Software

Many network protocols require bidirectional communication, which is prevented by data diodes. We developed pydiode, an open-source Python package for reliably sending data through a data diode.

pydiode Protocol

Bidirectional network protocols (e.g., TCP) handle packet loss by requesting retransmission of lost packets. This is not possible when using a data diode, since the receiver physically cannot communicate with the sender.

The pydiode protocol minimizes packet loss by enforcing a user-specified maximum bitrate. Also, pydiode transmits each chunk of data a configurable number of times, for resilience against lost packets. Finally, pydiode compares a SHA-256 digest of the received data to a digest of the sent data, and exits with an error if the digests don’t match.

pydiode is very reliable: when data chunks are sent twice (the default), we saw no errors.

Read Our Paper

Diode Transfer GUI

pydiode includes a robust command-line interface and GUI. pydiode sends streams of data, so it can be easily integrated with other software.

Diode Transfer's send and receive tabs. The send tab lets you add files to the file transfer queue. The receive tab lets you save files to a directory.

pydiode supports macOS and Linux, and is available on GitHub and pypi. We also plan to publish pydiode on the Mac App Store and as a Debian package.

pydiode on GitHub

FAQ

Is pydiode free?
- Yes, pydiode is free and open-source software, licensed under the MIT License.
Can pydiode send files over the internet?
- You should not use pydiode to send files over the internet, since pydiode does not encrypt transmissions. This is not a problem when using pydiode with a data diode, since there is no opportunity for a man-in-the-middle attack; this is analogous to not worrying about unencrypted data passing from your CPU to main memory.
How can I verify that pydiode is using the data diode?
- Use the test function in Diode Transfer’s “Settings” tab, and observe the network activity lights.
- You must ensure that the IP address of the sender’s interface (i.e., the interface connected to the data diode) does not overlap with your local network’s IP range. Also, the sender’s interface should appear first in the sender’s service order; this protects against accidentally sending data over Wi-Fi, for example.
Can you help me set up pydiode?
- If you are a journalist, human rights worker, or public sector employee, please get in touch!