GB2538952A - Security gateway - Google Patents
Security gateway Download PDFInfo
- Publication number
- GB2538952A GB2538952A GB1509046.7A GB201509046A GB2538952A GB 2538952 A GB2538952 A GB 2538952A GB 201509046 A GB201509046 A GB 201509046A GB 2538952 A GB2538952 A GB 2538952A
- Authority
- GB
- United Kingdom
- Prior art keywords
- data
- computer
- security gateway
- logic blocks
- input
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
This application discloses a one way, or unidirectional, network that allows a first user 102, to transfer data to a second user 122. The first user has a secure computer 104, and when he sends a message, or data, it is passed through a firewall 106, which then transfers it to a server 108, which has a message transfer agent 110 on it. This is then passed into a logic block, which may be a field programmable gate array or FPGA 112, which then transfers it to a second server 114, which has a second MTA 116 on it. It then goes through a second firewall 118 and arrives at the second users, unsecured, computer 120. The FPGA allows data to flow from the first user to the second user, but not from the second user to the first user.
Description
SECURITY GATEWAY
FIELD OF THE INVENTION
The present invention relates to security gateways for controlling data 5 flow between computers.
BACKGROUND
In the field of communication technology, data is often communicated between different computer systems and/or devices that are connected to different communication networks.
When transferring data between different networks, it tends to be desirable that the transfer of data occurs in a secure manner.
Data diodes have been used to provide information security when transferring data from secured networks to unsecured networks, and vice versa.
Data diodes connected between different networks allow data to travel in only one direction between those two networks. For example, an unsecured network can receive data from the secured network via one or more data diodes, but the secured network cannot receive data from the unsecured network.
SUMMARY OF THE INVENTION
In a first aspect, the present invention provides a security gateway for controlling data flow between a first computer and a second computer. The security gateway comprises: a data input for receiving data from the first computer, a data output for sending data to the second computer, and one or more logic blocks arranged between the data input and the data output. The one or more logic blocks are configured to allow the data to flow from the data input to the data output. The one or more logic blocks are configured to prevent the data from flowing from the data output to the data input. -2 -
The one or more logic blocks may form a Field Programmable Gate Array.
The security gateway may comprise a second input configured to receive delivery address information for the data. The one or more logic blocks may be configured to, if the delivery address information for the data is the same as an address associated with the second computer, allow the data to flow from the data input to the data output. The one or more logic blocks may be configured to, if the delivery address information for the data is different to the address associated with the second computer, prevent the data from flowing from the data input to the data output.
The security gateway may further comprise a first Message Transfer Agent located at the data input. The first Message Transfer Agent may be configured to: receive the data from the first computer; using the received data, generate the delivery address information for the data; and send the generated delivery address information for the data to the one or more logic gates.
The security gateway may further comprise a switch having a first state and a second state, the first state being a state in which the switch allows the data to flow from the data input to the data output, the second state being a state in which the switch prevent the data from flowing from the data input to the data output. The security gateway may further comprise a controller configured to compare the delivery address information for the data to the address associated with the second computer, and control the switch based on that comparison.
At least one of the switch and the controller may comprise one or more logic blocks.
The security gateway may further comprise a third input configured to receive information specifying an address associated with the second computer, and means for modifying a configuration of the one or more logic blocks based the received information specifying the address associated with the second computer. -3 -
The security gateway may further comprise a second Message Transfer Agent located at the data output. The second Message Transfer Agent may be configured to: generate the information specifying an address associated with the second computer; and send the generated information specifying an address associated with the second computer to the means for modifying the configuration of the one or more logic blocks.
The security gateway may further comprise a first Message Transfer Agent located at the data input. The first Message Transfer Agent may be configured to: receive the data in a first data format from the first computer; convert the received data into a second data format, the second data format being different to the first data format; and send the data in the second data format to the one or more logic gates.
The security gateway may further comprise a second Message Transfer Agent located at the data output. The second Message Transfer Agent may be configured to: receive the data in a second data format from the one or more logic blocks; convert the received data into a first data format; the first data format being different to the second data format; and output, for use by the second computer, the data in the first data format.
The second data format may be a Serial Line data format.
The security gateway may further comprise: a counter configured to determine an amount of data traffic through the one or more logic blocks; and means for controlling a flow of data through the one or more logic blocks using the determined amount of data traffic. The means for controlling a flow of data through the one or more logic blocks may be configured to, if the determined amount of data traffic is less than a threshold amount, allow the data to flow from the data input to the data output. The means for controlling a flow of data through the one or more logic blocks may be configured to, if the determined amount of data traffic is greater than or equal to than a threshold amount, prevent the data from flowing from the data input to the data output.
In a further aspect, the present invention provides a system comprising a first computer, a second computer, and a security gateway connected between -4 -the first computer and the second computer. The security gateway is in accordance with any of the above aspects.
