In a computer network handling sensitive communications, portions of the network may be connected by one-way links. The term “one-way link” is used in the context of the present patent application and in the claims to refer to a communication link that is physically configured to carry signals in one direction and to be incapable of carrying signals in the opposite direction. Such a link, for example, may comprise a cable, such as an electrical or fiberoptic cable, with a transmitter but no receiver at one end, and a receiver but no transmitter at the other. One-way links may be implemented, for example, using Waterfall® systems, which are manufactured by Waterfall Security Solutions, Ltd. (Rosh HaAyin, Israel). When a transmitting computer is connected by a Waterfall system (or other one-way link) to a receiving computer, the receiving computer can receive data from the transmitting computer but has no physical means of sending any return communications to the transmitting computer.
One-way links may be used to prevent data either from entering or leaving a protected facility. For example, confidential data that must not be accessed from external sites may be stored on a computer that is configured to receive data over a one-way link and has no physical outgoing link over which data might be transmitted to an external site. On the other hand, in some applications, the operator of the protected facility may be prepared to allow data to exit the facility freely via a one-way link, while preventing communications from entering the facility in order to thwart hackers and cyber-terrorists.
In this latter category, for example, U.S. Pat. No. 7,649,452, whose disclosure is incorporated herein by reference, describes protection of control networks using a one-way link. As described in this patent, a method for monitoring a process includes receiving a signal from a sensor that is indicative of a physical attribute associated with the process and transmitting data indicative of the received signal over a one-way link. The transmitted data received from the one way link are used in monitoring the process. The method is described in the patent particularly in the context of Supervisory Control And Data Acquisition (SCADA) systems. A SCADA system receives monitoring data from the monitored facility via a one-way link. The SCADA system is unable to transmit any sort of data back to the monitored facility (although a separate, open-loop connection may be provided for this purpose), and therefore cannot be used as the base for an attack on the facility.
To facilitate remote monitoring of industrial networks, Waterfall Security Solutions offers a product known as Remote Screen View (RSV), which uses an internal, hardware-based, unidirectional fiberoptic link to replicate, in real-time, servers and workstations screens located in industrial networks to corporate or external networks. This product is said to provide secure, unidirectional screen replication from industrial networks to corporate networks. Due to the design of the hardware itself, data flow from the corporate network towards the industrial network is physically impossible.
In practice, there is sometimes a need to transmit information or commands from an external network back into a monitored facility that is protected by use of an outgoing one-way link. A solution to this need is proposed, for example, in U.S. Patent Application Publication 2014/0068712, whose disclosure is incorporated herein by reference. This publication describes communication apparatus that includes a one-way, hardware-actuated data relay, which includes a first hardware interface configured to receive a command from a communications network and a second hardware interface configured to convey the received command to a protected destination when the relay is actuated. A decoder includes a third hardware interface configured to receive a digital signature for the command from the communications network and hardware decoding logic coupled to verify the digital signature and to actuate the relay upon verifying the digital signature, whereby the command is conveyed via the second hardware interface to the protected destination.
U.S. Patent Application Publication 2010/0278339, whose disclosure is incorporated herein by reference, describes apparatus in which an encryption processor is coupled between an input transducer, such as a keyboard, microphone, touch screen or imaging device, and a computer. The encryption processor receives and encrypts input data signals from the input transducer, so that the data input from the input transducer to the computer is already encrypted. Typically, the computer is able to access the input transducer only via the encryption processor, so that an unauthorized party cannot gain access to the clear signals that are produced by the input transducer itself. The computer may then transmit and/or store the input data from the input transducer in encrypted form, without ever having to decrypt the data.