vs-diode: BSI Certification for the Data Diode at the SECRET Level
Reliable, High-Speed Data Transfers in High Security Networks
Kirchheim near Munich, 12th July 2018. The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) has certified the vs-diode data diode for use up to the SECRET security level. This means that the data diode, which is produced by the German IT security specialist genua GmbH, can now be used to transfer data to networks that are classified as SECRET. Any information flow in the opposite direction is strictly blocked to ensure that leakage of secret information to insecure networks cannot take place. The vs-diode can achieve a unidirectional transfer rate of up to 1 Gbit/s and thereby allows the movement of large amounts of data in classified networks.
There is a requirement for data such as e-mails, database, and video information as well as updates for anti-virus and other software to be moved into the high security networks in which authorities, the military or security companies process classified documents. The vs-diode allows such data to be quickly and reliably transferred to networks classified as SECRET without opening security vulnerabilities at network interfaces. The diode transfers data exclusively in one direction: the path in the opposite direction is blocked, preventing the flow of sensitive data out of the classified network. The vs-diode uses FTP to transfer file data, SMTP to transfer e-mail and TCP, in order to provide a high degree of reliability. This sets the vs-diode apart from other solutions on the market, which work exclusively with the noticeably slower and error-prone UDP protocol.
High Performance with the FTP, SMTP, and TCP Protocols
The vs-diode consists of three components: two firewalls and, in the middle, a filter system, with each component being installed in its own housing. The first firewall receives the incoming data and forwards it to the second firewall via the filter system. The diode function is located in the filter and prevents any data from flowing in the opposite direction – with a single exception: a final status message from the second firewall is allowed through, to indicate that the data has all been properly received. This minimal feedback is required by the FTP, SMTP, and TCP protocols in order to ensure rapid and secure data transfer. Other protocols that work without feedback, such as UDP, are much slower and often provide incomplete and thereby unusable data.
Increased Security through Reduced Complexity
The filter diode function is provided by only a few hundred lines of program code and runs on a microkernel operating system that has been reduced to an absolute minimum. The minimal complexity of the central security system allows all of the code to be checked line-by-line and formally verified, guaranteeing error free functioning. This verification procedure, along with extensive testing, means that the BSI (Bundesamt für Sicherheit in der Informationstechnik) has been able to certify the vs-diode for use up to the SECRET security level.
genua GmbH is a German IT security specialist. Its business activities range from securing sensitive interfaces in public authorities and industry to connecting highly critical infrastructure, reliably encrypting data communication over the Internet and providing remote maintenance systems for industry and remote access solutions for mobile users and home offices. All genua products are developed and produced in Germany. Product quality is ensured by regular certification and approval by the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik). genua was founded in 1992 and now has over 200 employees at its main site in Kirchheim near Munich and subsidiaries in Berlin, Cologne and Stuttgart. Over the years, numerous customers from industry and government have come to rely on the experience and solutions provided by the company. genua is part of the Bundesdruckerei group.