In a further aspect, the present invention provides a method for controlling data flow between a first computer and a second computer. The method comprises: providing a data input for receiving data from the first computer; connecting the first computer to the data input; providing a data output for sending data to the second computer; connecting the second computer to the data output; arranging one or more logic blocks between the data input and the data output; causing data to flow through the one or more logic blocks from the data input to the data output; and preventing, by the one or more logic blocks, data from flowing from the data output to the data input.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is a schematic illustration (not to scale) showing a data 15 communication system; Figure 2 is a schematic illustration (not to scale) showing a field programmable gate array; Figure 3 is a process flow chart showing certain steps of a process of transferring data through the data communication system; Figure 4 is a process flow chart showing certain steps of a process for
programming the field programmable gate array; and
Figure 5 is a process flow chart showing certain steps of a process for transferring an email through the data communication system.
DETAILED DESCRIPTION
Figure 1 is a schematic illustration (not to scale) showing an exemplary embodiment of a data communication system 100. An embodiment of a method of transferring data through the data communication system 100 will be described in more detail later below with reference to Figures 3 to 5. -5 -
The data communication system 100 comprises a first user 102, a first computer 104, a first firewall 106, a first server computer 108 on which is running a first Message Transfer Agent (MTA) 110, a field programmable gate array (FPGA) 112, a second server computer 114 on which is running a second MTA 116, a second firewall 118, a second computer 120, and a second user 122.
The first user 102 is a human operator of the first computer 104.
The first computer 104 is a secured computer that is connected to a secured network. The first computer 104, and the secured network, are isolated from all unsecured computers and unsecured communication networks, such as unsecured local area networks (LANs), unsecured wide area networks (WANs), and the Internet. The first computer 104 may be any general purpose computer including, but not limited to, a desktop computer, a laptop computer, and a tablet computer. The first computer 104 is capable of generating a communication signal, for example an electronic mail (email) message, for transmission to one or more other devices or other networks. The first computer 104 is further capable of receiving communications from one or more other devices or other networks.
The first computer 104 is connected to the first firewall 106 by a first 20 connection 124 such that data may be sent from the first computer 104 to the first firewall 106. The first connection 124 is a wired connection.
The first firewall 106 is a network security system that controls data traffic coming from, and going to, the first computer 104. The first firewall 106 controls this data traffic based on a predefined rule set. The first firewall 106 provides a barrier between the secured first computer 104 and the downstream network that is assumed to be unsecured.
In this embodiment, the first firewall 106 is a standalone hardware appliance. However, in other embodiments, the first firewall 106 is not a standalone appliance, for example, the first firewall 106 may be software running on general purpose computer such as the first computer 104. -6 -
The first firewall 106 is connected to the first MTA 110 by a second connection 126 such that data may be sent from the first firewall 106 to the first MTA 110. The second connection 126 is a wired connection.
The first MTA 110 is software that runs on the first server computer 108.
As described in more detail later below with reference to Figures 3 to 5, the first MTA 110 is configured to transfer data, for example email messages, from one computer to another.
The first MTA 110 is connected to the FPGA 112 by a third connection 128 such that data may be sent from the first MTA 110 to the FPGA 112. The third connection 128 is a wired connection.
The FPGA 112 is described in more detail later below with reference to Figure 2. The FPGA 112 is a programmable integrated circuit. The FPGA 112 comprises an array of programmable logic blocks. The logic blocks of the FPGA 112 are connected together by reconfigurable interconnects. By reconfiguring these interconnects, how the logic blocks of the FPGA 112 are connected together may be changed, i.e. programmed. Hence the operation of the FPGA 112 may be reconfigured. The FPGA 112 may include one or more different types of logic block. Examples of different types of logic block that may be included in the FPGA 112 include, but are not limited to, logic blocks configured to perform complex combinational functions, simple logic gates like AND and XOR, and memory elements such as simple flip-flops or more complete blocks of memory. In this embodiment, each logic block of the FPGA 112 is configured to permit data to flow through that logic block in only one direction. Each logic block of the FPGA 112 comprises a data input and a data output, and does not include a bidirectional port.
As described in more detail later below with reference to Figures 3 to 5, in this embodiment, the FPGA 112 permits only one-way or unidirectional data communication between the secured first computer 104 and the unsecured second computer 120. In particular, the FPGA 112 permits the unsecured second computer 120 (and hence the unsecured network) to receive data from the secured first computer 104, and prohibits or prevents the transmission of -7 -data from the unsecured second computer 120 to the secured first computer 104 (and hence the secured network).
The FPGA 112 is connected to the second MTA 116 by a fourth connection 130 such that data may be sent from the FPGA 112 to the second MTA 116. The fourth connection 130 is a wired connection.
The FPGA 112 is further connected to the second MTA 116 by a fifth connection 132 such that data may be sent from the second MTA 116 to the FPGA 112. The fifth connection 132 is a wired connection.
The second MTA 116 is software that runs on the second server computer 114. As described in more detail later below with reference to Figures 3 to 5, the second MTA 116 is configured to transfer data, for example electronic mail messages, from one computer to another. The second MTA 116 is further configured to send data, for example an address of the second MTA 116, to the FPGA 112 via the fifth connection 132, as described in more detail later below with reference to Figures 3 to 5.
