Turning the Spotlight on OSDP (Open Supervised Device Protocol)
Physical access control technologies have evolved exponentially over the years. Some of those advancements have been in response to exposed vulnerabilities and their resulting security risk. In turn, those threats triggered the updating of many security protocols and ushered in the introduction of new integration requirements.
Where Wiegand Falls Short
Similarly, communications standards for physical access control systems (PACS) have also, inevitably, continued to evolve. They’re shifting away from the clock-and-data and Wiegand protocols that were widely adopted years ago. The fact is, the Wiegand standard wasn’t designed to keep up with the security demands facing today’s enterprise organizations. In this age of increasingly complex threats, the need to keep data secure has never been greater. Wiegand interface readers simply don’t allow for the high level of security required today for a variety of reasons, such as:
- They provide no encryption and can be compromised without alert.
- They pose limited distance options from the controller.
- They’re operationally unable to communicate between controllers and readers for firmware upgrades, configuration changes, state changes and other critical updates.
- Anyone who can learn the protocol language developed for Wiegand or procure one of the readily-available off-the-shelf hacking devices can easily exploit their vulnerabilities.
Thankfully, evolutions in access control technology have resulted in the tightened security and interoperability between access control and security products.
The Origins of OSDP
As far back as 2008, HID, together with Mercury, recognized the weaknesses that Wiegand and other legacy communications protocols posed to existing access control systems. In response, we developed a new standard on which to strengthen the communication protocols and protect critical data collected through PACS. We called this breakthrough standard the Open Supervised Device Protocol, known simply as OSDP.
In 2020, we donated OSDP, free of intellectual property constraints, to the Security Industry Association to improve interoperability among access control and security products. We’re also very proud to say that OSDP reached an additional milestone when it became an International Electrotechnical Commission standard in May 2020.
HID and Mercury saw a clear need to implement OSDP as a standard back then. And today, it’s common knowledge that organizations sorely need and value system interoperability when it comes to their security. Keeping data gathered from video surveillance and access control devices secure is critical to ensuring organizations are safe from attack.
Increasing End User Awareness is Essential
Currently, OSDP is the only protocol that’s secure and open for communication between readers and controllers, and that’s just one of the reasons it’s being widely adopted by manufacturers.
Unfortunately, a recent HID Global survey showed that as many 80% of respondents said they had never heard of OSDP, and while 20% said they had, they opted for a system using an alternative protocol. The good news is that of those respondents that are aware of OSDP, 33% reported that they plan to install or upgrade to OSDP-enabled devices. It makes good sense, as the benefits of implementing OSPD standards are far-reaching.
Benefits of OSDP
For example, implementing OSDP standards delivers a higher level of security, because OSDP with Secure Channel Protocol supports AES-128 encryption — which is actually required in U.S. federal government applications. Furthermore, OSDP monitors wiring — constantly — to protect against tampering, thus removing the guesswork since the encryption and authentication are already predefined. OSDP also speaks directly to the increasing threat of what are termed “man in the middle” attacks. This is when a “bad actor” uses a tool to penetrate and secretly alter the communication between a reader and a controller to gain access to a secured location. This is huge.
Another key benefit of OSDP standards is that they support bidirectional communications between devices. In the early days, communication protocols like Wiegand were unidirectional and used external card readers that only sent information to a centralized access control platform. Thankfully, OSDP has transformed the way that information is collected, shared and acted upon, due to the addition of bidirectional communication. What that means to organizations is that readers “talk” directly to the centralized management platform, and the system also communicates directly with the readers.
The benefits this two-way communication offers are many. Among them:
- Reader configuration can be specified in the PACS software and sent to the reader via the controller
- Continuous reader status allows monitoring, polling and querying
- Tampering and malfunction detection and indication virtually eliminates the need to physically inspect the reader
- Advanced user interfaces, including welcome messages and text prompts, can be displayed by the reader
There are many other advantages to adopting standards-based protocols, because users can add more peripheral devices from various manufacturers as needed, over time. As new and even more inventive threats continue to emerge, the open-platform nature of OSDP gives organizations the opportunity to implement new technology to protect incoming and outgoing data collected via their PACS. This gives end users the unprecedented ability to proactively monitor their employees, visitors and assets to ensure security is safeguarded.
And there’s more good news. Those who adopt the OSDP protocol will enjoy lower installation costs as OSDP uses only two wires, as opposed to a potential of 11 wires with Wiegand. OSDP is also much easier to use due to the audio and visual feedback — such as colored lights, audible beeps and the alerts display on the reader — that provide a rich, user-centric experience. Security administrators will also be relieved to know that managing and servicing OSDP-enabled readers is much more convenient, because these readers can be remotely configured from network-connected locations. Users can poll and query readers from one central location and say “good-bye” to the need to check malfunctioning devices in person to diagnose problems, thereby saving time and money.
Another essential feature of OSDP: It supports advanced smartcard technology applications, including public key infrastructure, biometrics and federal identity, credential and access management (FICAM) as well as other enhanced authentication protocols used in applications that require Federal Information Processing Standards (FIPS) compliance and interactive terminal capabilities.
Creating a More Secure Future With OSDP
As we move ahead, it’s clear that the all-encompassing benefits of OSDP more than justify the cost of an upgrade. The advancements in the delivery and protection of PACS data have gained serious traction over the last decade as OSDP’s ability to deliver enhanced security, efficiency and flexibility for enterprises across all industries has made the standard much more widely adopted. Organizations are ensuring their ongoing security investments are future-proof to guarantee better protection of their people and assets now and into the years to come.
Want to learn more? Download our eBook, Demystifying OSDP.