrypt the traffic.
So, Veiled is basically a « zero footprint » network, in which groups can rapidly form and disperse without trace.
Technical point of view
1/ How does this Darknet work?
The connection to Veiled is performed through a PHP script that allows, at run time, to get/recover the necessary JavaScript code that the browser needs to act as a client / relay to the Veiled network. This is the URL to this script that is originally sent by e-mail to invite a person to participate in the network.
This PHP script and the JavaScript code are spread in a distributed way. Thus, the different pieces of the code will be recovered from other members of the network before being reassembled and executed. For the researchers, this mechanism is not peer-to-peer but rather a chain of « repeaters » of the PHP file.
On
the various clients, the storage of local data is based on the recent HTML 5
specifications, while they get the benefits of a distributed network to ensure
the availability of shared information.
2/ Encryption
Shared files are not only encrypted but are also fragmented in the cache of the browsers of all the network members. Encryption is possible thanks to the recent improvements made in the JavaScript engines. The Veiled Darknet uses RSA public key cryptography by default, but any cryptography algorithm may be used.
3/ The browser
Browsers with HTML 5 support, such as recent versions of Firefox, Safari and Internet Explorer, allow files to be stored « persistently » on the client, for working on them when offline.
This feature, coupled with the distributed grid-computing nature of a Darknet, means file can be effectively uploaded in perpetuity, even when the initial browser has been shut down.
Purpose of the tool
1/ A tool dedicated to hackers?
Darknets can obviously be abused by malicious persons as a way to cover theirs tracks, but the two authors of Veiled see this as more of an opportunity for adding legitimate and mainstream uses of Darknets. For example, they suggest using Darknets as anonymous suggestion boxes or other ways for users to express themselves anonymously without their IP addresses potentially giving them away. These users can thus freely express themselves without fear, the network ensuring their privacy.
According
to the two researchers, the goal of their work is not to give hackers a tool
for malicious uses, but really to get security researchers discussing and
talking about the new concept of browser-based Darknets.
2/ The future of Veiled
HP does not want to turn the project into a commercial product and doesn’t plan to make the source code available. In addition, the company has no desire to patent, copyright or release any code. During the talk, the two researchers demonstrated the proof-of-concept of a browser-based Darknet in order to share the idea, allowing developers to take back, implement and improve the concept.
Conclusion
According to Billy Hoffman and Matt Wood, this promising concept is only a demonstration of the abilities of browsers regarding privacy and confidentiality. So, Veiled is not for now a replacement for existing Darknets because it is not the best solution. Their message is that the technical barriers to these secure anonymity networks are not that high.
Veiled promises to be a good initiative, but it may easily lead to nefarious use. Indeed, it can provide malicious users with ways to communicate in complete impunity, securely and anonymously, and to perpetrate their malicious activities without the risk of being caught by authorities or security officers.
For more information:
- Article « Finding the real address of Tor clients »: http://www.packetstormsecurity.org/0610-advisories/Practical_Onion_Hacking.pdf
- Black Hat: http://www.blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html
- Team-Cymru: http://www.team-cymru.org/Services/darknets.html
- H-Online : http://www.h-online.com/security/HP-researchers-reveal-details-of-browser-based-darknet--/news/113873
- ZDNet : http://news.zdnet.com/2100-9595_22-325062.html