Dimitri Kamgang Teguia hat seine Bachelorarbeit an der TU Clausthal erfolgreich abgeschlossen. Das Thema seiner Arbeit lautet: “Design and Implementation of a Modular Software Solution for Enabling One-Way Communication Over Data Diodes in OT Networks“.
Abstrakt:
With the advancement of technology, there has been a significant shift towards digitalization in Operational Technology (OT) infrastructures. This increasing digitalization has unlocked valuable benefits such as enhanced data collection, real-time monitoring, predictive maintenance,and precise control over industrial processes. However, this exposes OT systems to cybersecurity threats, necessitating heightened security measures. One effective approach is isolating OT networks from external access using data diodes , allowing data transmission in only one direction, from OT to Information Technology (IT) networks, safeguarding OT networks from external threats. Using a data diode, however, brings the challenge of using unreliable communication protocols, since, the usage of more reliable bidirectional protocols is impossible.
This thesis addresses the challenge of ensuring reliable unidirectional communication over a data diode when employing the inherently unreliable User Datagram Protocol (UDP). We tackle two primary issues with UDP: out-of-order packet delivery and packet loss. To address out-of-order delivery, we assign sequence numbers to packets and temporarily store out-of-order arrivals for later correction of the order. Additionally, we implement a Forward Error Connection (FEC) mechanism to mitigate packet loss during transmission. Moreover, we use Queuing Theory to design a Queueing Model that is used to ensure low probability of packet loss that may result from the receiver being overwhelmed.
Through these measures, the implemented software solution guarantees highly reliable data transmission via a data diode while optimizing its bandwidth utilization. This thesis contributes to the field of industrial cybersecurity and data diode technology, providing a robust solution for secure OT-IT data exchange.
