Kỷ yếu Hội nghị KHCN Quốc gia lần thứ XIV về Nghiên cứu cơ bản và ứng dụng Công

nghệ thông tin (FAIR), TP. HCM, ngày 23-24/12/2021

DOI: 10.15625/vap.2021.00107

DESIGN OF UNIDIRECTIONAL SECURITY GATEWAY DEVICE FOR

SECURE DATA TRANSFER
Pham Thi Huyen, Dinh The Cuong, Dao Tuan Hung, Luu Duc Anh, Dong Xuan Chinh
Phòng Thí Nghiệm Trọng Điểm An Toàn Thông Tin
Địa chỉ: Số 3, Ngõ Phan Chu Trinh, Phan Chu Trinh, Hoàn Kiếm, Hà Nội
phamhuyenmta87@gmail, daotuanhung@gmail.com, luuducanh05051995@gmail.com, chinhd12vt6@gmail.com

ABSTRACT: A unidirectional security gateway device is widely used to transfer data in only one direction. Therefore, this
device is implemented to send and receive data between isolated networks that disconnected for one direction to ensure information
security. Moreover, it is deployed to protect the safety and reliability of various critical infrastructures. In this paper, a
unidirectional security gateway device is designed using optical fiber for unidirectional secure data transfer from high/low security
network to low/high security network. The proposed device has the advantage of avoiding leakage sensitive information and
vulnerability scanning attack.
Keywords: unidirectional data transfer, datadiode, industrial control system, government agencies, optical fiber.

I. INTRODUCTION
Technology networks within critical infrastructure, the government, and commercial businesses form the
backbone of developed nations [1]. As the modern world continues to be more data driven and interconnected, these
networks from enterprise scale all the way down to smaller office and home networks become more efficient,
intelligent, and unfortunately, vulnerable. From industrial control system monitoring and CCTV feeds to laptops and
intelligent home appliances, every new network connection introduces a new vector for cyberattack, and the surface
area for such vulnerabilities has exploded in recent years. As such, there is a pressing, global need for more effective
tools to combat cyber threats and protect these networks from attacks that might cause severe financial, physical, or
personal damage. Best practices for protecting these networks involve simplifying, reducing, and isolating network
connections, including segmenting networks from one another by creating either a virtual or physical separation
between them. However, physical or virtual separation can prevent information and data from getting to authorized
users, and these networks often contain a wealth of information that is far too valuable to simply cut off. The traditional
security challenge has been how to limit access, minimize risk, and keep these networks secure while getting valuable
operational data to authorized users when it’s needed.
Traditional approach is as simple as one-way cable assembly that configures from a set of two transmit/receive
cables connecting two computers, with one of the cables disconnected or clipped at one end. This leaves the two
computers with a single connection over which only one computer can transmit, and the other can only receive. This
configuration cannot be hacked with software. However, as with any cable assembly architecture, a change in cable
arrangement, whether accidental or intentional, defeats the security policy. Furthermore, the data transfer rate achieved
is very slow at several Kbps that cannot be used to transfer data with big size or streaming. Another approach is
firewall-enable policy to create one-way transfer that relies on software configuration. Firewall-enable policy refers to
an implementation of one or more firewalls configured to transfer data in only on direction. Firewalls are particularly
prone to probing and malware attacks, as well as zero-day exploits of software flaws, and are completely reliant on
policy, which can be changed.
Recently, one-way data transfer systems, generically called “datadiodes,” were designed specifically to address
this security problem by providing a hardened network defense while also securely sharing data. Datadiodes include
two electrically isolated diodes (one for sending, one for receiving) which maintain physical separation of source and
destination networks. The send side diode is inherently incapable of receiving data from the receive diode, while the
receive side diode is incapable of sending data back to the send side; ensuring secure one-way-only data transfer. The
datadiode uses a purposely designed non-routable one-way protocol to transfer data from the send side to the receive
side. It is built on a fundamental one-way-only design that is hardware enforced and coupled with hardened, built-in
proxy servers for high reliability and low latency. The basic functionality inside a datadiode is fairly straightforward.
Data travels on a one-way path between two embedded computing platforms connected by a single transmitter and
receiver – typically an LED and a photodetector connected by a fiber optic cable. Data is transmitted in the form of
light by the LED through the fiber optic cable and received by the photodetector on the other side. Though they are
connected solely through the single one-way connection, the send and receive sides are otherwise physically separated,
with no shared circuitry and no ability to transfer data bidirectionally, creating what is commonly referred to as an
effective “air gap”. Datadiodes isolate and protect networks from external cyber threats, while allowing these networks
to import or export data in a highly controlled, deterministic manner. This can involve anything from Supervisory
Control and Data Acquisition (SCADA) systems generating data in a nuclear power plant to transaction data created at
a bank’s ATMs [1, 2].
Pham Thi Huyen, Dinh The Cuong, Dao Tuan Hung, Luu Duc Anh, Dong Xuan Chinh 589

