Guaranteed one-way network connection

Updates

31 Jan, 2019 • admin

Can you use malware to bypass a data diode system with radio waves?

Recently, security researcher Monta Elkins claimed it is possible to bypass a data diode protected connection. In other words: it is possible to break the ‘unbreakable’.

Elkins’ purpose was not to break any existing product, but to stimulate educational follow-up research. Though this research project takes a practical approach and promotes transparency, it is also a laboratory-confined proof of concept. That in our case has no impact on Fox DataDiode’s for the simple reason of how we developed and continue to build the Fox DataDiode since 2006. In other words our Fox DataDiode customers are protected as long as normal security target procedures are observed.

What was exactly researched?

The research project doesn’t necessarily aim to target a data diode hardware unit, but instead attempts to create a side channel using other computer systems around a data diode device. This project operates by installing and running specifically crafted malware on computers in both networks connected to a data diode.

In order to successfully create and use the side channel method as proposed by the research project, all of the following requirements must be met:

  1. Malware must be installed on computers in the networks on both sides of the data diode.
  2. The malware must be run on the compromised computers.
  3. The compromised computers must be in relative close proximity of each other.
  4. The compromised computers must not have electromagnetic shielding.
  5. The compromised computers must employ electrical conductor wired cables connected to a modulating interface that can be used as antennas by the malware.

Detailed analysis of the requirements

Data diode systems are deployed in environments with high security and sensitivity, and as such, always go hand in hand with a combination of other digital as well as physical security measures. Because, what good is a data diode when there are wireless connections in place? Or what good is a data diode when there is no physical access restriction to the site, allowing for sabotage? As explained in the Common Criteria security target documentation for the Fox DataDiode, there should be measures in place that effectively eliminate the applicability of the proposed bypass attack. Let’s take a closer look at the five requirements of the bypass research project that must all be met in order for it to succeed, and why it is highly infeasible to effectively leverage the attack method. (This analysis is written with the Fox DataDiode solution in mind at the heart of the air gap under attack.)

Requirement #1: Malware must be installed on computers in the networks on both sides of the data diode

Analysis: at the time of writing, there is no known method that allows malware to transport and install itself on a computer that is located on the other side of the Fox DataDiode. The only way to do so would be over an existing (illegal) bypass, meaning the network is physically compromised already. And that implies either sabotage or extreme carelessness and negligence.

Requirement #2: The malware must be run on the compromised computers

 Analysis: Installing malware on a computer does not necessarily imply that the malware is run. Malware normally requires a method of transport onto a target computer, and then it must be run on that computer. Either by automated means such as exploiting a remote vulnerability, or by tricking a human into executing it. If it were successfully transported, but never executed, the data diode bypass will not be operational. Until now, exploiting a remote vulnerability has proven impossible through a Fox DataDiode system. So that leaves the human factor as the only method for activating the malware, which emphasizes the sabotage/carelessness/negligence scenario.

Requirement #3: The compromised computers must be in relative close proximity of each other

 Analysis: The researcher indicated that the two compromised computers must be located in close proximity to each other. Even ideally integrated in one single enclosure, which is exactly what some of our competitors do. A full Fox DataDiode system on the other hand, consists of three separate hardware units residing in different security zones, interconnected with optical fiber cables. This combination reduces the practical applicability of the proposed bypass against a Fox DataDiode system even further.

Requirement #4: The compromised computers must not have electromagnetic shielding

Analysis: When the radio antennas are located inside the computer enclosure (which is typically where the main board would be, with all the wiring connecting up any internal peripherals such as the proposed analog-digital convertors or other digital I/O pin out). Any applied shielding such as TEMPEST will render the proposed bypass ineffective. Fox DataDiode customers that expect highly advanced remote radio eavesdrop attacks can have their DataDiode system TEMPEST shielded.

Requirement #5: The compromised computers must employ electrical conductor wired cables connected to a modulating interface that can be used as antennas by the malware

 Analysis: When the targeted modulation hardware is either not present, not of a compatible type, or not connected with a properly dimensioned electrical wire, the bypass will simply not work.

Conclusion

The proposed research project demonstrates that attackers with physical access (or existing bypasses) and exact hardware requirements can create a radio connection to cross a very small air gap. Given the rather extreme requirements for success, proper Fox DataDiode deployments are unaffected. The only way to make the research project work in production deployments, is by sabotage or extreme carelessness. The research project serves to raise qualitative discussion on this topic. And it is a good heads-up for those organizations that operate data diode systems, stimulating them to reassess their physical environment.

Blog author: Andre Post

Questions regarding this research and the Fox DataDiode? Fill out the form below and we will respond as soon as possible.

Updates

Do you have a question?

Whether you have a product related question, need technical support or want to contact our customer service, submit your name and email and we will respond within 24 hours.

Fill out my online form.

Downloads

Protecting Critical Assets and Production Environments

Explanation how to protect critical assets from outside digital threats

Fox DataDiode Ruggedized 10G

Device that will enforce a one-way network connection

Fox DataDiode for Protecting Secrets

Protect confidential information with one way network DataDiode

All downloads