Darknets—Solving the Internet Security Problem
As an IT professional, do you sometimes feel like every place on the Internet is vulnerable to attack? You are not alone. Many others have come to the realization that the Internet is so riddled with security holes that they have decided to take a different approach to securing their data. Welcome to darknets—stealth networks for those folks who really do not want to be found.
The term darknet conjures up thoughts of shady operators, illicit drug sales, and spies. But there are many good and sufficient reasons that companies and individuals would want to send their data over secured and trusted networks. Any company that handles financial records and personally identifiable information vulnerable to criminal activity will want to protect that information. Target, Citibank, and other well-known institutions have learned that lesson the hard way. Whistle blowers are just one example of individuals who might not want to reveal their identity or location.
Companies have been using private networks to protect their data for years. All the big telecoms offer various types of private networking options to their corporate and enterprise customers. These can range from expensive private point-to-point leased circuits to managed multiprotocol label-switching networks. Not only are these networking options absolutely private, but because they are managed by the telecom carrier, they deliver better performance, quality of service options, performance, and flexibility. However, none of these services are designed for, or marketed to, the average user.
Darknets on the other hand are far more affordable for technologically savvy individuals because they use the Internet itself as a transport mechanism. Unlike a virtual private network (VPN), which is more analogous to a point-to-point circuit between two sites (without the expense, of course), these networks are encrypted and shared across multiple trusted peers.
Much like peer-to-peer file sharing software, such as Bit Torrent, many darknets use alternate networking software to connect the nodes. Think of them as combining the scalability and flexibility of the Internet with the security of a VPN.
Tor, or the Onion Router, is one approach to hide data by creating hidden services that don’t advertise their locations by IP address. It is a distributed overlay network that anonymizes any TCP-based application by setting up a randomized relay circuit from the origin to the destination. Each node along the way negotiates session keys for each subsequent hop in the chain, protecting the identity of the originator because it never knows about any node other than the next hop.
Hyperboria takes a different approach to the same problem. Instead of creating anonymized network services, Hyperboria is a global decentralized network of "nodes" running the cjdns software. Hyperboria is an alternative network designed with the principles of security, scalability, and decentralization in mind. The only way to join Hyperboria is to be invited by a trusted peer. Even though this is appealing to people tired of the relentless commercialism of the Internet, scaling might be problematic.
Darknets are obviously not for everyone. Since they are new, setting one up is not for the technologically faint of heart. But if you absolutely want complete assurance that your data is not compromised, they are definitely worth checking out.