1. Patent Search
  2. Details

TRANSMISSION DEVICE FOR TRANSMITTING DATA

20230051229 · 2023-02-16

    Inventors

    Cpc classification

    International classification

    Abstract

    A transmitting data between a real first network and a real second network is provided. The transmission device has a first network port for coupling to the real first network and a second network port for coupling to the real second network and also comprises: a simulation unit which is connected to the first network port and which is configured to receive network-specific data from the real first network via the first network port, to provide, in accordance with the received network-specific data, a virtual simulation network of the real first network, and to prepare the provided virtual simulation network, via the second network port, for access to the provided virtual simulation network by the real second network. The transmission device provided allows an attacker to be deliberately deceived, which increases security against attempts to access the real first network from the real second network.

    Claims

    1. A transmission device for transmitting data between a real first network and a real second network, wherein the transmission device has a first network port for coupling to the real first network and a second network port for coupling to the real second network and also comprises: a simulation unit, connected to the first network port, which is configured to receive network-specific data from the real first network via the first network port, to provide a virtual simulation network of the real first network in accordance with the network-specific data received, and to prepare the provided virtual simulation network, via the second network port, for access to the provided virtual simulation network from the real second network.

    2. The transmission device as claimed in claim 1, wherein the simulation unit is also configured to simulate the virtual simulation network in accordance with at least three different simulation levels.

    3. The transmission device as claimed in claim 2, wherein the simulation unit is configured, depending on the network-specific data received, to simulate the virtual simulation network in a first simulation level of the at least three different simulation levels by at least one network topology of the real first network, in a second simulation level of the at least three different simulation levels by at least one layer of a network protocol and/or a display of a service based on the real first network, and in a third simulation level of the at least three different simulation levels by at least one content-plausible web page based on the real first network.

    4. The transmission device as claimed in claim 1, wherein the transmission device further comprises a configuration unit, which is configured to receive network-specific data from the real first network via the first network port, to analyze the data and to use the analyzed network-specific data as configuration data for configuring the virtual simulation network.

    5. The transmission device as claimed in claim 4, wherein the configuration unit is further configured to configure the virtual simulation network automatically using the configuration data at least at a specific point in time, the at least one specific point in time comprising a point in time during the operation of the simulation unit.

    6. The transmission device as claimed in claim 4, wherein the transmission device is configured to run the simulation unit and the configuration unit in parallel.

    7. The transmission device as claimed in claim 1, wherein the transmission device configured to receive the data from the real first network via a network switch arranged between the real first network and the first network port, wherein at least one input of the network switch is connected to the real first network for data transmission and a mirror port implemented as an output of the network switch is connected to the first network port for data transmission.

    8. The transmission device as claimed in claim 1, wherein the transmission device is configured to carry out data transmission between the real first network and the real second network in a transmission layer, layer 2 according to the OSI/ISO Layer model.

    9. The transmission device as claimed in claim 1, wherein the real first network comprises a control network, and the real second network comprises a diagnostic network, a local network, or the internet.

    10. The transmission device as claimed in claim 1, wherein the transmission device is partially or completely configured as a unidirectional data diode, as a firewall, or as a gateway.

    11. The transmission device as claimed in claim 1, wherein the transmission device is configured to provide the real second network with a routing table comprising a plurality A of IP addresses of nodes of the real first network.

    12. The transmission device as claimed in claim 1, wherein the transmission device is configured to provide the real second network with at least one specific IP address of a specific node of the real first network.

    13. The transmission device as claimed in claim 11, wherein the network-specific data comprises measured values, at least a number T of nodes of the real first network, operating states of nodes of the real first network and/or a technical process executed by at least one node of the real first network.

    14. The transmission device as claimed in claim 4, wherein at least the simulation unit, the configuration unit the first network port and the second network port are implemented in a common housing.

    Description

    BRIEF DESCRIPTION

    [0068] Some of the embodiments will be described in detail, with reference to the following figures, wherein like designations denote like members, wherein:

    [0069] FIG. 1 shows a schematic block diagram of a first embodiment of a transmission device for transmitting data; and

    [0070] FIG. 2 shows a schematic block diagram of a second embodiment of a transmission device for transmitting data.

    DETAILED DESCRIPTION

    [0071] FIG. 1 shows a schematic block diagram of a first embodiment of a transmission device 1 for transmitting data between a real first network RNW1 comprising a production network, for example, and a real second network RNW2 comprising a local network, for example. This transmission of data is carried out in particular in a transmission layer, layer 2 according to the OSI/ISO Layer model. In another embodiment, the real first network RNW1 can comprise a railway safety network, while the real second network RNW2 comprises the internet.