As a part of every organization’s “defense-in-depth” strategy [1], with layers of security working together to
protect data and systems, datadiodes are part of an evolving first line of defense on the edge of networks. In
combination with the other layers of cybersecurity tools, devices, software, and best practices in the defense-in-depth
strategy, datadiodes help users, operators, security professionals, and everyday people to reduce risk and provide the
strongest, best chance to protect their networks and data from cyber threats. Because of this, the U.S. Department of
Homeland Security now specifically recommends datadiodes in its seven strategies to protect critical infrastructure.
A unidirectional data transfer technology is a technique that prevents the leakage of important data due to
external hacking and security-related accidents. Recently, it has been introduced into a separate network such as
military network/control network to enhance security [3, 4]. It denotes one of external network data transmission
technologies, and blocks a physical line that enables data to be transmitted from an internal network to an external
network. Thus, this technology completely deletes the external threats. A unidirectional security gateway system using
this technique is a network system, which data can travel in only one direction. A datadiode is a hardware-enforced
unidirectional data control network appliance which enables the transfer of data across physically separated networks
to be done securely without the risks of any data leakage [2]. Data is transmitted using one-way fiber optic
communication thus it is physically impossible for data to flow in the opposite direction, even if the datadiode
malfunctions. The control of data flow is also enforced at the application layer by deliberate selection of appropriate
communication protocols.
To design a unidirectional security gateway system, transfer protocol and solutions ensuring the reliability are
taken into consideration. User Datagram Protocol (UDP) is one of the most commonly used protocols of the Internet
Protocol Suite. UDP’s simple transmission model without implicit connectivity provides a fast way to transmit data [8].
Since UDP protocol allows performance-oriented design and offers the unidirectional functionality, UDP protocol is
suitable for control protocol in the unidirectional data transfer system. In addition, forward error correction as well as
data sequence implementations are required to ensure reliability for unidirectional data transfer [7,8].
Currently, most of research focus on designing a unidirectional security gateway system to protect the industrial
control systems, which transfers data in only one direction from high security network to low security network.
However, critical infrastructures such as military and government exist the isolate networks that have a need of
deploying data from low security network to high security network in only one direction. Designing a unidirectional
security gateway system to transfer data in only one direction that can apply for both from a low security network to a
high security network and from a high security network to a low security network is required.
In this paper, a unidirectional security gateway device is designed using optical fiber to separate physically two
networks, which can apply to transfer data in only one direction from a low security network to a high security network
or in reverse way to avoid leakage sensitive information and vulnerability scanning attack. The rest of the paper is
organized as follows. Section II illustrates the architecture and detailed mechanism of the proposed system. Section III
shows the implementation results of the proposed system. In section IV, the conclusions are given.
II. DESIGN OF THE PROPOSED UNIDIRECTIONAL SECURITY GATEWAY DEVICE
A. Overview applications of the proposed unidirectional security gateway device

Fig 1. Application of the unidirectional security gateway device for securing critical information infrastructure
Fig. 1 shows a common application of the unidirectional security gateway device (datadiode) is to protect
secured networks from external threats [5, 6]. In such cases, it is critical for the systems to be working properly rather
than to ensure that the data being transmitted is secured. Examples of such use cases would be in the critical
information infrastructure sectors such as utilities. By connecting the SCADA networks to the enterprise information
technology (IT) networks securely with a datadiode, operational statuses of individual utility plants can continue to be
monitored centrally while remaining isolated from any cyber threats.
590 DESIGN OF UNIDIRECTIONAL SECURITY GATEWAY DEVICE FOR SECURE DATA TRANSFER

