One-way network link keeps systems secure
Necessity became the mother of invention when Instrumentation Systems Engineering Dept. 8232 Manager Curt Nilsen created a new device that is subject to a recent exclusive license.
Curt had been working on material monitoring techniques for arms control when he wanted to remotely make unclassified information available to computer users who were on either classified or unclassified systems. (Both were desirable, due to the need for varying levels of access to carry out either physical monitoring or treaty verification.) His solution was to use optical isolation. Data can be sent by a light-emitting diode and received by a photodetector. This simple one-way optical implementation assures that information can flow in only one direction. Special protocols were also created to assure extreme data reliability in this one-way environment.
"Optical isolation is great. Unless your photodetector turns itself into a light bulb," Curt explains, "you’re ensured the data won’t go the other way. It is literally 100 percent one-way."
The device grew into a high-speed link using asynchronous transfer mode (ATM) cards (at 155 megabits per second) when a summer student was using a serial port version and needed more speed. A co-worker suggested using ATM, Curt says, and through the ATM card vendor, the licensee heard about the technology and met Curt.
Now Curt’s data diode (as it is called) is the core technology of the licensee’s privately held company, Owl Computing Technologies Inc. (www.datadiode.com). Company founder Ron Mraz had representatives negotiate an exclusive license with Sandia this winter after initially obtaining licensing rights in 1998.
"The underlying technology can be applied in many places," Mraz says, "to harden the security of any existing infrastructure, and we’re moving forward to more generalized use of the application. Sandia has helped tremendously."
"The time is right for him to introduce the technology into the marketplace," adds Craig Smith, who handled the license re-negotiation for Sandia’s Business Development Support Dept. 8529.
Owl’s implementation of the data diode and its one-way protocols using ATM technology created a "very attractive product," Curt says. The data diode’s one-way link keeps information within a private network inaccessible, while allowing an inflow of information from the Internet or another outside network — similar to the way a one-way mirror permits viewers to see outside even while outsiders cannot see in. Information from the outside source is copied in a one-way stream onto the destination computer.
Owl Computing, meanwhile, is offering its data security products based on this technology to aerospace and defense companies, government agencies, national laboratories, heavy industry, health care, and information technology sectors.