UNIDIRECTIONAL DATA TRANSFER: A SECURE SYSTEM TO PUSH THE DATA FROM A HIGH SECURITY NETWORK TO A LOWER ONE OVER AN ACTUAL AIR-GAP

Abstract

The term “air-gap” is typically used to refer physical and logical separation of two computer networks. This type of a separation is generally preferred when the security levels of the networks are not identical. Although the security requirements entail parting the data networks, there is a growing need for fast and automatic transfer of data especially from high-security networks to low-security ones. To protect security sensitive system from the risks originating from low-security network, unidirectional connections that permit the data transfer only from high to low-security network, namely information-diodes, are in use. Nonetheless, each diode solution has its drawbacks either in performance or security viewpoints. In this study, we present a unidirectional data transfer system in which the primary focus is data and signal security in technical design and with a plausible and adaptable data transfer performance. Such that the networks do not touch each other either in physically or logically and the transfer is guaranteed to be unidirectional. Apart from avoiding the malicious transmissions from low to high-security network, we claim that the proposed data diode design is safe from emanation leakage with respect to the contemporary sniffing and spoofing techniques.