Skip to main content

What is a data diode?

A data diode is a cybersecurity solution that ensures unidirectional information exchange.
Learn more why you need it and how it communicates with bidirectional protocols.

A data diode is a cybersecurity solution that ensures unidirectional information exchange. This high assurance hardware device maintains both network integrity by preventing intrusion, as well as network confidentiality by protecting the most security sensitive information.

 

How does a data diode work?

Data diodes are the fail-safe way to protect sensitive systems and confidential data. A data diode is a security product that is placed between two networks and acts as a non-return valve whose function only allows data to be sent in one direction while blocking all data in the opposite direction. Since the security properties of the data diode are based on hardware and optical fiber, it can be shown that it is physically impossible for data to be transported in the opposite direction. Because security is not based on software, there are no vulnerabilities in the form of software bugs, nor can it be attacked by malicious code. Hardware-based security means that you can show that data diodes have high assurance.

 

 

Why do you need a data diode?

A common solution to keep sensitive or classified information safe from leakage or manipulation is to completely disconnect it from other networks. However, there are situations when data needs to be transferred to or from the protected network.

The most common device used for regulating information flow is probably a firewall. This is a device with the purpose to protect your network by only allowing certain traffic to enter it. It monitors and filters what traffic and data-packets that enter the network, and which are blocked based on a set of rules. However, if you need to transfer information to or from a security sensitive network a firewall is not the only product in your toolbox to enhance your cybersecurity. Though a firewall strives to protect the network, a high assurance addition in terms of a Cross Domain Solution is also needed. Cross Domain Solution (CDS) is a term used to describe the concept of maintaining secure information exchange between domains with different security or protection needs. This can be between databases, servers, applications, or combinations of these. CDS addresses the concept of communicating, sharing or moving information between domains and applies validation, transformation or filtering to the exchange. The data diode is a Cross Domain Solution.
 

By using a data diode, you can ensure that the transfer is done securely without jeopardising the integrity or the confidentiality of the network.

 

Who needs a data diode?

A high assurance data diode protects assets for operators within critical infrastructure (ICS/SCADA) and defence industries. However, along with digitalisation and the increase of sophisticated cyberattacks, every organisation that operates with sensitive information has great use of a data diode to protect its valuable information and securely exchange data.

 

Five things you can use data diodes for

If a data diode is directed out from the high security network towards a network with a lower security level, data can be transferred from the high security network while the high security network stays protected. By transferring information via a data diode, you are guaranteed that no one can use the same connection in the opposite direction to reach the high security network and disrupt the availability and integrity of the systems.

A data diode can also be directed towards the high security network. In these cases, it is most likely that you want to collect information of some kind from another network. The security issue, however, is how to collect the information and at the same time make sure that there is no leakage of sensitive data from your network through this channel. A data diode will ensure the confidentiality of the high security network by preventing any form of data leakage from happening.

There are more ways to use a data diode than you might think. You can use them for countless solutions, but here are five areas you may not have known about in which you can use data diodes:

  1. IoT sensor networks
  2. HTTP mirror
  3. Traffic tapping
  4. Video streaming
  5. Logging

You can read more about how you can use data diodes in these five areas here.

 

Strengths with a data diode

There are several strengths with a data diode:

  • Their ability to ensure security in insecure systems, and to protect and preserve legacy systems. By using data diodes, legacy systems can be protected without overhauling the entire operational system.
  • Its hardware aspect. By using a hardware system, data diodes remove, to a large extent, the possibility of user error. 
  • The long-term operating costs are low. After initial investment of purchase and system integration, the savings in maintenance and administration costs make the data diode an efficient network security solution in the long run. 
  • The way they reduce the cybersecurity risk. The diode's strict properties mean that you can completely rule out certain types of risks if you use a diode. For example. you know that the network can not leak information and can thus only focus on managing risks with privacy and malware.
     

Who needs a Data Diode?

 

What makes Advenica’s data diode unique?

Advenica provides cybersecurity solutions to customers within the armed forces and defense industry, which means they place high demands on the security of our products. Therefore, our data diodes fulfill the requirements both in terms of security and assurance.

When designing our data diodes, we make sure to eliminate any risk of covert channels that may appear in the reversed direction.

 

New call-to-action

 

All of Advenica’s products are designed, developed and manufactured in Sweden which means that we can guarantee high assurance products.

The separation between the two data interfaces on a data diode is vital. In Advenica's data diodes, the separation and diode functionality is based on optical transmitter and receiver. The design guarantees that no data will pass in the opposite direction. Advenica's data diodes even include the possibility to use dual power supplies to eliminate potential covert channels in the reverse direction. The dual power supplies strengthen the vital separation.

Our Data Diode DD1000A and Data Diode DD1000i have received approval for data transfer between networks of different security levels up to and including the level of KVALIFICERAT HEMLIG/TOP SECRET, depending on the level of exposure. 

 

Communication with bidirectional protocol

 

How does a data diode communicate with bidirectional protocols?

To be able to communicate with bidirectional protocols, proxy services are needed. The proxy services convert bidirectional protocol into unidirectional protocol, so it can be transferred over the data diode. By using a proxy service, Advenica’s data diode can handle common communication protocols. Such services translate these protocols into unidirectional protocols, offering you data communication with the impenetrable security of one-directional hardware.

 

Read more about how data diodes can be used in our Use Case #02 "Protecting information in critical infrastructure"!

Want to invest in your cybersecurity? Contact us today!

 

New call-to-action