Re: data diodes

From: Douglas W. Jones <jones_at_cs_dot_uiowa_dot_edu>
Date: Mon Dec 04 2006 - 10:02:51 CST

On Dec 1, 2006, at 10:29 PM, Charlie Strauss wrote:

> Looking at Doug's Schematics, I find myself unclear about what
> features of it are so important that it needed to build a device from
> discrete components on a circuit boards. Anyone care to educate me?
>
> Specifically, monolithic chips that perform this function have been
> available since the 70's. They go by many names, vactrols,
> optoswitches, optical isolators (not to be confused with a faraday
> isolators) or optical relays.

Given a board containing a packaged optoisolator, how do I know that the
black epoxy-coated device is an optoisolator and does not contain a
hidden reverse channel.

> The primary advantage of doug's device might be that it's circuit
> board is manifestly displays the signal routing rather than hiding it
> inside a chip, so you can be sure by inspection that there is no
> hidden back-channel.

Correct.

> However, optical relays that do this are also commerically avaialble
> too. They are use in High offset voltage systems and for systems
> where extreme ground shielding is important. In these the the two
> halves are split and connected by an optical fiber. Since only one
> side is able to produce the light it's still a diode not a
> bidirectional optical fiber.

But, for transparency of design, you need the light to be visible. IR
photodiodes and IR photoreceptors look essentially identical, so you
can't
tell, by inspection, which way the light is going. You need visible
light and signal leakage in order to get eyeball confirmation that the
system works as described.

> For the truly paranoid one can place a faraday isolator in the optical
> fiber for mono-directional coupling.

Don't treat this as paranoia. Note the Tempest problems that have led
to
the decertification of one of the two Dutch e-voting systems a month
ago.
Note that, so far as I know, no US voting system has been tested for
Tempest vulnerabilities.

> A simpler, visually inspectable, approach for the truly paranoid would
> be to put the fiber optic equivalent of a 45 degree mirror in the line
> to visually monitor the light directionality.

My design will cost less than anything involving optical fibers and 45
degree mirrors.

> Another approach to a data diode type system can be done all
> electrically without resort to optical coupling as follows: (this was
> a trick used in precision HP gighertz gear circa 1960/1970). The
> transmitter wire passes through a low pass filter that cut's off any
> frequencies above a desired cutoff. Let's say 1KHz. The signal is a
> positive: to any fluctuations (<1Khz) sit on a positive DC bias.
> this passes through a real Diode to ground. The reciever is also
> injecting current into the same diode through the base of an NPN
> transisitor.

This is clever. It's harder to explain to a novice with only a little
bit
of knowledge. Minimum parts count in the security critical hardware
really
does matter.

                Doug Jones
                jones@cs.uiowa.edu

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Sun Dec 31 23:17:05 2006

This archive was generated by hypermail 2.1.8 : Sun Dec 31 2006 - 23:17:16 CST