The hardware DataDiode of the Fox DataDiode solution provides the security of the system. Based on the laws of physics it guarantees that information flows from one side to another but not the other way. In principle it is a guaranteed one-way wire.
Functional Block Diagram
The above figure shows the Hardware Data Diode functional block diagram consisting of two discrete fiber optical transceivers. The data transfer is implemented in hardware, of the physical Open System Interconnection (OSI) reference model, to guarantee complete unidirectionality.
The Hardware Data Diode has two operational interfaces to establish one-way communication, the Bidirectional Input and Unidirectional Output port. At the Low Security Level Transceiver light is carried into the Bidirectional Input port and converted, with the aid of a photocell, into an electrical signal. The electrical signal spreads through the TOE to the High Security Level Transceiver. The High Security Level Transceiver receives the electrical signal and converts this, using a light source, into light. Finally, the light is offered, through the Unidirectional Output port, to the High Security Level Network. The Unidirectional Output port is incapable of input and therefore lacks the ability of converting light into an electrical signal. Consequently, an electrical signal is unable to propagate to the Low Security Level Transceiver and therefore incapable to create a covert channel.
Fiber optics is used to transport signals from and to the TOE Bidirectional Input and Unidirectional Output ports. Electrical signals only transport signals inside the Hardware Data Diode, which is completely enclosed by an aluminum casing. This approach minimizes the electromagnetic emanation and the tempest security threat.
Unidirectional communication does not work with a network protocol that requires a handshake (acknowledgement). To establish a communication link between the Low Security Level side and the Low Security Level Transceiver, a Bidirectional Input port is initiated. Data, information, or communication originating at the Output (High Security Level) is physically unable to flow to the Bidirectional Input port (Low Security Level) via the Hardware Data Diode, therefore there is no back channel which could be used as a covert channel. Any network protocol could be used to implement the communication if no handshaking across the Hardware Data Diode is required e.g. the User Datagram Protocol (UDP) can provide a unidirectional flow of information.
By using a redundant power supply the Mean Time Between Failures (MTBF) for the Hardware Data Diode is 785,697 hours (89.69 years), based on MIL-HDBK-217F at 25° C.
Government and Business version
The Fox DataDiode comes in two different models, the government version and the business version. Both versions guarantee one-way transfer by using fiber-optics.
The government version holds all certifications available for the Fox DataDiode such as NL-NCSA, BSI, NATO and Common Criteria. It is manufactured based on a strict evaluated production process. It is completely manufactured in the Netherlands. The governments version can be TEMPEST up to and including NATO SDIP-27 Level A.
The business version is the lite version of the Fox DataDiode suite. It has the same characteristics as the government version but it does not hold any certifications. The business version is produced using a different production process and cannot be TEMPEST.
- 19″ Rack Unit
- Width (frontpanel): 48,6 cm (1U)
- Width (back): 42,8 cm
- Depth: 22,8 cm
- Height: 4,4 cm
- Weight: 2 kg
- 75 – 230 V
- 12 W
- 5°C – 50°C (non-condensing)
- -10°C – 60°C (non-condensing)