Security Business

JUL 2019

Find news and information for the executive corporate security director, CSO, facility manager and assets protection manager on issues of policy, products, incidents, risk management, threat assessments and preparedness.

Issue link: https://sdi.epubxp.com/i/1141282

Contents of this Issue

Navigation

Page 28 of 108

28 Security Business / www.SecurityInfoWatch.com / July 2019 Access Control Demystifying OSDP How the Open Supervised Device Protocol can improve access control, security and operational efficiency By Brandon Arcement The advancement of physical access control technology continues to evolve as new threats emerge, vulnerabilities are identified, security protocols are updated, and requirements for integration increase. The standards governing the development and testing of physical access control systems (PACS) have also evolved to improve security and product interoperability. An example is the Open Supervised Device Protocol (OSDP), introduced 10 years ago as an alternative to the antiquated and vulnerable clock-and-data and Wiegand protocols. Although upgrading to access control systems that adhere to OSDP standards is a significant initiative, it dramatically enhances overall security while delivering increased flexibility and operational efficiency for the long term. Integrators who understand the benefits of OSDP can also help their customers support both current and future technology requirements. Overcoming Vulnerabilities and Challenges In the early 1980s, clock-and-data and Wiegand protocols were widely adopted as the de facto standard for interoperability between access control readers and physical access controllers. They were later formalized and adopted into industry standards by the Security Industry Association (SIA) in the 1990s. There were weaknesses, though, including the lack of encryption protocol to protect from “man in the middle” attacks and vulnerabilities from reader to controller. Also, the retrofitting installation alongside a legacy system is complicated for integrators and expensive for organizations, as most readers require dedicated home-run wiring. Extensive wiring on a large-scale project, such as a school or corporate campus, results in considerable – often prohibitive – costs for installation of a PACS. These weaknesses pushed the security industry to adopt a new protocol. The OSDP access control communications standard was developed by Mercury Security and HID Global in 2008, and donated, free of intellectual property, to SIA to improve interoperability among access control and security products. Why Implement OSDP? OSDP is the only protocol that is secure and open for communication between readers and controllers that is being widely adopted by leading reader and controller manufacturers. It is an evolving, “living standard” – making it a safer, more robust, future-proof option. OSDP offers important benefits: Increased Security – OSDP with Secure Channel Protocol (SCP) supports AES-128 encryption that is required in U.S. federal government applications. Additionally, OSDP constantly monitors wiring to protect against tampering, removing the guesswork since the encryption and authentication are predefined. Bidirectional Communication – Early on, communication protocols such as Wiegand were unidirectional, with external card readers sending information one way to a centralized access control platform. OSDP has transformed the ability for information to be collected, shared and acted on with bidirectional communication for configuration, status monitoring, tampering and malfunction detection, and other valuable functions. Open and Interoperable – OSDP supports IP communications and point-to-point serial interfaces, enabling customers to flexibly enhance system functionality as needs change and new threats emerge. They can proactively add new technology that enhances their ability to protect incoming and outgoing data collection through a PACS. OSDP's two wires vs. a potential of 11 with Wiegand allows for multi-drop installation, supervised connections to indicate reader malfunctions, and scalability to connect more field devices.

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Business - JUL 2019