5.26.21 – SSI
Electronic access control (EAC) vulnerability is always a hot topic and knowledge of such can set you apart from all the amateurs.
Just a reminder on the best practices philosophy. Providing best practices in sales, service and installation means just that. In sales, do you provide all the options for your prospect or just the minimal? It is your obligation as a security professional to provide both average and high security options. We know that the majority of crimes are not very sophisticated. Let the customer decide and you can document accordingly.
In service, give the customer options such as annual maintenance. In installations, make sure that your techs have the skills and knowledge to do the job professionally. Provide training, and again, document accordingly.
Electronic access control (EAC) vulnerability is always a hot topic and knowledge of such can set you apart from all the amateurs. Have you heard of Gecko? If you’re an avid reader of Tech Talk you might remember back in March 2008 that I mentioned this little electronic creature. It was a very small device that could be easily put inline with a Wiegand EAC reader. It was undetectable and came with an RFID command card set, putting the person in control anytime of that reader.
Moving forward, now Gecko has some similar dangerous modern tech cousins. The first is BLEKey, which is a sniffer key that can again read Wiegand data and playback for unauthorized access. Another is ESP RFID Tool, a sniffer that can be installed and working in less than five minutes.
Wiegand EAC reader communications have been around for a long time and have always had its security vulnerabilities. Some manufacturers have come up with encryption routines but the majority have not.
One possible EAC communications security option might be the use of a technology called Open Supervised Device Protocol (OSDP), a Security Industry Association (SIA)-approved standard. Recently a small poll of 60 EAC professionals revealed that only 10% were using OSDP technology. Up until recently, this technology was not as economical as Wiegand but that is changing. A good opportunity for providing an EAC best practices sales option.
So what is this OSDP they speak of? First, you might want to check out my August 2002 Tech Talk article, “RS-485: Old Soldiers Never Die.” OSDP basically is encrypted EAC communication using the popular RS-485 footprint. In comparison, OSDP provides reader-to-controller encryption and two-way communications while Wiegand has no encryption or two-way communications.
OSDP has multidrop wiring topology and up to a 4,000-foot distance while Wiegand has point-to-point and a maximum of 500 feet. OSDP cabling has four conductors and a variable data rate while Wiegand has five or more conductors and a fixed data rate. OSDP is obviously the winner for today’s secure EAC communications. Look for OSDP V2.2, the latest version from the SIA OSDP Working Group.
Planning an EAC system does not need to be complicated. Besides making sure you have all the prospective stakeholders and lead tech people involved, make sure to have door hardware experts since this is a physical specialty that many electronic systems techs may lack. I have seen many of dollars lost by overlooking this element.
One needs to ask a few basic questions when planning an EAC system:
WHO are the people, or groups of people, you want to provide electronic access to?
WHAT are the assigned levels of access? This is important to clearly define early on.
WHERE can the people go? Define the areas that the personnel can access.
WHEN are they allowed to access this area? This is defined per system schedules.
WHY should they have access to this area? Further operational clarification and explanation helps and confirms previous security decisions.
HOW do they have access to certain areas? This can be certain technologies that match customers’ security level needs. Different levels of security may require certain combined technology such as a card swipe, PIN, mantrap and/or biometrics.
As you can see there are many variables in planning an EAC system. Many EAC equipment manufacturers can supply worksheets to make these tasks easier and less error prone. Take advantage of this free offering.
Biometrics, such as fingerprint, retinal and hand geometry, have been popular. Lately, companies like Innovatrics are producing what is referred to as “seamless EAC.” The company’s facial recognition is said to work even with facemasks. Just walk up and their EAC system will recognize you. Pretty cool.
Tool of the Month
I have always enjoyed reviewing products by Cypress Integration Solutions (CIS). This month, I have selected CIS’ OSDP-Wiegand Converter, OSM-1000. It is a simple solution to upgrading Wiegand systems to OSDP.
It has two operating modes, The PD (Peripheral Device) mode connects a traditional Wiegand reader to an OSDP ACU (Access Control Unit). The ACU mode allows an OSDP reader to connect to a traditional Wiegand ACU.