Learn About Data Diodes
A data diode, or one-way data transfer device, provides a proven, highly secure means to transfer data between sensitive, isolated, or air-gapped systems without providing a return pathway. In US Government networks, data diodes are commonly used in conjunction with Cross Domain Solutions for network segmentation, DCO systems monitoring, and High Threat Network (HTN) applications.
What is a Data Diode?
Data diodes contain two nodes or circuits—one send-only and one receive-only—that only allow the flow of data in one direction. Because this data flow is enforced by hardware, the device is physically unable to send information in the other direction.
It is perhaps simplest to think of data diodes as one-way valves for data, allowing data to flow out, without a way back in.
One-Way in a Two-Way World
It is relatively easy to create a simple one-way data transfer system (it could be accomplished by simply clipping the return wire on a pair of serial communication cables). However, it’s far more difficult to engineer a high-performance, reliable, and secure one-way data transfer system.
While there are protocols, such as UDP, which can operate one-way without “handshakes” or acknowledgements, in order to address the requirements of two-way protocols in a one-way system, Owl data diodes employ a proxy computer on both its send and receive sides.
The source system or device communicates with the send side proxy of the data diode. The proxy then converts that two-way protocol into a one-way protocol for transfer across the data diode to the receive side. Then the receive side proxy repackages the data into the original protocol and initiates a new two-way communication with the destination system to complete the data transfer.
What are data diodes used for?
Data diodes are used to segment and defend networks and securely transfer information in one direction. They enable secure data transfers between isolated network segments or domains and provide hardware-enforced network protection for sensitive systems and devices. US Government regulations also now require the use of a data diode for any High Threat Network (HTN) connections.
Use Cases Include:
- Remote Systems Monitoring
- High Threat Network Security
- DCO Data Aggregation
- Secure Domain Segmentation
What’s the difference between a simple diode and protocol filtering diode (PFD)?
Protocol Filtering Diodes (PFD)
Protocol Filtering Diodes (PFD) are a subclass of data diodes in which the protocol break and packet transformation are performed in the data diode hardware itself (FPGAs), rather than in the proxy software on each side of the data diode. PFD itself is not an Owl proprietary technology, rather it is a classification of data diodes.
Simple Diode Solutions (SDS)
Data diodes which do not perform protocol filtering in hardware are now referred to as “Simple Diode Solutions” (SDS). Owl’s previous methodology utilizing an ATM-based protocol was a part of this architecture. Among these two classes, PFD are considered superior to SDS in security and capability by the US Government.
How are Owl Data Diodes different?
Owl has been developing and refining data diode technologies for over 25 years, consistently well ahead of any other competing solutions. As such, Owl data diodes go way beyond a simple hardware component; they are sophisticated devices designed with a multi-layered, patented approach to the hardware and software required for simultaneous unidirectional transfer of a variety of data types and applications.
Owl data diodes feature transfer rates at up to an industry-leading 100 gigabits per second, with a packet transfer latency of 2 milliseconds or less. In addition, the reliability, high bandwidth, and low latency of Owl solutions means packets never require retransmission, creating a highly tuned and optimized solutions with zero data loss when operating within the specified bandwidth rate.
