Open Source Data diodes

by Ministry of Defence

Open Source Data diodes

by Ministry of Defence

Currently available data diodes establish an advanced security layer within highly sensitive or critical networks, but they are often customized for a specific situation and therefore aren’t suitable for widespread usage because of economic restrictions.

Open Source Data diodes

by Ministry of Defence

Dive deeper

Background

The open source data diode (OSDD) was initiated as a demonstrator project by the Dutch Ministry of Defence. The intent was to show that a functional secure data diode can be constructed and manufactured with relatively cheap hardware, and therefore it can be made widely applicable in order to secure networks. The next step within this project is to disclose the source code to the general public so the open source community is able to develop the OSDD into maturity over time. We believe that a freely available low cost data diode will have a tremendous positive impact on the level of cybersecurity realized by national governments, critical infrastructures, commercial businesses and the general public.

A data diode is a combination of both hardware and software which, because of its physical properties, guarantees that a data flow can only manifest in one direction. It is placed between two networks with different levels of security and controls the flow of information. Because a data diode functions as a unidirectional security gateway, it creates the ability to broadcast sensitive information while maintaining the confidentiality of a network. A data diode could for example enable remote access to the data of an IoT device, without the risk of a third party being able to manipulate this device. Therefore a decision maker can trust the distributed data, while an operational manager can ensure the network is less vulnerable for hostile activities.

Problem statement

Currently available data diodes establish an advanced security layer within highly sensitive or critical networks, but they are often customized for a specific situation and therefore aren’t suitable for widespread usage because of economic restrictions.

The Open Source Data Diode aims to provide a similar cybersecurity solution which is suitable for flexible deployment on less critical networks, but at a fraction of the costs. This hopefully makes it sensible to also apply this technology more broadly. By doing so, the Ministry of Defence aims to contribute towards creating a safer and more cyber resilient society. The source code will therefore also be 100% open source.

At the moment, a working demonstrator of the OSDD has both been developed and published. In concept, the OSDD is fully functional as a unidirectional gateway. However, in order to make the OSDD a useful appliance for a range of different use cases, the maturity of the software needs to evolve.

Current functional limitations are mainly found within the availability of supported network protocols and within the ability to securely update OSDD software remotely. A second area which needs improvement is related to ease of use. Reducing the technical know-how needed to implement and operate the OSDD would greatly improve its usability.

Challenge

How ​can ​we ​help ​decision-​makers (municipality, military officers) to estimate risks and act accordingly ​by ensuring the quick retrieving of secure data from diode ​sensor ​when implementing a ​data ​diode ​in ​new ​scenarios ​instead ​of ​ having expensive and complex formal certification mechanisms?

Use cases for risk situations and example scenarios will be provided to registered teams. The goal is to redesign the current data diode by adding new functionalities and levels of security depending on the exploration of possible new applications.

Sub-questions

  • How can we scale data diodes for a safer resilient society?
  • How to create a user-friendly installation process?
  • How to apply the OSDD for a large number of assets by lowering the price?
  • How to make an attractive solution for the government and private sector?
  • In which other areas the diode can be applied?
  • How to develop an additional network protocol functionality?
  • How to develop a secure remote update mechanism?
  • How to improve the overall performance of OSDD
  • How to improve the maturity of the source code?
  • How to create a market model with which the OSDD can be sustainable and maintained over time?

This challenge could influence the spread of use of data diodes by government representatives, military officers, security officers, operators of the diodes, decision makers, logistics, big corporations with sensitive data.

Criteria

  • Create a standard solution for IT-OT integration
  • The diode needs to be able to operate in specific conditions e.g. temperature, humidity, etc
  • The diode should be easy to implement e.g. network switch
  • The diode should be more affordable than the current ones
  • The diode should be easy to use by operators (like SSL/https) and be open source
  • The diode should be protected with the blockchain technology
  • It should allow to be updated with more functionalities in a safe way only by operators (automation management)
  • “Dumber diode” smaller and one-directional, that cannot be programmed from the other side
  • DIN mountable

Sources for open data

  • Source code and technical documentation
  • Detailed guidelines towards a virtual setup of the OSDD
  • For inspirational purposes: detailed use cases including technical requirements
  • Physical copy of the OSDD (available upon submission of a participant proposal)
  • Digital version of OSDD upon request
  • GitHub (closed environment)
  • Kafka training - Apache Kafka is an open-source distributed event streaming platform used by thousands of companies for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications.

Other challenges

Updates from the Hackathon for Good world

Combating horizontal fraud

by undefined

The Netherlands’ online environment has become a comfortable setting for various types of cybercrime due to its high quality and dense access to the internet, predominant online trading, as well as a growing target group of more vulnerable users with different levels of cultural and tech literacy

Food Waste

by Invisible Foods

Today we produce enough food to feed 10 billion people. However, the population is only 7,5 billion. At the same time, in some parts of the world...

Water & Circular Greenhouse Economy

by Greenport West-Holland

How can we encourage (greenhouse) growers to get insights and be involved in the relation between their production and their local environment's...