Security Business

FEB 2019

Find news and information for the executive corporate security director, CSO, facility manager and assets protection manager on issues of policy, products, incidents, risk management, threat assessments and preparedness.

Issue link:

Contents of this Issue


Page 23 of 59

24 Security Business / / February 2019 Tech Trends BY BRIAN COULOMBE OSDP: The Awareness Campaign Support for the access control standard is growing among integrators, but there is still a ways to go At the recent CONSULT conference in Nashville, I had the opportunity to sit in on a lively discussion on the use of the Security Industry Association (SIA)’s Open Supervised Device Protocol (OSDP) standard for access control. In attendance were representatives from some of the industry’s largest manufacturers of access control hardware, including HID, LenelS2 and Farpointe Data. The underlying message of the roundtable panel discussion – which was moderated by cybersecurity consultant Rodney Thayer and included Scott Lindley of Farpointe, Dean Forchas of HID, David Weinbach of LenelS2 and Steve DeArruda of consultant Business Protection Specialists – was simply this: If you are not aware of and actively specifying OSDP, you are potentially doing your clients a disservice. While I was an early adopter of the technology in my own designs, it was still eye-opening to listen to those responsible for the evolution of OSDP discuss its many benefits – some of which, I was admittedly unaware of. The End of Wiegand Simply put, OSDP is an access control communications standard that finally – and mercifully – replaces Weigand. With all due respect to John Weigand, the standard that carries his namesake was long overdue for some improvements. First, Weigand is an unsupervised, one-way communication protocol. Without bi-directional communications, there is no way to interact with a card reader from a head-end workstation – meaning that routine tasks like firmware updates and configuration changes need to be done at the reader. By today’s standards, Wiegand protocol is also incredibly insecure. Hackers have repeatedly shown the ability to exploit Weigand devices and extract data; in fact, at a recurring educational session at ISC West, attendees can see for themselves how easy it is to do – just check out “Hacked in 60 Seconds,” an educational session at ISC West presented by Tony Diodato, CTO of Cypress Integration Solutions and Babak Javadi of the CORE Group at Benefits of OSDP Developed by a consortium of industry experts formed by SIA, OSDP has been developed from the ground up to be interoperable, highly secure and bi-directional. Communications between the card reader and the panel support up to AES-128 encryption, and can be monitored to ensure wiring or field devices have not been tampered with. Readers can be remotely programmed from an OSDP-compliant head-end, reducing costly trips to the field. The technology is supportive of biometrics and smart card applications. OSDP also uses the equivalent of RS-485 wiring, which is widely available and comes with the added benefit of greater cabling distances. Readers can be daisy-chained, which may prove useful when multiple readers are located at the same opening. If non-RS-485 legacy wiring is in place, it is likely that the OSDP protocol will still work as long as four conductors are available – although potentially at a reduced maximum cable distance. An increasing number of access control panel manufacturers are supporting OSDP technology. Perhaps most notably, Mercury Security was an early adopter and has since implemented OSDP capabilities in the newest version of panels, commonly referred to as the “Red Boards.” Other proprietary panel manufacturers, including Software House (Johnson Controls Security Products) and AMAG have also incorporated the technology. Before considering an OSDP implementation, consult with your own service provider or panel manufacturer to confirm compatibility. "While I was an early adopter of the technology in my own designs, it was still eye-opening to listen to those responsible for the evolution of OSDP discuss its many benefits – some of which, I was admittedly unaware of."

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Business - FEB 2019