March 2, 2020
The security of many physical access control systems today is below accepted industry guidelines, making them vulnerable to over-the-counter exploits. But, adoption of the SIA Open Supervised Device Protocol (OSDP) is increasing, and expected to lead to enhanced security and flexibility for access control in the future.
In a presentation later this month at ISC West, Jeremy Fromm, business development manager with HID Global’s Mercury Security, will present with others on how SIA OSDP will help solve the current vulnerabilities inherent in legacy protocols
ISC Security News caught up with Fromm for details on the presentation.
ISC Security: Can you briefly define and explain what OSDP is?
Jeremy Fromm: OSDP stands for Open Supervised Device Protocol and is currently managed and maintained by the Security Industry Association (SIA). OSDP is a standard / protocol that enables communication between a card reader and an access control controller.
Why should OSDP be adopted broadly?
Other reader-to-controller communication standards are very outdated and provide little in area of security and encryption. OSDP breaks down those barriers and provides the ability for supervision, encryption, more robust management of devices, and far greater functionality.
The session is called “The promise of OSDP.” What are some of the benefits of OSDP?
The key benefits of OSDP are:
- Added functionality and more control for things like controlling LEDs / buzzers, enrolling biometrics, and displaying text or messages on devices
- More interoperability between hardware vendors, which simplifies integrations and support
- More streamlined and centralized management of devices / readers. This includes the ability to push updates (firmware and configurations) from the controller to all readers downstream. This is compared to how updates were done in the past where a person had to physically touch a reader to make the updates.
Is OSDP more secure? Why?
Yes. This is probably one of the biggest benefits of OSDP. With other legacy communication protocols (such as Wiegand), sniffing and replay attacks were simple and inexpensive to perform. With OSDP Secure Channel (Secure Channel is the encryption piece), AES128 is used to secure the transmission of data from reader to controller.
What advice or best practices would you recommend for organizations just starting to look at deploying OSDP?
Three things need to align in order for OSDP SC to be possible:
1. The reader must support OSDP SC.
2. The controller must support OSDP SC.
3. The Access Control software platform needs to support OSDP SC.
Luckily, this is fairly standard with current hardware and software solutions. Based on this, it would be a good practice for the industry to begin transitioning away from legacy communication methods and switch to OSDP SC going forward. This approach does have a learning curve though. Deploying OSDP is not difficult, but it is different from how legacy communication protocols have been deployed in the past. Based on this, it would be wise for integrators / installers to set up an OSDP test bed within their lab environment prior to installing OSDP in the field.
The Promise of OSDP presentation will take place March 19 at 1:00 pm in Sands 307 at the Sands Expo in Las Vegas.