    [0072] In FIG. 1, the transmission device 1 is formed completely as a unidirectional data diode. In another embodiment, the transmission device 1 may be partially or completely designed as a firewall (not shown) or as a gateway (not shown).

    [0073] The transmission device 1 has a first network port P1 for coupling to the real first network RNW1 and a second network port P2 for coupling to the real second network RNW2. In addition, the transmission device 1 comprises a simulation unit 2.

    [0074] The simulation unit 2 is connected to the first network port P1, which is configured to receive network-specific data from the real first network RNW1 via the first network port P1, to provide a virtual simulation network VSN of the real first network RNW1 in accordance with the network-specific data received, and to prepare the provided virtual simulation network VSN, via the second network port P2, for access to the provided virtual simulation network VSN from the real second network RNW2.

    [0075] The network-specific data comprises in particular measured values, such as pressure and/or temperature of nodes of the real first network RNW1, or at least a number of T of nodes of the real first network RNW1. In embodiments, the network-specific data may also comprise operating states of nodes of the real first network RNW1, or a technical process that is executed by at least one node of the real first network RNW1.

    [0076] In particular, the simulation unit 2 is configured to simulate the virtual simulation network VSN in accordance with at least three different simulation levels.

    [0077] The simulation unit 2 is configured, in accordance with the network-specific data received, to simulate the virtual simulation network VSN in a first simulation level by at least one network topology of the real first network RNW1, and in a second simulation level by at least one layer of a network protocol and/or a display of a service on the basis of the real first network RNW1. The simulation unit 2 is also configured, in accordance with the received network-specific data, to simulate the virtual simulation network VSN in a third simulation level by at least one content-plausible web page based on the real first network RNW1.

    [0078] FIG. 1 also shows a network switch 4 arranged between the real first network RNW1 and the first network port P1.

    [0079] The transmission device 1 in this case is configured to receive the data from the real first network RNW1 via the network switch 4. At least one input of the network switch 4 is connected to the real first network RNW1 for data transmission. A mirror port SP designed as an output of the network switch 4 is connected to the first network port P1 for transmitting data.

    [0080] In embodiments, the transmission device 1 may be configured to provide the real second network RNW2 with a routing table comprising a plurality A of IP addresses of nodes of the real first network RNW1. The transmission device 1 is also configured to provide the second RNW2 network with at least one specific IP address of a specific node from the real first network RNW1.

    [0081] FIG. 2 shows a schematic block diagram of a second embodiment of a transmission device 1 for transmitting data. The second embodiment comprises all the features of the first embodiment. In addition, the transmission device 1 of the second embodiment in FIG. 2 comprises a configuration unit 3, which is connected to the simulation unit 2, and a CPU 5 in which the simulation unit 2 and the configuration unit 3 are implemented.

    [0082] The configuration unit 3 is configured to receive network-specific data from the real first network RNW1 via the first network port P1, to analyze this data and to use the analyzed network-specific data as configuration data for configuring the virtual simulation network VSN.

    [0083] In the second embodiment, the transmission device 1 comprising at least the simulation unit 2, the configuration unit 3, the first network port P1 and the second network port P2 are also implemented in a common housing 6.

    [0084] The configuration unit 3 is further designed to configure the virtual simulation network VSN automatically at least at a specific point in time using the configuration data. The specific point in time includes in particular a point in time during the operation of the simulation unit 2.

    [0085] In an embodiment, the transmission device 1 is configured to run the simulation unit 2 and the configuration unit 3 in parallel.

    [0086] Although the present invention has been disclosed in the form of preferred embodiments and variations thereon, it will be understood that numerous additional modifications and variations could be made thereto without departing from the scope of the invention.

    [0087] For the sake of clarity, it is to be understood that the use of “a” or “an” throughout this application does not exclude a plurality, and “comprising” does not exclude other steps or elements.

    LIST OF REFERENCE SIGNS

    [0088] 1 transmission device [0089] 2 simulation unit [0090] 3 configuration unit [0091] 4 network switch [0092] 5 CPU [0093] 6 housing [0094] P1 first network port [0095] P2 second network port [0096] RNW1 real first network [0097] RNW2 real second network [0098] SP mirror port [0099] VSN virtual simulation network