Team101-logo

Our portfolio of services is provided by a team of skilled and qualified experts, who have in-depth knowledge of security principles and processes, a comprehensive understanding of your vertical, experience in developing intricate projects, and adherence to Security 101’s core values of fanatical customer service and integrity.

Protecting electronic access control systems field devices from attacks with OSDP

Light
Mode

Dark
Mode

Protecting-electronic-access-control-systems-field-devices-from-attacks-with-OSDP

One of the main priorities of any organization is to protect people and possessions by preventing unauthorized access to premises. This challenge can be solved with the implementation of first-class electronic access control systems (ACS), which are an effective technology to authenticate the identity of an individual and control entry and exit to specific areas of a building.

In like manner, paying attention to the security of the ACS itself is imperative, as cyber criminals know exactly how to use weak access control solutions to penetrate deep into commercial networks. Hence, it is necessary to use the appropriate communication standard and adhere to the best security practices to eliminate this threat vector and reduce the possibility of a cyberattack.

Currently, the Open Supervised Device Protocol (OSDP) Version 2 is the optimum communication standard to be utilized for access control installations. OSDP V1 was first created by HID Global, Mercury Security, and Lenel in 2008. Then, new functionality was added in 2012 when the Security Industry Association (SIA) took ownership of it.

The supplemental features made OSDP an unparalleled alternative, compared to the insecure, obsolete Weigand protocol that allows assaults via skimming, eavesdropping, and relay attacks.

The improved, cyber-secure OSDP edition goes beyond increased functionality and interoperability, offering organizations:

  • Secure channel encryption and authentication formula.
  • Real encryption, not just disorganized data. Advanced channel encryption protects the transmission of data traveling to the controller and data returning to the reader.
  • Two-way communications.
  • The option to support the high-end American Encryption Standard (AES) required in federal government facilities with a 128-bit key.
  • Smart card communication, including modern technologies like DESFire EV2.
  • Biometric template validation.
  • Enhanced device control.

Secure channel, used by OSDP, helps electronic access control systems create a secure session by using several initialization messages to authenticate and establish a set of keys. If controllers and readers do not find a match, the communication link is deemed an attack vector. Moreover, with this gold standard, the card security logic is transferred from the reader into the panel on the secure side of the door.

More cybersecurity considerations

To support the effectiveness of OSDP regarding cybersecurity, it is important to:

Choose tamperproof readers:
Ideally, readers should be designed to shut down, if any unauthorized person attempts to disconnect them from their wiring or pull them off the wall. Also, the system should not allow the substitution of a reader with a new device without authorization from the software platform.

Deploy updates to firmware as soon as they are available to incapacitate cybercriminals from leveraging known vulnerabilities:
This best practice is facilitated by utilizing the OSDP protocol. Since readers and controllers have bidirectional communications, updates can be pushed directly to readers, guaranteeing that changes are done more quickly and frequently to help readers stay current and protected.

Using sophisticated smart cards:
13.56 MHz smart cards (DESFire EV2 technology) can prevent cloning and cyberattacks. Specifically, DESFire EV2 allows security teams to modify their encryption key without affecting the system infrastructure.

The first line of defense against intruders is created with a modern access control system that uses the Open Supervised Device Protocol. OSDP, due to its encryption and two-way communication characteristics, it can protect the integrity of the ACS by authenticating the communications between the field device and the control panel.