1 research outputs found
Unidirectional Secure Information Transfer via RabbitMQ
Protecting computer systems handling possible sensitive information is of the
utmost importance. Those systems are typically air-gapped with data diodes to
assure that no information can physically flow back. Traditional computer
protocols like HTTP or SOAP which are normally used to transport information
between computers are typical bi-directional communication protocols and are
thus unsuitable to be used over a data diode. Currently the only commercially
available protocols over a data diode sold by vendors are file-based protocols.
Other protocols can be custom made but are expensive and proprietary. There are
currently no open source solutions to stream data in a generic way over a data
diode other than those file-based solutions. Purpose of the dissertation is to
research if open source technology can be used to mirror the contents of a
messagebus over a data diode to get a cost effective security-proof and almost
maintenance-free solution. and to further research if this technology can be
used to transfer not only plain text data but also data sensitive by nature by
using end-to-end encryption so that this information could even be admitted as
evidence. Method used to validate the research is a practical case study that
shows how a sensor stream can send unencrypted and encrypted events over a data
diode of arbitrary size via a message bus which are transparently and securely
transferred and re-emitted internally without any kind of configuration
management. Results show that it is indeed possible to successfully mirror data
from a Message Bus over a data diode and it is thus worthwhile to further
invest in this technology