The second MTA 116 is connected to the second firewall 118 by a sixth connection 134 such that data may be sent from the second MTA 116 to the second firewall 118. The sixth connection 134 is a wired connection.
The second firewall 118 is a network security system that controls data traffic coming from, and going to, the second computer 120. The second firewall 118 controls this data traffic based on a predefined rule set. The second firewall 118 provides a barrier between the second computer 120 and other networks not trusted by the second computer 120.
In this embodiment, the second firewall 118 is a standalone hardware appliance. However, in other embodiments, the second firewall 118 is not a standalone appliance, for example, the second firewall 118 may be software running on general purpose computer such as the second computer 120.
The second firewall 118 is connected to the second computer 120 by a seventh connection 136 such that data may be sent from the second firewall -8 - 118 to the second computer 120. The seventh connection 136 is a wired connection.
The second computer 120 is an unsecured computer that is connected to an unsecured communication network, such as an unsecured LAN, an unsecured WAN, and/or the Internet. The second computer 120 may be any general purpose computer including, but not limited, a desktop computer, a laptop computer, and a tablet computer. The second computer 120 is capable of generating a communication signal, for example an electronic mail (email) message, for transmission to one or more other devices or other networks. The second computer 120 is further capable of receiving communications from one or more other devices or other networks, for example, the second computer 120 capable of receiving an email sent by the first computer 104.
The second user 122 is a human operator of the second computer 120 Figure 2 is a schematic illustration (not to scale) showing further details 15 of the FPGA 112.
In this embodiment, the FPGA 112 comprises a plurality of interconnected modules, namely first register 200, a second register 202, a comparator 204, a shift register 206, a first decoder 208, a carriage return line feed (CRLF) decoder 210, a second decoder 212, a counter 214, and a switch 216.
Each of the modules 200-216 of the FPGA 112 comprise one or more logic blocks coupled together so as to provide the functionality of that module 200-216. The logic blocks of the FPGA 112 are connected together by reconfigurable interconnects such that an operation of one or more of the modules 220-216, and/or the interoperation of the modules 200-216, may be reprogrammed.
The first register 200 is a memory or storage device configured to store received data. The first register 200 is connected, via the fifth connection 132 to the second MTA 116 such that data, for example address information, sent from the second MTA 116 to the FPGA 112 is received by the first register 200. The first register 200 is further connected to the comparator 204 such that data -9 -output by the first register 200 may be sent from the first register 200 to the comparator 204.
The second register 202 is a memory of storage device configured to store received data. The second register 202 is connected, via the fifth connection 132 to the second MTA 116 such that data sent from the second MTA 116 to the FPGA 112 is received by the second register 202. The second register 202 is further connected to the counter 214 such that the second register 202 defines a size of the counter 214.
The first and second registers 200, 202 may be defined using DIP (dual in-I. e package) switches.
As described in more detail later below with reference to Figures 3 to 5, the comparator 204 is configured to compare two or more inputs to each other, and perform an action based upon that comparison. In addition to being connected to the first register 200, the comparator 204 is further connected to the shift register 206, the first decoder 208, and the CRLF decoder 210 such that the comparator 204 may receive, as inputs, data from the each of the shift register 206, the first decoder 208, and the CRLF decoder 210. The comparator 204 is further connected to the counter 214 and the switch 216 such that an output of the comparator 204 may be sent from the comparator 204 to the counter 214 and the switch 216.
The shift register 206 is configured to store data as a "bit array". The shift register 206 shifts the bit array stored in it by one position as new data is received by the shift array 206. In particular, at each transition of a clock input, the shift register 206 shifts in data present at its input, and shifts out a last bit in the stored bit array. The shift register 206 may comprise a plurality of flip flops that share a common clock input. The flip-flops may be arranged as a chain.
The shift register 206 is connected, via the third connection 128 to the first MTA 110 such that data, for example an email communication, sent from the first MTA 110 to the FPGA 112 is received by the shift register 206. The shift register 206 is further connected to the comparator 204, the first decoder 208, the CRLF decoder 210, and the second decoder 212 such that data output by the shift register 206 may be sent from the shift register 206 to the comparator 204, the first decoder 208, the CRLF decoder 210, and the second decoder 212.
The shift register 206 constructs a "word" for the comparator 204 and decoders 208-212. In this embodiment, the shift register 206 temporarily stores incoming serial data to facilitate operation of the comparator 204 and decoders 208-212. However, in some embodiments, for example in which there are incoming parallel data streams, the shift register 206 may be omitted.
The first decoder 208 is configured to decode data sent to the first decoder 208 from the shift register 206. In particular, in this embodiment, as described in more detail later below with reference to Figures 3 to 5, the first decoder 208 is configured to decode a first portion (e.g. a starting portion or "header") of an envelope that has been applied to digital content (e.g. an email message). The first decoder 208 is further connected to the comparator 204 such that decoded data (for example, a delivery address for an email message that was encoded in the header of an envelope of that email message) may be sent from the first decoder 208 to the comparator 204.
