Integrated Control Technology asks why 84% of integrators continue to install the unencrypted and outdated Wiegand communication technology?
By using the Open Supervised Device Protocol (OSDP) and MIFARE DESFire smart cards, we will show you two ways you can use the latest technology to better protect your property.
OSDP for enhanced security
Many businesses around the world have been relying on Wiegand to secure their premises, a technology that hasn’t changed for almost 40 years. It’s unencrypted, unsecured and has been shown to have serious security flaws when it comes to today’s modern security demands. You can attack a site with cheap, easily obtainable equipment and there are plenty of demonstrations online showing how this can be achieved in just seconds.
In response to Wiegand’s failings, the development of OSDP has brought secure two-way communications between devices to access control products. The SIA (Security Industry Association) has adopted and driven the OSDP technology and in May 2020 the protocol became an internationally recognised IEC standard. OSDP v2.2, which is based on this standard, was released in December 2020.
OSDP is an open-source protocol that, compared to Wiegand, also adds encryption, much higher levels of security, plus a lot more functionality and futureproofing.
Benefits of OSDP
Increased security – OSDP uses RS-485 protocols for secure channel communication with AES-128 encryption. This means you could pair an OSDP reader with a MIFARE DESFire card and an ICT Protege controller to create a totally encrypted communications path from the card to the server.
Improved communication – With Wiegand, data transmission is one-way only, meaning the controller is unable to ‘talk’ to the reader – it can only listen. OSDP allows bi-directional (or full-duplex) communication. Communication is also constant, which means that any interference with the reader cabling will be detected in seconds.
More cost effective to install – OSDP only requires two wires to transfer data, saving you time during installation. Using a twisted pair cable for data transmission also allows for 6x the wiring length versus Wiegand, so you can safely run a cable up to 900 metres (about 1,000 yards) instead of 150 metres (about 165 yards).
Improved interoperability – Being an open-source protocol, OSDP makes it easy to use ICT’s advanced multi-technology tSec Readers with an existing access control system, or to use third-party OSDP card readers with a MIFARE DESFire card and an ICT Protege controller to create a totally encrypted communications path from the card to the server.
Smart encryption with DESFire
The most common access control credentials are key-cards or fobs, however not all of these are created equal. As formats like 125kHz have been proven insecure, people have started looking for more advanced smart card technology.
For an industry-leading level of security, we recommend MIFARE DESFire for all sites. This multi-application 13.56MHz smart card uses global open standards for interface and cryptography, including AES-128 and 3DES encryption for hardware. With Common Criteria EAL5+ certification (from EV2), cards have the same security level as credit cards and e-Passports. They are also compatible with existing NFC reader infrastructure and offer protection against replay attacks thanks to proximity checks.
DESFire has the highest standard of card security currently available, so users can feel assured that their credentials are protected by industry best practices. It is perfect for environments such as local council, or government buildings, or any organisation where security and confidentiality are a must.
We recommend giving customers a quick lesson on presenting DESFire credentials, to avoid any potential frustration. It has a shorter read range than older technologies as the cryptographic module on the card requires more energy to operate. This means you cannot simply wave or swipe a card in the general direction of the reader to gain access. It’s worth training people to think of it like contactless payment – just hold the card firmly near the reader until authorised.
Transitions made easy
ICT’s range of multi-technology tSec RFID readers offer a solution for any requirement. Our tSec readers make it easy to transition to the more secure MIFARE DESFire card format without having to change all cards immediately. These readers combine both 125kHz proximity and 13.56MHz smart card capability to deliver maximum compatibility while providing a path forward to the latest technology.
For new implementations where migrating from another technology is not a factor, you can go straight to a smart DESFire solution with 13.56mHz tSec readers.
Our latest tSec readers also support Bluetooth and NFC in addition to the multi-technology card capabilities, enabling mobile credentials so doors can be unlocked using a smartphone for maximum convenience. With flexible RS-485 communication, IP65 protection and optional keypad, the tSec range comes in three sizes with a choice of black or white to fit your needs and match your decor.
ICT is currently expanding operations in Europe and is looking for new security installers and distribution partners to support this growth. Visit https://info.ict.co/info-request to request more information on becoming a partner.
This article was originally published in the September 2021 edition of International Security Journal. Pick up your FREE digital copy here