Fig 2. Application of the unidirectional security gateway device for securing information and file transfer
Another application of the datadiode is to protect highly confidential or sensitive information, as shown in Fig. 2.
Common examples of such use cases would be in defence or banking sectors [3]. The datadiode will ensure a
unidirectional transfer of data from an unsecured network (e.g. internet) to a trusted or closed network (e.g. intranet). In
addition, the datadiode can be deployed together with a file cleansing solution to ensure that malware does not infiltrate
the closed network.
B. Architecture of the proposed unidirectional security gateway device

Fig. 3. Architecture of Unidirectional security gateway system

Fig. 3 shows the proposed architecture of the unidirectional security gateway system using optical fiber, which
allows secure, reliable, robust one-way information transfer for all types of data, and can not physically transmit data in
a reverse direction. The system supports all data application types such as database replication, streaming service, and
file systems. The proposed system includes two subsystems including the unidirectional sender and unidirectional
receiver. Unidirectional sender receives transfer data from send host, encodes these and send through transfer NIC card
to unidirectional receiver. In the unidirectional receiver, the receive NIC card is responsible for receive transfer data,
decodes these, and send to receive host.
Unidirectional sender includes three modules such as transfer application, transfer data manager, and transfer
NIC card, which receive data from send host, process data, encodes these to proprietary protocol, and send to
unidirectional receiver through transfer NIC card. Transfer application is responsible for connection establishment and
IP/Port filter between the send host and unidirectional sender to transfer data in a lower security area. This module has
several applications such as TCP, UDP, FTP, et al. IP/Port filter is applied to allow authorized access in the whitelist
for security reinforcement. Transfer data manager allows transfer data without data loss and error to assure reliability
and security, which is using sequence numbers of transfer data, contents filter. Forward error correction in transfer data
manager implements encoding transfer data before transmitting. Sequence number is assigned each packet to check the
loss of transfer packet. The content filter is applied to detect malware code propagation attacked in the transfer data. is
Transfer NIC card such as transfer fiber media converter used only one TX function. Transfer fiber media converter
changes transfer data to optical signal, and transmits this signal to receive fiber media converter in unidirectional
receive system.
Unidirectional receiver is similar as unidirectional sender, which includes three modules such as receive
application, receive data manager, and receive NIC card. Receive NIC card such as receive fiber media converter is
used only one RX function. Receive fiber media converter receives optical signal in unidirectional transmit system, and
Pham Thi Huyen, Dinh The Cuong, Dao Tuan Hung, Luu Duc Anh, Dong Xuan Chinh 591

changes optical signal to transfer data. Receive data manager performs the same function with transfer data manager in
unidirectional transmit system. Receive data manager uses transfer data sequence number and contents filter to check
reliability and security of transfer data. Forward error correction in receive data manager implements decoding to
correct receive data to enhance the reliability of transfer data. Receive application is responsible for connection
establishment and IP/Port filter between the receive host and unidirectional receiver in a higher security area. This
module supports TCP, UDP, FTP, et al., and IP/Port filter is applied to allow authorized access in the whitelist for
security reinforcement.
III. IMPLEMENTATION RESULTS

Fig 4. Design of V10-DATADIODE for unidirectional security gateway device

Fig 4 shows a design of V10-DATADIODE for unidirectional security gateway device that unidirectional
sender and unidirectional receiver are integrated in a single box. User 1 is a send host, which is connected to V10-
DATADIODE through fiber media converter using one TX port. Similarly, user 2 is a receive host, which is connected
to V10-DATADIODE through fiber media converter using one RX port. Experiment results are implemented using
Ubuntu operating system, CPU core i7, 6 cores, 12 threads, 12MB cache, RAM 8GB DDR4 2666MHz. V10-
DATADIODE achieved a throughput of 300Mbps without packet loss when using packet size as 1500 bytes.
Specifications of V10-DATADIODE are demonstrate in Table 1.
Table 1. Specifications of V10-DATADIODE

No. Specification Values

1 Maximum Speed 300 Mbps
2 Data type .docx, .doc, .xlxs, .pptx, .pdf, mp3, mp4, png, jpg,...
3 Number of channels 5
4 Connection standard Ethernet (RJ45)
5 Support protocols UDP, FTP, SFTP, HTTPS
6 Time life 24/7
7 Connection port 02 (TX, RX)
8 Operating System Ubuntu
9 Weight 5kg
Furthermore, a web application is developed for users in both sender side and receiver side as shown in Fig 5. In
sender side, user can upload multiple files simultaneously, each file is limited to 50MB. In receiver side, user can
download files whenever logging in.
592 DESIGN OF UNIDIRECTIONAL SECURITY GATEWAY DEVICE FOR SECURE DATA TRANSFER

