Fort Fox Hardware Data Diode
The data diode has two operational interfaces to establish one-way communication, the Bidirectional Input and Unidirectional Output port. At the Low Security Level Transceiver light is carried into the Bidirectional Input port and converted, with the aid of a photocell, into an electrical signal. The electrical signal spreads through the data diode to the High Security Level Transceiver. The High Security Level Transceiver receives the electrical signal and converts this, using a light source, into light. Finally, the light is offered, through the Unidirectional Output port, to the High Security Level Network. The Unidirectional Output port is incapable of input and therefore lacks the ability of converting light into an electrical signal. Consequently, an electrical signal is unable to propagate to the Low Security Level Transceiver and therefore incapable to create a covert channel.
Fiber optics is used to transport signals from and to the data diode Bidirectional Input and Unidirectional Output ports. Electrical signals only transport signals inside the data diode, which is completely enclosed by analuminum casing. This approach minimizes the electromagnetic emanation and the tempest security
threat.
Unidirectional communication does not work with a network protocol that requires a handshake
(acknowledgement). To establish a communication link between the Low Security Level side and the Low
Security Level Transceiver, a Bidirectional Input port is initiated. Data, information, or communication
originating at the Output (High Security Level) is physically unable to flow to the Bidirectional Input port (Low Security Level) via the data diode, therefore there is no back channel which could be used as a covert
channel. Any network protocol could be used to implement the communication if no handshaking across
the data diode is required e.g. the User Datagram Protocol (UDP) can provide a unidirectional flow of
information.