4

Is there a cable that physically only supports data flow in one direction (out)? The idea here is to put this on a system that can only export data so that there is very minimal risk of the transmitting system 'getting' attacked (assuming there are no other attack vectors).

Matthew Peters
  • 3,592
  • 4
  • 21
  • 39
  • What application were you thinking of ? Obviously there are things such as read-write blockers etc, but I don't think that answers your question. – KingJohnno Apr 30 '14 at 17:30
  • @KingJohnno I was hoping for more of a hardware approach to leave out any potential exploits in a coded blocker. Also, this is currently just theoretical but I imagine a simple system that contains very sensitive information and only small bits of that info would be shared but preferably in my 1-way hardware street style. – Matthew Peters Apr 30 '14 at 17:37

1 Answers1

9

It is possible to make one-way Ethernet cables. This site has lots of pointers to various documentations for that. Note that things change depending on whether you are doing 10 MBits/s, 100 MBits/s or 1 Gbits/s (10 MBits/s is easy: simply cut off one pair; 100 MBit/s is tricky; gigabit seems infeasible since the signal uses phase modulation over all eight wirse).

In one situation (which is currently deployed in production !) I used an audio cable, plugged into the "out" port of the audio card of one machine (the green port) and the "line in" port of another machine (the pink port). The advantage of using an audio port is that it is very easy to visually inspect the cable and verify that, indeed, data will be constrained to flow in one direction only. The problem, though, is that data now has to be encoded as audio, which is doable but tends to have an awfully low bandwidth (my implementation got 300 bauds...). In my case, this was for a root certification authority, which has to sign CRL regularly, but must remain offline at all times.

(My initial idea was to use an actual speaker-and-microphone contraption, but an audio cable works better in a noisy server room.)

Audio, Ethernet, and any other medium (people with skills at practical electronics might want to use a laser diode and a photodiode), share the common disadvantage of being, indeed, absolutely one-way. This means that you won't get any acknowledge or flow control; there will be no TCP. The sender has to emit the data and hope for the best. You will organize the transfer with some checksums (to guard against transmission errors) and a lot of repetitions; error-correcting codes may also be an option. In my CA situation, I just had to send a CRL whose length was below 1 Kbyte, and it changed only once per week, so there was no real issue here.

Tom Leek
  • 168,808
  • 28
  • 337
  • 475
  • This is exactly what I had in mind! I wish there were faster transfer speeds but, this does work. Audio I/O is a perfect example of what I am looking for. Thanks for the ethernet cable link. I played around trying to get it working but without a guide, it was hit or miss (heavy on the miss). – Matthew Peters Apr 30 '14 at 17:48
  • Another option is a [null-modem serial cable](https://en.wikipedia.org/wiki/Null-modem_cable) with one of the data lines cut. – Mark May 01 '14 at 04:49
  • You'd imagine -- theoretically -- that it would be possible to use a fibre connection where one 'light' is disabled, thus becoming a one way cable. It gets quiet interesting, as just expanding the thought, for error control you could have a return signal path (different cable?) that would simply be an error signal to resend the last x frames. It would require a bespoke protocol, but would be interesting to write. – BJury Dec 10 '14 at 12:27