The CRLF decoder 210 is configured to decode terminators included in the envelope. The CRLF decoder 210 is connected to the comparator 4 such 20 that an output from the CRLF decoder 210 may be sent from the CRLF decoder 210 to the comparator 204. Alternative terminators may also be used.
The second decoder 212 is configured to decode data sent to the second decoder 212 from the shift register 206. In particular, in this embodiment, the second decoder 212 is configured to decode a second portion (e.g. an end portion or "footer") of an envelope that has been applied to digital content (e.g. an email message). The second decoder 212 is further connected to the switch 216 such that decoded data may be sent from the second decoder 212 to the switch 216.
The counter 214 is connected, via the third connection 128 to the first 30 MTA 110 such that data, for example an email communication, sent from the first MTA 110 to the FPGA 112 is received by the counter 214. The counter 214 is further connected to the comparator 204, and the second register 202 such that the counter 214 may receive an input from the comparator 204, and the second register 214.
In this embodiment, the counter 214 is configured to, using one or more of its received inputs, count an amount of data sent from the first computer 104 to the second computer 120. For example, for an email message sent from the first computer 104 to the second computer 120, the counter 214 may count the number of bits of information in that email message.
The counter 214 is further connected to the switch 216 such that the counter 214 may control the switch 216 depending upon the its data count. For example, in some embodiments, the counter 214 may switch the switch 216 to operate in its "data blocking" mode (which is described in more detail later below) if the data count counted by the counter 214 equals or exceeds a predefined threshold value. Advantageously, the programmability of the FPGA 112 tends to allow for the programming of the counter 214 to any desired threshold value. In some embodiments, operation of the counter 214 is disabled.
The switch 216 is connected, via the third connection 128 to the first MTA 110 such that data, for example an email communication, sent from the first MTA 110 to the FPGA 112 is received by the switch 216. The switch 216 is further connected to the comparator 204, the counter 214, and the second decoder 212 such that the switch 216 may receive an input from the comparator 204, the counter 214, and the second decoder 212. The switch 216 may be controlled by one or more of received inputs.
In this embodiment, the switch 216 may operate in one of two modes of operation, namely a first mode and a second. The switch 216 may be switched from operating in its first mode of operation to operating in its second mode of operation, and vice versa. Switching of the switch 216 may, for example, be controlled by the comparator 204.
In its first mode of operation, the switch 216 directs data received from the first MTA 110 (via the third connection 128) to the second MTA 116 (via the fourth connection 130). The fourth connection 130 is at an output of the switch 216.
In its second mode of operation, the switch 216 prevents, i.e. blocks, the flow of data through it. In other words, when operating in its second mode, the switch 216 prevents data from being sent to the second MTA 116 via the fourth connection 130. The second mode of operation of the switch 216 is its "data blocking" mode.
Apparatus (including the FPGA 112, the computers 104, 120, the server computers 108, 114, and the firewalls 106, 118) for implementing the above arrangement, and performing the method steps to be described later below, may be provided by configuring or adapting any suitable apparatus, for example one or more computers or other processing apparatus or processors, and/or providing additional modules. The apparatus may comprise a computer, a network of computers, or one or more processors, for implementing instructions and using data, including instructions and data in the form of a computer program or plurality of computer programs stored in or on a machine readable storage medium such as computer memory, a computer disk, ROM, PROM etc., or any combination of these or other storage media.
Figure 3 is a process flow chart showing certain steps of a process of an 20 embodiment of a method of transferring data through the data communication system 100.
At step s2, the FPGA 112 is programmed to permit only one-way data transfer from the secured first computer 104 to the unsecured second computer 120, and the prevent data being transferred from the second computer 120 to the first computer 104.
The programming process performed at step s2 is described in more detail later below with reference to Figure 4.
At step s4 an email message is sent from the secured first computer 104 to the unsecured second computer 120 via the FPGA 112.
The email transfer process performed at step s4 is described in more detail later below with reference to Figure 5.
Thus, a method of transferring data through the data communication system 100 is provided.
Figure 4 is a process flow chart showing certain steps of a process for programming the FPGA 112 to only allow one-way data transfer from the first computer 104 to the second computer 120, and to the prevent data transfer in the opposite direction, as performed at step s2 of Figure 3.
At step s8, the second MTA 116 sends a message to the FPGA 112 via 10 the fifth connection 132. This message includes an address of the second MTA 116.
At step s10, the comparator 204 receives the message sent from the second MTA 116 via the fifth connection 132 and the first register 200. The first register 200 may store variables received from the second MTA 116 e.g. until 15 the variables are changed by the second MTA 116.
At step s12, the comparator 204 may be programmed (or reprogrammed) by the received message sent by the second MTA 116.
In this embodiment, the message sent by the second MTA 116 may reconfigure the interconnections of the logic blocks that form the comparator 20 204, thereby programming the comparator 204.
The message sent by the second MTA 116 may program the comparator 204 such that: if the comparator 204 receives address information from the first decoder 208 that matches the address information specified in the received message from the second MTA 116 (i.e. the address of the second MTA 116), the comparator 204 controls the switch 216 to operate in its first mode; and if the comparator 204 receives address information from the first decoder 208 that does not match the address information specified in the received message from the second MTA 116 (i.e. the address of the second MTA 116), the comparator 204 controls the switch 216 to operate in its second mode.
