May 2009


This whitepaper shows how Isode applications can be used in conjunction with a Data Diode to give high assurance one way flow of data.

Creative Commons License

One Way Data Transfer

Data Diodes are low level hardware devices, with very high assurance, that allow data to flow in one direction while preventing data from flowing in the opposite direction.

A common security setup will allow information to flow from a lower security domain to a higher, as shown above, but will absolutely prohibit flow of information in the reverse direction. This simple policy gives a high assurance against data leaks.

This white paper shows how Isode applications can be used in conjunction with a Data Diode to give high assurance one way flow of data.

How a Data Diode Works

A Data Diode is implemented by use of a physical connection that ensures there is absolutely no return path for data. It provides a one way IP packet switch, and would normally include a number of built in applications that can make use of this IP switching. From an application perspective, the key capability of the Data Diode is that IP packets flow in one direction and do not come back again.

Isode Applications

The one way nature of a Data Diode means that it is generally not useful for client/server applications to work over a Data Diode, as they are invariably interactive. Server to server protocols make more sense. The following Isode applications can potentially be run over a Data Diode and are discussed in more detail below:

  • Messaging (Store and Forward):
    • STANAG 4406 (X.400) Formal Messaging
    • Internet Messaging
  • Directory Replication
  • File Transfer
  • XMPP Instant Messaging & Presence, supporting Presence, IM, and Group Chat.

All of these applications provide value with one way data flow.

Messaging & ACP 142

Messaging is a core application. Most standardized message transfer protocols such as SMTP and X.400 are based on TCP which needs a two way flow of data, and could not be used over a Data Diode. ACP 142, implemented by Isode and designed for support of Satellite and Radio, maps onto UDP (User Datagram Protocol) over IP. This architecture and Isode's implementation is described in [Military Messaging over HF Radio and Satellite using STANAG 4406 Annex E].

ACP 142 supports one way transfer to deal with EMCON (Emission Control) situations where a recipient is in radio silence. This is ideal for Data Diode use, and needs the following application considerations:

  • EMCON mode normally retransmits the data a number of times to ensure reception. As Data Diode transfer is highly reliable, this retransmission number can be configured to be zero or a very small number.
  • Standard ACP 142 expects messages to be acknowledged at a later stage when the remote system comes out of EMCON. If this does not happen, a non-delivery report is sent to the originator. For use with Data Diode, the ACP 142 procedure needs to be modified so that the message is treated as reliably transferred, after the configured number of transmissions is complete.

NATO has standardized transfer of STANAG 4406 Messages over ACP 142 in Annex E of STANAG 4406, and Isode supports this.

Isode has also defined a way to use ACP 142 to transfer Internet Mail. This is described in the Isode white paper [Messaging Protocols for HF Radio].

File Transfer by Email

Messaging provides a reliable multicast infrastructure, and this makes a useful building block for other applications. To provide this service to other applications, Isode offers a File Transfer by Email channel as a part of its M-Switch product (further information on this given in the Isode whitepaper [File Transfer by Email]. This is designed for use by applications transferring files, and includes handling of delivery acknowledgements (which would not be used with Data Diode). Directory Replication and applications such as database replication are a key target for this capability. This can operate over Data Diode using messaging.

Directory Replication

Directory Replication is built over File Transfer by Email. This is described in the Isode White Paper [Directory Replication by Email and over 'Air Gap']. This operates over the Data Diode, using messaging.


XMPP is important for Government and Military provision of Instant Messaging, Group Chat and Presence. XMPP operates over TCP and so is unsuitable for direct operation over Data Diode. Isode plans to extend it’s M-Link product to operate over UDP, to support operation over Satellite and Radio. The planned architecture for low-bandwidth XMPP is described here. This operation over UDP will also enable operation over Data Diode, so that XMPP messages and presence status can be sent over Data Diode.


Data Diodes are vital in areas where an assurance of one-way information flow is required. Isode Messaging (both STANAG 4406 Formal Messaging and Internet Messaging), Directory Replication, File Transfer and XMPP applications can run over a Data Diode and provide value in situations where one-way data flow is required.