In systems requiring a high level of security such as defense, control or financial systems, utilization of unidirectional data transmission technology may provide necessary information to the outside while securing the internal system from external attacks.
However, when a purely unidirectional system is physically deployed, as recovery from packet loss or bit errors is not easy, it is difficult to ensure reliability of transmitted data.
To ensure reliability, when a first network having a higher security level sends data to a second network having a lower security level, the second network may have to send a response corresponding to the data to the first network. In this case, as communication becomes bidirectional, a possibility of intrusion into the first network is generated. Hence, it is necessary to have a secure scheme that can not only block an attack in the reverse direction but also ensure reliability of data.
To improve reliability, a self error recovery algorithm may be used. However, in this case, data may be lost when a packet is lost or an unrecoverable error occurs. To send a reception indication from the second network to the first network, a separate signaling channel with limited information capability may be employed. In this case, when a signal is sent from the second network to the first network, it is not easy to identify whether the signal is a response corresponding to data having been sent by the first network because the signal carries insufficient information, making it difficult to secure reliability of data transmission.
In data transmission from a first network requiring a higher security level to a second network requiring a lower security level, when the meaningful flow of data is purely unidirectional, it is possible to protect the first network from all threats coming through a connection point with the second network by use of a unidirectional data diode that unidirectionally transfers physical data from the second network to the first network. However, an error may occur during unidirectional data transmission using such a data diode although the probability of error occurrence is low due to characteristics of communication media.
A related art scheme using forward error correction for error detection and correction is disclosed in Korean Patent Publication No. 10-2000-0028706 (2000-05-25) entitled “Method and Device For Establishing Secure Connection On Unidirectional Data Path”.