Jaroslav Barton of HID Global examines how the OSDP can help to improve security and operational efficiency.
The advancement of physical access control technology continues to evolve as new threats emerge, vulnerabilities are identified, security protocols are updated and requirements for integration increase. The standards governing the development and testing of physical access control systems (PACS) have also evolved to improve security and product interoperability. An example is the Open Supervised Device Protocol (OSDP), introduced 10 years ago as an alternative to the antiquated and vulnerable Clock-and-Data and Wiegand protocols. Since then, it has been adopted as a standard by the Security Industry Association (SIA) and in 2020 became an International Electrotechnical Commission (IEC) standard.
Although upgrading to access control systems that adhere to OSDP standards is a significant initiative, it dramatically enhances overall security while delivering other advantages including increased flexibility and operational efficiency for the long term. Integrators who understand the benefits of OSDP can also help their customers support both current and future technology requirements.
Overcoming vulnerabilities and challenges
In the early 1980s, Clock-and-Data and Wiegand protocols were widely adopted as the de facto standard for interoperability between access control readers and physical access controllers. Those de facto standards were later formalised and adopted into industry standards by the Security Industry Association in the 1990s. There were weaknesses, though, including the lack of encryption protocol to protect from “man in the middle” attacks and vulnerabilities from reader to controller. Also, retrofitting installation alongside a legacy system is complicated for integrators and expensive for organisations, as most readers require dedicated home-run wiring. Extensive wiring on a large-scale project, such as a school or corporate campus, results in considerable — often prohibitive — costs for installation of a PACS.
These weaknesses pushed the security industry to adopt a new protocol. OSDP, an access control communications standard, was developed by Mercury Security and HID Global in 2008 and donated, free of intellectual property, to the Security Industry Association (SIA) to improve interoperability among access control and security products.
Why implement OSDP as a standard?
OSDP is the only protocol that is secure and open for communication between readers and controllers and is also being widely adopted by industry-leading reader and controller manufacturers. It is an evolving, ‘living standard,’ making it a safer, more robust, future-proof option for governing physical access control systems. OSDP offers important benefits:
Implementing OSDP standards can increase security, as OSDP with Secure Channel Protocol (SCP) supports AES-128 encryption that is required in US federal government applications. Additionally, OSDP constantly monitors wiring to protect against tampering, removing the guesswork since the encryption and authentication are predefined.
Early on, communication protocols such as Wiegand were unidirectional, with external card readers sending information one way to a centralised access control platform. OSDP has transformed the ability for information to be collected, shared and acted upon with the addition of bidirectional communication for configuration, status monitoring, tampering and malfunction detection and other valuable functions.
Open and interoperable
OSDP supports IP communications and point-to-point serial interfaces, enabling customers to flexibly enhance system functionality as needs change and new threats emerge. They also can proactively add new technology that enhances their ability to protect incoming and outgoing data collection through a physical access control system.
Reduced installation costs
OSDP’s use of two wires (as compared to a potential of 11 wires with Wiegand) allows for multi-drop installation, supervised connections to indicate reader malfunctions and scalability to connect more field devices. Daisy-chaining accommodates many readers connected to a single controller, eliminating the need to run home-run wiring for each reader and the use of a four-conductor cable achieves up to 10x longer distances between reader and controller than Wiegand while also powering the reader and sending/receiving data.
OSDP gives credential holders greater ease of use, with audio and visual feedback such as coloured lights, audible beeps and the ability to display alerts on the reader. For security administrators, managing and servicing OSDP-enabled readers also becomes increasingly convenient, as OSDP-enabled readers can be remotely configured from network-connected locations. Users can poll and query readers from a central location, eliminating the cost and time to physically visit and diagnose malfunctioning devices.
Unlimited application enhancements
OSDP supports advanced smartcard technology applications, including PKI/FICAM and biometrics and other enhanced authentication protocols used in applications that require Federal Information Processing Standards (FIPS) compliance and interactive terminal capabilities. Audio-visual user feedback mechanisms provide a rich, user-centric access control environment.
OSDP offers advantages for users, administrators and integrators, alike. It adds security and real-world efficiencies and its interoperability ensures that organisations can utilise systems from numerous manufacturers as they invest in infrastructure that maximises protection of critical data. In a campus environment, OSDP streamlines installations and upgrades while saving organisations the expense of replacing readers if a new access control solution is implemented.
There are also service and maintenance benefits as OSDP encourages continuous monitoring of system uptime and allows for remote configuration of, or upgrades to, a reader. Integrators can also capitalise on the introduction of OSDP by encouraging open standards, which can, in turn, help them build new customer relationships and win more projects.
To find out more information, visit: https://www.hidglobal.com/
This article was originally published in the September edition of Security Journal UK. To read your FREE digital copy, click here.