The message sent by the second MTA 116 in effect provides comparison criteria against which the comparator 204 is to compare an email delivery address received from the first decoder.
In this embodiment, the comparator 204 is configured to compare received email delivery address information with the address information specified in the message received from the second MTA 116 (i.e. the address of the second MTA 116). The address of the second MTA 116 used to program the comparator 204 may be thought of as, and is hereinafter referred to as, the "programmed address" of the comparator 204.
After step s12, the process of Figure 4 ends.
Thus, a process for programming the FPGA 112 is provided.
Figure 5 is a process flow chart showing certain steps of a process for 15 transferring an email through the data communication system 100, as performed at step s4 of Figure 3.
At step s20, the first user 102 composes an email using the first computer 104. In this embodiment, the first user 102 specifies the second computer 120 as the delivery address for the composed email, i.e. the address to which that email is to be delivered.
At step s22, the first computer 104 sends the composed email to the first MTA 110 via the first connection 214, the first firewall 106, and the second connection 126.
In this embodiment, the email is sent from the first computer 104 to the 25 first MTA 110 in accordance with the Simple Mail Transfer Protocol (SMTP).
At step s24, the first MTA 110 applies an envelope to the received email so as to form a block of data which is hereinafter referred to as the "enveloped email".
In this embodiment, the envelope comprises a header and a footer which 30 are placed either side of the email message data. The header comprises supplemental data that is positioned at the beginning of the enveloped email before the email message data. The header specifies an address of the MTA that serves the computer to which the email message is to be delivered to, i.e. the address of the second MTA 116. The footer comprises supplemental data that is positioned at the end of the enveloped email after the email message data.
At step s26, the first MTA 110 sends the enveloped email to the FPGA 112 via the third connection 128.
In this embodiment, the enveloped email is sent from the first MTA 110 to the FPGA 112 as a Serial Line communication, i.e. via a serial port through which information transfers in or out one bit at a time. In some embodiments, the enveloped email is sent from the first MTA 114 to the FPGA 112 in accordance with the Serial Line Internet Protocol (SLIP). In some embodiments, the enveloped email is exchanged using parallel data.
At step s28, the shift register 206 receives the enveloped email as a Serial Line communication, and sends the enveloped email to the first decoder 208.
At step s30, the first decoder 208 decodes the header of the envelope of the enveloped email to extract the address specified in that header. Thus, in this 20 embodiment, the first decoder 208 extracts the address of the second MTA 116 from the enveloped email.
The envelope is removed by the FPGA 112 from the enveloped email to recover the email message data.
At step s32, the first decoder 208 sends the extracted address to the 25 comparator 204. Thus, the comparator 204 receives the extracted address of the second MTA 116.
At step s34, the comparator 204 determines whether or not the extracted address received from the first decoder 208 matches the programmed address of the comparator 204. In other words, the comparator compares the address information received from the first decoder 208 to the address information with which the comparator 204 was programmed at step s12, as described earlier above with reference to Figure 4.
If the comparator 204 determines that the address information received from the first decoder 208 is the same as the programmed address, the method 5 proceeds to step s36.
However, if the comparator 204 determines that the address information received from the first decoder 208 is not the same as the programmed address, the method proceeds to step s42. Steps s42 and s44 of the process of Figure 5 will be described in more detail later below after a description of steps s36 to s40.
At step s36, responsive to determining that the address information received from the first decoder 208 is the same as the programmed address, the comparator 204 controls the switch 116 to operate in the switch's first mode of operation.
At step s38, as the switch 216 is operating in its first mode of operation, the switch 216 directs the email message data (i.e. the email having the envelope removed) to the second MTA 116. The email is sent from the switch 216 to the second MTA 116 via the fourth connection 130.
In this embodiment, the email is sent from the switch 216 to the second MTA 116 as a Serial Line communication. In some embodiments, the email is sent from the switch 216 to the second MTA 116 in accordance with the SLIP. In some embodiments, the enveloped email is exchanged using parallel data.
At step s40, the second MTA 116 sends the email message to only the delivery address of that email. Thus, in this embodiment, the email message is only sent from the second MTA 116 to the second computer 120. The email is sent from the second MTA 116 to the second computer 120 via the sixth connection 134, the second firewall 118, and the seventh connection 136.
In this embodiment, the email is sent from the second MTA 116 to the second computer 120 in accordance with the SMTP.
After step s40, the process of Figure 5 ends.
Returning now to the case where, at step s34, the comparator 204 determines that the address information received from the first decoder 208 is not the same as the programmed address, at step s42, responsive to determining that the address information received from the first decoder 208 is not the same as the programmed address, the comparator 204 controls the switch 116 to operate in the switch's second mode of operation.
At step s44, as the switch 216 is operating in its second mode of operation, the switch 216 prevents the email received from the first MTA 116 (via the third connection 128) from being sent to the second MTA 116. Thus, the 10 email message is blocked by the FPGA 112.
