Home Home

About SERTIT

The Certification Scheme

Evaluation Facilities

Certified products

Publications

Newstalk

Contact

International


Acronyms

Search


New Norwegian
Norwegian



NSM
navn

Certified products > Fort Fox Hardware Data Diode

Fort Fox Hardware Data Diode

Version
FFHDD2
Build
Not applicable
CCRA - click for further information
The recognition under CCRA is limited to cPP related assurance packages or components up to EAL 2 with ALC_FLR CC part 3 components

Product type
Data Diode
Evaluation assurance level
EAL 4 augmented with
AVA_VAN.5 and ALC_DVS.2
Status
Certified
Certification date
3. march 2010
Security target
Fort Fox Hardware Data Diode Security Target
Certification report
SERTIT-014 CR
Evaluation facility
Brightsight
Developer
Fox-IT BV
Wouter Teepe
Phone: +31(0)15 284 79 99
Fax: +31(0)15 284 79 90

Product description

The data diode has two operational interfaces to establish one-way communication, the Bidirectional Input and Unidirectional Output port. At the Low Security Level Transceiver light is carried into the Bidirectional Input port and converted, with the aid of a photocell, into an electrical signal. The electrical signal spreads through the data diode to the High Security Level Transceiver. The High Security Level Transceiver receives the electrical signal and converts this, using a light source, into light. Finally, the light is offered, through the Unidirectional Output port, to the High Security Level Network. The Unidirectional Output port is incapable of input and therefore lacks the ability of converting light into an electrical signal. Consequently, an electrical signal is unable to propagate to the Low Security Level Transceiver and therefore incapable to create a covert channel.

Fiber optics is used to transport signals from and to the data diode Bidirectional Input and Unidirectional Output ports. Electrical signals only transport signals inside the data diode, which is completely enclosed by analuminum casing. This approach minimizes the electromagnetic emanation and the tempest security threat.

Unidirectional communication does not work with a network protocol that requires a handshake (acknowledgement). To establish a communication link between the Low Security Level side and the Low Security Level Transceiver, a Bidirectional Input port is initiated. Data, information, or communication originating at the Output (High Security Level) is physically unable to flow to the Bidirectional Input port (Low Security Level) via the data diode, therefore there is no back channel which could be used as a covert channel. Any network protocol could be used to implement the communication if no handshaking across the data diode is required e.g. the User Datagram Protocol (UDP) can provide a unidirectional flow of information.