Authors

Peter Story (Clark University)

Abstract

Journalists and other high-risk populations must protect themselves from powerful adversaries. For example, journalists using SecureDrop open potentially malicious documents on an air-gapped workstation to protect themselves from data exfiltration. However, transferring documents across an air-gap is inconvenient, and challenging to do securely. We propose using a “data diode,” a unidirectional network device, to navigate an air-gap securely and conveniently. Unfortunately, proprietary off-the-shelf data diodes are prohibitively expensive, with prices in the thousands of dollars. First, we survey solutions for using commodity hardware to build a cost-effective data diode. Then, we build a data diode for less than $80. Next, we describe the performance and reliability of transferring data across the device. We test existing software to identify settings that enable reliable data transfers. We also describe our prototype software, pydiode, which transfers data reliably at higher speeds than the other software we tested. Finally, we explain next steps to prepare data diodes for deployment to newsrooms.

Download

PDF