Fig 5. Web application interface for users in both sender and receiver using unidirectional secure gateway device
To evaluate the reliability of the proposed unidirectional secure gateway device, an experiment is performed
with the parameters as shown in Table 2. The proposed unidirectional secure gateway device is used to transmit data
with different size files (1G, 1.5G, 3G, 5G, 10G) at different transmission rates (100 Mbps, 200 Mbps, 300 Mbps),
record test data, and calculate the FLR (file loss rate) using the formula as FLR = LossFile/SendFile. The experiment
results show that file loss does not occur at transmission rate lower than 300Mbps. When transmission rate is higher
than 300Mbps, there exists file loss in the receive side.
Table 2. Experiment parameters to evaluate the file loss using unidirectional secure gateway device
No. Parameters Values
1 Transmission rate (Mbps) 100, 200, 300
2 Sending protocol UDP
3 Bandwidth 1Gbps
4 Test file size (byte) 1G, 1.5G, 3G, 5G, 10G
5 Test number 100
IV. CONCLUSION
In this paper, a design of unidirectional security gateway device as V10-DATADIODE is implemented to
guarantee reliability and security of transfer data. The experiment results show that the device achieved a throughput of
300 Mbps without any data loss. Furthermore, a web application is developed for users that can upload multiple files
simultaneously. V10-DATADIODE has high performance and can be used in unidirectional data transfer for industrial
control area as well as in military and government where the isolate networks are available. The proposed device
demonstrates a variety of applications such as file transfer, database backup, UPD streaming that transfer data in only
one direction in the isolate networks.
ACKNOWLEDGMENT
This work was supported by National Laboratory of Information Security, Ha Noi, Vietnam.
REFERENCES
[1] Scott W. Coleman, “The definitive guide to datadiode technologies from simple to state of the art”, Aug. 2019.
[2] ST Electronics, “DigiSAFE Datadiode”, 2019.
[3] Data Breach QuickView Report, Data Breach Trends - Year End 2017, Risk Based Security, Inc.
[4] Andrew Ginter, “Unidirectional security gateways: NOT your grandma’s datadiodes”,
[5] Youngjun Heo, Jungchan Na, "Development of unidirectional security gateway appliance using intel 82580EB NIC
interface," 2016 International Conference on Information and Communication Technology Convergence (ICTC), pp. 1194-1196,
2016.
[6] Y. Heo, B. Kim, D. Kang and J. Na, "A design of unidirectional security gateway for enforcement reliability and security of
transmission data in industrial control systems," 18th International Conference on Advanced Communication Technology (ICACT),
pp. 310-313, 2016.
[7] Lin Honggang, “Research on Packet loss issues in Unidirectional Transmission”, Journal of computers, vol. 8, No. 10, Oct. 2013.
[8] Valentin Stanciu, Mugurel Ionut Andreica, Vlad Olaru, and Nicolae Tapus, “Design and development of a UDP-based
connection-oriented multi-stream one-to-many communication protocol”, Journal of telecommunications and information
technology, Jan. 2012.
Pham Thi Huyen, Dinh The Cuong, Dao Tuan Hung, Luu Duc Anh, Dong Xuan Chinh 593

Phạm Thị Huyền, Đinh Thế Cường, Đào Tuấn Hùng, Lưu Đức Anh, Đồng Xuân Chinh

TÓM TẮT: Thiết bị cổng an toàn một chiều được sử dụng rộng rãi để truyền dữ liệu chỉ theo một chiều. Do đó, thiết bị này
được thực hiện để gửi và nhận dữ liệu giữa các mạng cách ly mà không được kết nối theo chiều ngược lại để đảm bảo an toàn thông
tin. Hơn nữa, thiết bị cổng an toàn một chiều được khai thác để bảo vệ tính an toàn và tính tin cậy của các hạ tầng trọng yếu. Trong
bài báo này, thiết bị cổng an toàn một chiều được thiết kế sử dụng sợi quang cho việc truyền dữ liệu an toàn một chiều từ mạng có
độ bảo mật cao/thấp tới mạng có độ bảo mật thấp/cao. Thiết bị được đề xuất có ưu điểm là tránh được việc rò rỉ các thông tin mật
và tấn công dò quét lỗ hổng.