After step s44, the process of Figure 5 ends.
Thus, a process for transferring an email through the data communication system 100 is provided.
The MTAs and the FPGA advantageously provide a unidirectional security gateway with assured addressing between the secured computer network and the unsecured network. The unidirectional security gateway tends to allow data transfer in only a single direction and from the secured computer network to the unsecured network. Data travel from the unsecured computer network to the unsecured network tends to be prevented. Thus, the secured computer network tends to be secured against receiving unwanted or malicious data from the unsecured network. Thus, for example, a secured network may be protected from attack from an unsecured public networks while publishing information to such unsecured networks.
Use of logic blocks in the FPGA of the unidirectional security gateway advantageously tend to assure unidirectional flow data as the logic blocks of the FPGA do not include bidirectional ports.
Advantageously, the above described unidirectional security gateway tends to be physically smaller than conventional unidirectional networks. Furthermore, the above described unidirectional security gateway tends to be less costly (for example in terms of power consumption) to produce than conventional unidirectional networks.
Advantageously, the above described unidirectional security gateway tends to provide a communication protocol. In particular, data output by unidirectional security gateway has the same format as input data. For example, an input Ethernet signal tends to be output by the above described unidirectional security gateway as an Ethernet signal.
Advantageously, a "protocol break" is provided by the above described unidirectional security gateway. In particular, the format of the data is changed, and then changed back again, between the input and the output of the gateway. For example, input Ethernet data is transferred to Serial Line data and back again as is travels through the gateway. This advantageously tends to provide for improved data security compared to conventional unidirectional networks.
Advantageously, a "technology break" is provided by the above described unidirectional security gateway. The FPGA of the above described gateway is a hardware appliance through which data flows. This advantageously tends to provide for improved data security compared to many conventional unidirectional networks.
Advantageously, the above described unidirectional security gateway is programmable. It tends to be possible to reprogram the FPGA to change the address of an MTA or unsecured network to which data is permitted to travel.
Advantageously, the above described unidirectional security gateway tends to provide for the delivery of addressed data to the designated address(es). Furthermore, the delivery of addressed data to another address, i.e. a non-designated address, tends to be prevented.
Advantageously, multiple unidirectional security gateways can be implemented, for example in parallel, to assure the delivery of addressed data to the designated address(es) to multiple unsecured networks.
It should be noted that certain of the process steps depicted in the flowcharts of Figures 3 to 5 and described above may be omitted or such process steps may be performed in differing order to that presented above and shown in Figures 3 to 5. Furthermore, although all the process steps have, for convenience and ease of understanding, been depicted as discrete temporally-sequential steps, nevertheless some of the process steps may in fact be performed simultaneously or at least overlapping to some extent temporally.
In the above embodiments, data travels through the unidirectional security gateway in only one direction from the secured computer network to the unsecured network. However, in other embodiments, data travels through the unidirectional security gateway in only direction from an unsecured computer or network of computers to a secured computer or network of computers. Thus, secure data can be advantageously prevented from being distributed to an unsecure network, for example the Internet. In some embodiments, data travels through the unidirectional security gateway in only one direction from a secured computer or network of computers to a different or the same secured computer or network of computers. In some embodiments, data travels through the unidirectional security gateway in only one direction from an unsecured computer or network of computers to a different or the same unsecured computer or network of computers.
In the above embodiments, data travels from a single secured computer network to a single unsecured network. However, in other embodiments, there is a different number of secured computers or networks of computers and/or a different number of unsecured computers or networks of computers. For example, in some embodiments, data travels from multiple separate secured computer or network of computers to a single unsecured computer or network of computers. In some embodiments, data travels from a single secured computer or network of computers to multiple separate unsecured computer or network of computers. In some embodiments, data travels from multiple separate secured computer or network of computers to multiple separate unsecured computer or network of computers.
In the above embodiments, there is only a single possible destination to which the data may be delivered, namely the second computer. In the above embodiments, the comparator is programmed with a single "programmed address", and controls the switch based on a comparison of that programmed address with a delivery address of input data. In the above embodiments, the switch has two modes of operation, namely the first mode in which data is -20 -permitted to flow to its single possible destination, and the second mode in which data travel is blocked.
However, in other embodiments, there are multiple possible destinations to which the data travelling through the unidirectional security gateway may be delivered.
In some embodiments, the comparator may be programmed with multiple different "programmed addresses". The comparator may control the switch based on which of the multiple programmed addresses match a delivery address of input data.
In some embodiments, the switch may have more than two modes of operation. For example, the switch may have a mode of operation in which data travel is blocked and, in addition, may have, for each possible destination to which the data may be delivered, a further mode in which data is permitted to flow to that destination and only that destination. The switch may be switchable, for example by the comparator of the FPGA, between its modes of operation in similar fashion to that described above.
In some embodiments, multiple comparators and/or multiple switches may be implemented. For example, in some embodiments, a separate comparator and switch pair is provided for each of the multiple possible destinations to which the data travelling through the unidirectional security gateway may be delivered.
