Thus, to ensure the physical one-dimensionality of data transfer, Data Diodes complicate architecture, increasing the number of objects involved in the data transfer process, thereby violating the principle of information security, increasing the risk of the system.
In summary, the most obvious benefit of Data Diode is to reduce the risk of errors on the part of users (human errors) and early system developers. With physical one-way data transfer, users cannot misconfigure, as well as simple features, it is unlikely that a Data Diode has a potential design error, causing a loss that prevents data from being allowed to enter a protected enterprise/organization network.
Secure solution for data exchange Secure Xchange Solution
This is a data exchange security solution by Seclab (which is the R&D department of French Electricity, which upgrades the features of the Data Diode product line, supports data exchange over the network (SXN – Secure Xchange Network) or USB port (SXU – Secure Xchange USB) between 2 layers of sending and receiving networks that are physically separated.
We take a preliminary look at the Data Exchange Security Solution over the Network (SXN).
Using a rackmount 1U physical architecture, consisting of 3 FPGA (Field programmable Gate Array: Field programmable gate arrays, belonging to the asic programming product line, similar to a programmable computer), with Gate A and Gate B components corresponding to two separated network layers.
Gate A and Gate B are configured independently of each other, in principle assigned by two independent administrators, so each side must understand the network structure on its side and coordinate the configuration to establish the transmission channels.
Through the central board, data is transmitted between Gate A and Gate B according to a process as follows:
Isolated from Gate A.
Filter data. Confirm that the data (application packet or file) is suitable and secure to convert.
Convert data to match Data Diode’s specified hardware requirements and protocols for moving.
Pass through Gate B: The information, in grades 1–4 of the OSI model will be reproduced without depending on the input on Gate A. And only confirmed data that is secure will appear at gate B’s output.
The SXN solution also offers slot structural equipment, each slot has its own different device/service specifications, uni-direction or bi-direction, and these slots are logically independent, even on a shared chassis platform.
Valid packets transmitted between Gate A and B are processed by the central board, which uses FPGA to handle all tasks via a hard press. Packets will be reproduced in grades 1-4 transmissions in the 7-layer OSI model. Therefore, potential types of attacks in the transmission layer such as MAC address spoofing attacks, DHCP attacks, IP address changes … removed.
This solution has many advantages in building a complete solution from integrated algorithms and hardware equipment to securely transmit data, control access to computer systems, separate network systems that need protection/ isolation, support only filtered/controlled information transmission.