data diodes

From: Charlie Strauss <cems_at_earthlink_dot_net>
Date: Fri Dec 01 2006 - 22:29:03 CST

Looking at Doug's Schematics, I find myself unclear about what
features of it are so important that it needed to build a device from
discrete components on a circuit boards. Anyone care to educate me?

Specifically, monolithic chips that perform this function have been
available since the 70's. They go by many names, vactrols,
optoswitches, optical isolators (not to be confused with a faraday
isolators) or optical relays. One side of the circuit activates an
led and the other is a photo-cell. Thus the directionality is not

for example: here's a product data sheet.

The primary advantage of doug's device might be that it's circuit
board is manifestly displays the signal routing rather than hiding it
inside a chip, so you can be sure by inspection that there is no
hidden back-channel.

However, optical relays that do this are also commerically avaialble
too. They are use in High offset voltage systems and for systems
where extreme ground shielding is important. In these the the two
halves are split and connected by an optical fiber. Since only one
side is able to produce the light it's still a diode not a
bidirectional optical fiber. (

For the truly paranoid one can place a faraday isolator in the
optical fiber for mono-directional coupling. But then the problem
comes up of knowing if the isolator is working. A simpler, visually
inspectable, approach for the truly paranoid would be to put the
fiber optic equivalent of a 45 degree mirror in the line to visually
monitor the light directionality.

Another approach to a data diode type system can be done all
electrically without resort to optical coupling as follows: (this
was a trick used in precision HP gighertz gear circa 1960/1970). The
transmitter wire passes through a low pass filter that cut's off any
frequencies above a desired cutoff. Let's say 1KHz. The signal is
a positive: to any fluctuations (<1Khz) sit on a positive DC bias.
this passes through a real Diode to ground. The reciever is also
injecting current into the same diode through the base of an NPN
transisitor. So in other words, the reciever looks like an emitter-
follower configuration with the base resistor replaces by a diode.
An oscilator is injecting an fixed AC signal at say 1GHZ on a DC bias
into the base of the transistor. What happens is this. Near
threshold, the effective AC resistance of a Diode varies enormously
depending on the DC current passing though it. Thus the trnasmitter
signal essentially turns on and off the emitter follower depending
upon it's level. The final signal output of the device is the AC
1GHZ signal on the collector of the transistor, which is rectified
and low pass filtered.

That's sort of a long description of the following block elements: A
low pass filter, followed by unidirectional upconversion to high
frequency, follwed by unidirectional rectification, and another low
pass filter. Thus the slowly varying input signal can only pass from
the input to the output. The device consists of one diode, one
transistor, and some resistors and capacitors and diodes for the low
pass and upconversion. The oscilator is a separate element.

On Dec 1, 2006, at 8:10 PM, Joseph Lorenzo Hall wrote:

> On 12/1/06, Richard C. Johnson <> wrote:
>> Alan,
>> I would like to return to discussion of some issues you touched on
>> when you
>> noted the Open Voting Solutions application for OVC
>> certification. That is
>> the matter of Open Hardware Design.
>> It seems to me that actual designs must be known for all hardware
>> components, including chips used on all boards. This is simply
>> because
>> specifications, however detailed, have alternate implementations.
>> The
>> design, however, is precise and sufficient. The design can be
>> sent to a
>> contract manufacturer and be produced as a known device, and it
>> can be
>> checked against its (digital) designs.
> Doug Jones and David Wagner recently enlightened me about how much of
> a Hard Problem hardware verification is. We included a short
> discussion of this in ACCURATE's comments to the EAC VSTCP Manual.
> Doug recently showed us this level of design is approachable with his
> data diode work. He designed his diode to facilitate verification...
> and it blew us all away. (David Dill said Doug had "attacked the
> problem with nuclear weapons") We definitely need more design like
> this:
> --
> Joseph Lorenzo Hall
> PhD Student, UC Berkeley, School of Information
> <>
> _______________________________________________
> OVC-discuss mailing list

OVC-discuss mailing list

= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain

Received on Sun Dec 31 23:17:04 2006

This archive was generated by hypermail 2.1.8 : Sun Dec 31 2006 - 23:17:16 CST