[Hackmeeting] [Fwd: [CSIG] Your Own Private Internet]

Delete this message

Reply to this message
Autore: Matteo G.P. Flora
Data:  
To: hackmeeting
Oggetto: [Hackmeeting] [Fwd: [CSIG] Your Own Private Internet]


Non ricordo se è passato.
ESTREMAMENTE interessante.

---

<http://www.forbes.com/2009/06/15/darknet-hewlett-packard-technology-security-darknet.html?partner=technology_newsletter>

Your Own Private Internet
Taylor Buley, 06.15.09, 07:30 PM EDT
HP's research into ''darknets'' could shed new light on Internet privacy.

BURLINGAME, Calif. -- For those struggling with privacy on the Web,
security researchers at Hewlett-Packard might have found the light at th
e end of tunnel.

A duo from HP's ( HPQ - news - people ) Web security group, Billy
Hoffman and Matt Wood, are scheduled to present an idea at the BlackHat se
curity conference in July that could shed new light on an old idea about
how to communicate privately over the Internet. The researchers, wh
o previewed their concept to Forbes, say their model works like a
private Internet on top of the existing public one: People can share infor
mation like files and messages via the Internet medium, but without the
kind of public-facing personally identifiable information that Inter
net protocol addresses provide.

"What we've done is taken the idea of a darknet and moved it into the
browser platform," says Wood, the HP Web security researcher who devel
oped the idea over the last several months. "This is really like a
darknet for everyone. If you can use the Internet, you can use a darknet.
"

So-called "darknets" are closed networks for sharing information
securely. Although the nomenclature seems to imply some sort of shady behav
ior--indeed, anonymity is a common feature among today's darknets--their
origin is not nefarious. The name was used originally to denote a n
etwork of computers that wasn't connected to the bigger one run by the
Department of Defense's Advanced Research Projects Agency.

The darknet concept as we know it today has been around for a while, and
current implementations usually rely on some sort of third-party te
chnology to make it work. The model Hoffman and Wood are previewing is
notable in that it uses the latest in rich Internet technologies to m
ake using a darknet as simple as browsing a Web site. That innovation
should drastically reduce the barrier to sharing secure information ov
er darknets.

"We saw what was coming out with HTML 5 and these browsers, and the
question was how far can we push this?" says Hoffman, who manages HP's W
eb security research group. "We started digging in and said, 'Oh my
goodness, this might actually be possible.' "

HP won't give the specifics of its implementation, but here's how the
idea works: Someone navigates to a Web site that serves up some JavaSc
ript code that runs in the user's browser. That code uses the local
storage capacity built into the latest version of browsers like Google (
GOOG - news - people ) Chrome and Internet Explorer. As a result, each
user gives up some local storage that holds redundant, encrypted sli
ces of data that together are coordinated and shared by the darknet. As
a whole, the information exists so long as the darknet exists.

HP's darknet idea is not another Internet protocol, like HTTP or
BitTorrent. It's more like a peer-to-peer network where the computer nodes
can't talk to each other directly. That way, the only computer that
knows a user's IP address is the machine to which it first connects.

The nascent idea is not nearly as developed as other public privacy
efforts like Tor, a software and network that tunnels traffic in a way t
hat improves privacy and security by making traffic analysis more
difficult. However, the HP security researchers say unlike Tor and competi
ng privacy technologies, their idea is much simpler for users because it
does not involve specially configured software or hardware.

"Tor, in terms of anonymity, is probably better and more robust than
what we're proposing," says Hoffman. "What we're creating is a lot easi
er to use."

The innovation behind HP's darknet model is that it is simple, thanks to
recent improvements in complex Web browsers and the languages they
use to render Web sites. Users don't need to download software or
configure hardware to work over new network ports.

For example, the standards implemented in HTML 5, the next iteration of
the language used to construct Web pages, means that HP's JavaScript
-based darknet could likely be accessed on smart phones, Web-connected
TVs or almost anything else that can browse the Internet. Improvement
s in browsers' JavaScript engines make local encryption much faster.

"With a browser-based darknet, if you can get it to run on a browser
platform, that's almost going to work ubiquitously across all the thing
s that can talk to the Internet," says Wood.

It's easy to see how a ubiquitous darknet could be used for nefarious
purposes--after all, when it comes to technology, ne'er-do-wells are o
ften early adopters. But the researchers say that the opportunities that
darknets could provide are compelling.

"It's not really for us to dictate how people use this technology," says
Wood. "It's more important to see how privacy can be used by the pe
ople who want to use it in a good way."

Wood and Hoffman say they kicked the idea around for a few months before
beginning to implement it a couple of weeks ago. The researchers do
not yet know if their source code will be released to the general public
after their presentation, but they expect that their ideas will ge
nerate significant buzz from both privacy buffs and the non-initiated.

"Matt and I know, it's not just us presenting something and saying,
'Look how cool this is,' " Hoffman says. "The cool stuff is not going to
come from us, it's going to come from everybody taking the idea and
running with it."

See Also:


--
Matteo G.P. Flora // www.matteoflora.com // mf(at)matteoflora(dot)com