“Extreme Customer Service with Extreme Professionalism”

OSDP Versus Wiegand

A Paradigm Shift in Card Access Control

Wiegand History

If you are currently using card access control to enter doors there is a 99% chance that the system is using a technology that was developed in the late seventies as a protocol for connecting card readers and transmitting analog data to controllers. The original cards that were used were called Wiegand Effect Cards which had embedded mini rods of different sizes in an array that could output a unique binary format to be interpreted by the control panel and software. Over the years card technologies have changed but are all still using the Wiegand communication protocol and wiring schema.

OSDP History

OSPD: Open Supervised Device Protocol. Over the past 5 years this technology, developed by the Security Industry Association (SIA) in conjunction with many top tier access control manufacturers has evolved to become the new standard, replacing the legacy Wiegand protocol and assuring higher security standards and interoperability for many years to come

Why is This Important to You?

Are you still using your 8 track or audio cassette player? or have you moved on to digital media apps? Frankly, that is the chasm of difference in technology between legacy Wiegand and OSDP. Do they both work? Yes, but when it comes to your security and business continuity, why would you leave yourself open to the single most vulnerable point in your entire physical office security setup, the Wiegand Card Reader?

Wiegand Vulnerability

1. Go to an online retailer and order a proximity card duplicator along with some blank cards, a $15 investment. Read someone’s proximity card, program your blank card, you now have a duplicate card to use.

Man in the Middle Attacks

2. Go to online retailer and order a proximity card cloner, remove a card reader from the wall, alligator clip the cloner to the exiting wires, hide your cloner, capture the data from every card used to enter the building, transfer that data to your blank cards, etc. Now you have captured the CEO and/or the CFO’s cards which may very well have access into sensitive areas.

3. Wiegand readers are typically not supervised by the access control system and if they are, the alerts are generally not responded to or acknowledged.

4. Wiegand protocol is also subject to Brute Forcing. This method only requires that you have knowledge of one card, you can then determine other card values with simple incremental Brute Force. Once again, these cards may be carried by key personnel with access not only to their local building but perhaps other locations around the globe.

5. Fuzzing! By programming a card with specific harmful data, this method can be used to crash your entire access system.

OSDP to the Rescue

  1. OSDP readers when used with OSDP compatible controllers offer protection from spoofed credentials.
  2. Constantly monitors wiring to protect against physical attack threats.
  3. Higher security communications through AES 128 encryption technology.
  4. Man in the middle attacks, thwarted.
  5. Interoperability with bio-metrics, smart devices and third-party applications.
  6. OSDP has a low cost of implementation.
  7. In process of becoming the access control standard recognized by ANSI.
  8. Meets Federal access control requirements like PKI for FICAM
  9. Audio-visual user feedback mechanisms provide a rich, user-centric access control environment.

Not Ready for OSDP

Chances are I have raised some concerns if you are still using a legacy access control system. There are numerous things that you can do to increase your security without significant investment. S3 has options to begin implementing the hardening process.

How to Learn More?

If you would like to learn more about OSDP, please contact your local S3 Integration office. S3 has invested in this expertise for your benefit and welcome an opportunity to be of service.

This entry was posted on Tuesday, December 17th, 2019 at . Both comments and pings are currently closed.

Comments are closed.