In the above embodiments, data travels in only a single direction from the first computer to the second computer. However, in other embodiments, a further unidirectional security gateway may be arranged to allow some data to travel in the opposite direction.
For example, a first unidirectional security gateway may be arranged between the first and second computers and configured to allow for unidirectional data flow from the first computer to the second computer. A second unidirectional security gateway may be arranged between the first and second computers and configured to allow for unidirectional data flow from the second computer to the first computer. For example, the second unidirectional -21 -security gateway may allow the second computer to send a receipt to the first computer in response to receiving data from the first computer. In some embodiments, the counter of a FPGA may be implemented to limit the amount of data sent between computers. For example, a counter in the second unidirectional security gateway may be implemented to limit the size of the response sent from the second computer to the first computer. For example, the counter may be configured to switch the associated switch to its "block" mode if the amount of data flowing through the second unidirectional security gateway exceeds a predefined threshold. Thus, the first computer may be protected from receiving large amounts of data.
In the above embodiments, an email message is sent between the first and second computers. However, in other embodiments, a different type of data or communication is sent between the computers or networks of computers. Such communications may include, for example, audio data, image data, video data, text data, and other data that can be communicated between computer devices or networks. The data transferred through the unidirectional gateway may include any combination of binary bits. In some embodiments, the data is a single byte. In some embodiments, the data includes one or more files of information. The data may contain encrypted information or unencrypted information. The data may include parity bits, checksums, error detection codes, error correction codes, etc.
Claims (15)
- -22 -CLAIMS1. A security gateway for controlling data flow between a first computer (104) and a second computer (120), the security gateway comprising: a data input for receiving data from the first computer (104); a data output for sending data to the second computer (120); and one or more logic blocks arranged between the data input and the data output; wherein the one or more logic blocks are configured to allow the data to flow from the data input to the data output; and the one or more logic blocks are configured to prevent the data from flowing from the data output to the data input.
- 2. A security gateway according to claim 1, wherein the one or more logic blocks form a Field Programmable Gate Array (112).
- A security gateway according to claim 1 or 2, wherein the security gateway comprises a second input configured to receive delivery address information for the data; and the one or more logic blocks are configured to: if the delivery address information for the data is the same as an address associated with the second computer (120), allow the data to flow from the data input to the data output; and if the delivery address information for the data is different to the address associated with the second computer (120), prevent the data from flowing from the data input to the data output.
- 4. A security gateway according to claim 3, wherein: -23 -the security gateway further comprises a first Message Transfer Agent (110) located at the data input; the first Message Transfer Agent (110) is configured to: receive the data from the first computer (104); using the received data. generate the delivery address information for the data; and send the generated delivery address information for the data to the one or more logic gates.to
- 5. A security gateway according to claim 3 or 4, the security gateway further comprising: a switch (216) having a first state and a second state, the first state being a state in which the switch (216) allows the data to flow from the data input to the data output, the second state being a state in which the switch (216) prevents the data from flowing from the data input to the data output; and a controller (204) configured to compare the delivery address information for the data to the address associated with the second computer (120), and control the switch (216) based on that comparison.
- 6. A security gateway according to claim 5, wherein at least one of the switch (216) and the controller (214) comprises one or more logic blocks.
- 7. A security gateway according to any of claims 1 to 6, the security gateway further comprising: a third input configured to receive information specifying an address associated with the second computer (120); and -24 -means for modifying a configuration of the one or more logic blocks based the received information specifying the address associated with the second computer (120).
- 8. A security gateway according to claim 7, wherein: the security gateway further comprises a second Message Transfer Agent (116) located at the data output; the second Message Transfer Agent (116) is configured to: generate the information specifying an address associated with the second computer (120); and send the generated information specifying an address associated with the second computer (120) to the means for modifying the configuration of the one or more logic blocks.
- 9. A security gateway according to any of claims 1 to 8, wherein: the security gateway further comprises a first Message Transfer Agent (110) located at the data input; and the first Message Transfer Agent (110) is configured to: receive the data in a first data format from the first computer (104); convert the received data into a second data format, the second data format being different to the first data format; and send the data in the second data format to the one or more logic gates.
- 10. A security gateway according to any of claims 1 to 9, wherein: the security gateway further comprises a second Message Transfer Agent (116) located at the data output; and the second Message Transfer Agent (116) is configured to: -25 -receive the data in a second data format from the one or more logic blocks; convert the received data into a first data format; the first data format being different to the second data format; and output, for use by the second computer (120), the data in the first data format.
- 11. A security gateway according to claim 9 or 10, wherein the second data format is a Serial Line data format.
- 12. A security gateway according to any of claims 1 to 11, the security gateway further comprising: a counter (214) configured to determine an amount of data traffic through the one or more logic blocks; and means for controlling a flow of data through the one or more logic blocks using the determined amount of data traffic.
- 13. A security gateway according to claim 12, wherein the means for controlling a flow of data through the one or more logic blocks is configured to: if the determined amount of data traffic is less than a threshold amount, allow the data to flow from the data input to the data output; and if the determined amount of data traffic is greater than or equal to than a threshold amount, prevent the data from flowing from the data input to the data output.
