GeNUGate Data Diode
Reliable Unidirectional Data Transfer at Red-Black Transitions
Connections between networks with different classifications – so-called red-black transitions – are difficult: Here, it is imperative to ensure that no confidential information from the red network with the higher classification reaches the black area, since unauthorized persons also have access to this area. This applies even when the unidirectional data transfer is set up so as to flow only from the black network to the red network.
Unidirectional Data Transfer required Feedback Connection
This is because, for a rapid and reliable transfer into the red network, a feedback connection in the opposite direction is required, by means of which the black sender is notified that all data packets have arrived properly. The common protocols TCP (for data) and SMTP (for e-mails) work in this manner. By contrast, procedures without a feedback channel are significantly slower and constantly lose packets, so that the transferred files are unusable.
GeNUGate-Data Diode: Three series-connected security systems
The Feedback Channel must be Secure
Important applications and the transfer of larger quantities of data therefore necessitate protocols with a feedback channel. The technical challenge here is that only the protocol messages (ACKs) required for the data exchange flow from red to black – but never confidential information.
GeNUGate Data Diode as a Security Gate
For this task, we designed the GeNUGate data diode. This solution is made up of three series-connected security systems – an application level gateway, a packet filter, and a second application level gateway (A-P-A structure). These three components together act like a sluice, with a wide channel and a narrower channel: data from the black network is accepted and transferred via a new connection to the red area, while in the opposite direction, by contrast, only protocol information that has been reduced to that which is absolutely necessary can pass through.