Software

Many network protocols require bidirectional communication, which is prevented by data diodes. We developed pydiode, an open-source Python package for reliably sending data through a data diode.

pydiode Protocol

Bidirectional network protocols (e.g., TCP) handle packet loss by requesting retransmission of lost packets. This is not possible when using a data diode, since the receiver physically cannot communicate with the sender.

The pydiode protocol minimizes packet loss by enforcing a user-specified maximum bitrate. Also, pydiode transmits each chunk of data a configurable number of times, for resilience against lost packets. Finally, pydiode compares a SHA-256 digest of the received data to a digest of the sent data, and exits with an error if the digests don’t match.

pydiode is very reliable: when data chunks are sent twice (the default), we saw no errors.

Read Our Paper

pydiode GUI

pydiode includes a robust command-line interface and GUI. pydiode sends streams of data, so it can be easily integrated with other software.

Diode Transfer's send and receive tabs. The send tab lets you add files to the file transfer queue. The receive tab lets you save files to a directory.

pydiode supports macOS and Linux, and is available on GitHub and pypi. We also plan to publish pydiode on the Mac App Store and as a Debian package.

pydiode on GitHub

pydiode FAQ

Is pydiode free?
- Yes, pydiode is free and open-source software, licensed under the MIT License.
Can pydiode send files over the internet?
- You should not use pydiode to send files over the internet. pydiode’s GUI supports encrypting payloads using PGP, but this does not completely protect against a man-in-the-middle over the internet (e.g., replay attacks). This is not a problem when using pydiode with a data diode, since there is no opportunity for a man-in-the-middle; this is analogous to not worrying about a man-in-the-middle between your computer’s CPU and main memory.
How can I verify that pydiode is using the data diode?
- Use the test function in Diode Transfer’s “Settings” tab, and observe the network activity lights.
- You must ensure that the IP address of the sender’s interface (i.e., the interface connected to the data diode) does not overlap with your local network’s IP range. Also, the sender’s interface should appear first in the sender’s service order; this protects against accidentally sending data over Wi-Fi, for example.
Can you help me set up pydiode?
- We’re happy to help, especially if you are a journalist, human rights worker, or public sector employee!

Hardening Signal

Signal is a popular messaging app. Signal uses end-to-end encryption to keep users’ messages private. This means that even Signal cannot read your messages. However, there is a way around end-to-end encryption: if someone hacks your device, they will get access to all your messages. This video shows how to protect against this threat using a data diode.

Note that the video shows a high-fidelity prototype. We will invest more engineering resources after prospective users express interest. So if you’d like access to this technology, please get in touch!

Securing Critical Infrastructure

Modern society depends on critical infrastructure like electricity and water treatment. Infrastructure is often accessible from the internet, making it vulnerable to cyberattacks. This video shows how to physically prevent remote tampering using a data diode.

Please get in touch if your organization is interested in defending infrastructure using our technology!