- 14. A system comprising: a first computer (104); a second computer (120); and -26 -a security gateway connected between the first computer (104) and the second computer (120), the security gateway being in accordance with any of claims 1 to 13.
- 15. A method for controlling data flow between a first computer (104) and a second computer (120), the method comprising: providing a data input for receiving data from the first computer (104); connecting the first computer (104) to the data input; providing a data output for sending data to the second computer (120); connecting the second computer (120) to the data output; arranging one or more logic blocks between the data input and the data output; causing data to flow through the one or more logic blocks from the data input to the data output; and preventing, by the one or more logic blocks, data from flowing from the data output to the data input.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB1509046.7A GB2538952A (en) | 2015-05-27 | 2015-05-27 | Security gateway |
PCT/GB2015/051808 WO2016189264A1 (en) | 2015-05-27 | 2015-06-22 | Security gateway |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB1509046.7A GB2538952A (en) | 2015-05-27 | 2015-05-27 | Security gateway |
Publications (2)
Publication Number | Publication Date |
---|---|
GB201509046D0 GB201509046D0 (en) | 2015-07-08 |
GB2538952A true GB2538952A (en) | 2016-12-07 |
Family
ID=53540945
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB1509046.7A Withdrawn GB2538952A (en) | 2015-05-27 | 2015-05-27 | Security gateway |
Country Status (1)
Country | Link |
---|---|
GB (1) | GB2538952A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11438307B2 (en) | 2019-02-07 | 2022-09-06 | AO Kaspersky Lab | Systems and methods for configuring a gateway for protection of automated systems |
US11546367B2 (en) | 2019-02-07 | 2023-01-03 | AO Kaspersky Lab | Systems and methods for protecting automated systems using a gateway |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100290476A1 (en) * | 2009-05-18 | 2010-11-18 | Tresys Technology, Llc | One-Way Router |
US20120179852A1 (en) * | 2010-09-09 | 2012-07-12 | Mcevoy Gerald R | One-way bus bridge |
-
2015
- 2015-05-27 GB GB1509046.7A patent/GB2538952A/en not_active Withdrawn
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100290476A1 (en) * | 2009-05-18 | 2010-11-18 | Tresys Technology, Llc | One-Way Router |
US20120179852A1 (en) * | 2010-09-09 | 2012-07-12 | Mcevoy Gerald R | One-way bus bridge |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11438307B2 (en) | 2019-02-07 | 2022-09-06 | AO Kaspersky Lab | Systems and methods for configuring a gateway for protection of automated systems |
US11546367B2 (en) | 2019-02-07 | 2023-01-03 | AO Kaspersky Lab | Systems and methods for protecting automated systems using a gateway |
Also Published As
Publication number | Publication date |
---|---|
GB201509046D0 (en) | 2015-07-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10938937B2 (en) | Multi-datacenter message queue | |
EP3286896B1 (en) | Scalable intermediate network device leveraging ssl session ticket extension | |
US9596075B2 (en) | Transparent serial encryption | |
US20180278588A1 (en) | Hardware-accelerated secure communication management | |
US9553847B2 (en) | Virtual desktop accelerator with support for multiple cryptographic contexts | |
US9137139B2 (en) | Sender-specific counter-based anti-replay for multicast traffic | |
US20070245413A1 (en) | Trusted Cryptographic Switch | |
US10826876B1 (en) | Obscuring network traffic characteristics | |
US9083528B2 (en) | Authentication of encrypted data blocks | |
AU2018231407A1 (en) | Methods and devices for providing cyber security for time aware end-to-end packet flow networks | |
US10200155B2 (en) | One-way data transmission apparatus, one-way data reception apparatus, and one-way data transmission/reception method using the same | |
GB2538952A (en) | Security gateway | |
Owens et al. | Explicit routing in software-defined networking (ersdn): Addressing controller scalability | |
WO2017088460A1 (en) | Service packet transmission control method, device and system | |
WO2016189264A1 (en) | Security gateway | |
Rao et al. | An FPGA‐based reconfigurable IPSec AH core with efficient implementation of SHA‐3 for high speed IoT applications | |
Carnevale et al. | An implementation of the 802.1 AE MAC Security Standard for in-car networks | |
Shreejith et al. | Zero latency encryption with FPGAs for secure time-triggered automotive networks | |
KR20180028648A (en) | Apparatus for one-way data transmission, apparatus for one-way data reception, and one-way data transmission method for using the same | |
US20180262473A1 (en) | Encrypted data packet | |
ES2596533B1 (en) | METHOD AND SECURITY SYSTEM IN REDUNDANT ETHERNET RINGS | |
US20170005992A1 (en) | Secure message transmission using dynamic segmentation and encryption | |
Korona et al. | High-performance FPGA architecture for data streams processing on example of IPsec gateway | |
Lorunser et al. | Security processor with quantum key distribution | |
CN116781248A (en) | Encryption method, encryption device and key management system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WAP | Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1) |