Access Control: Demystifying OSDP

July 15, 2019
How the Open Supervised Device Protocol can improve access control, security and operational efficiency

The advancement of physical access control technology continues to evolve as new threats emerge, vulnerabilities are identified, security protocols are updated, and requirements for integration increase. The standards governing the development and testing of physical access control systems (PACS) have also evolved to improve security and product interoperability.

An example is the Open Supervised Device Protocol (OSDP), introduced 10 years ago as an alternative to the antiquated and vulnerable clock-and-data and Wiegand protocols.

Although upgrading to access control systems that adhere to OSDP standards is a significant initiative, it dramatically enhances overall security while delivering other advantages including increased flexibility and operational efficiency for the long term. Integrators who understand the benefits of OSDP can also help their customers support both current and future technology requirements.

Overcoming Vulnerabilities and Challenges

In the early 1980s, clock-and-data and Wiegand protocols were widely adopted as the de facto standard for interoperability between access control readers and physical access controllers. Those de facto standards were later formalized and adopted into industry standards by the Security Industry Association (SIA) in the 1990s.

There were weaknesses, though, including the lack of encryption protocol to protect from “man in the middle” attacks and vulnerabilities from reader to controller. Also, the retrofitting installation alongside a legacy system is complicated for integrators and expensive for organizations, as most readers require dedicated home-run wiring. Extensive wiring on a large-scale project, such as a school or corporate campus, results in considerable – often prohibitive – costs for installation of a PACS.

These weaknesses pushed the security industry to adopt a new protocol. The OSDP access control communications standard was developed by Mercury Security and HID Global in 2008, and donated, free of intellectual property, to SIA to improve interoperability among access control and security products.

Why Implement OSDP as a Standard?

OSDP is the only protocol that is secure and open for communication between readers and controllers and is also being widely adopted by industry-leading reader and controller manufacturers. It is an evolving, “living standard” – making it a safer, more robust, future-proof option for governing physical access control systems.

OSDP offers important benefits:

Increased Security – Implementing OSDP standards can increase security, as OSDP with Secure Channel Protocol (SCP) supports AES-128 encryption that is required in U.S. federal government applications. Additionally, OSDP constantly monitors wiring to protect against tampering, removing the guesswork since the encryption and authentication are predefined.

Bidirectional Communication – Early on, communication protocols such as Wiegand were unidirectional, with external card readers sending information one way to a centralized access control platform. OSDP has transformed the ability for information to be collected, shared and acted on with the addition of bidirectional communication for configuration, status monitoring, tampering and malfunction detection, and other valuable functions.

Open and Interoperable – OSDP supports IP communications and point-to-point serial interfaces, enabling customers to flexibly enhance system functionality as needs change and new threats emerge. They also can proactively add new technology that enhances their ability to protect incoming and outgoing data collection through a physical access control system.

Reduced Installation Costs – OSDP’s use of two wires (as compared to a potential of 11 wires with Wiegand) allows for multi-drop installation, supervised connections to indicate reader malfunctions, and scalability to connect more field devices. Daisy-chaining accommodates many readers connected to a single controller, eliminating the need to run home-run wiring for each reader, and the use of a four-conductor cable achieves up to 10x longer distances between reader and controller than Wiegand while also powering the reader and sending/receiving data.

User Friendly – OSDP gives credential holders greater ease of use, with audio and visual feedback such as colored lights, audible beeps, and the ability to display alerts on the reader. For security administrators, managing and servicing OSDP-enabled readers also becomes increasingly convenient, as OSDP-enabled readers can be remotely configured from network-connected locations. Users can poll and query readers from a central location, eliminating the cost and time to physically visit and diagnose malfunctioning devices.

Unlimited Application Enhancements – OSDP supports advanced smartcard technology applications, including PKI/FICAM and biometrics, and other enhanced authentication protocols used in applications that require Federal Information Processing Standards (FIPS) compliance and interactive terminal capabilities. Audio-visual user feedback mechanisms provide a rich, user-centric access control environment.

OSDP offers advantages for users, administrators and integrators alike. It adds security and real-world efficiencies, and its interoperability ensures that organizations can utilize systems from numerous manufacturers as they invest in infrastructure that maximizes protection of critical data.

In a campus environment, OSDP streamlines installations and upgrades while saving organizations the expense of replacing readers if a new access control solution is implemented.

There are also service and maintenance benefits as OSDP encourages continuous monitoring of system uptime and allows for remote configuration of – or upgrades to – a reader. Integrators can also capitalize on the introduction of OSDP by encouraging open standards, which can, in turn, help them build new customer relationships and win more projects.

Brandon Arcement is Senior Director of Product Marketing for HID Global. Request more info about the company at www.securityinfowatch.com/10213866.