By using the Open Supervised Device Protocol (OSDP) and MIFARE DESFire smart cards, you can use the latest technology to better protect your property.
How is it, that despite the known massive security flaws and susceptibility to both man in the middle and replay attacks, that 84% of integrators continue to install the unencrypted and outdated Wiegand communication technology?
By using the Open Supervised Device Protocol (OSDP) and MIFARE DESFire smart cards, we will show you two ways you can use the latest technology to better protect your property.
OSDP for Enhanced Security
Many businesses around the world have been relying on Wiegand to secure their premises – a technology that hasn't changed for almost 40 years. It’s unencrypted, unsecured, and has been shown to have serious security flaws when it comes to today’s modern security demands. You can attack a site with cheap, easily obtainable equipment, and there are plenty of demonstrations online showing how this can be achieved in just seconds.
In response to Wiegand’s failings, the development of OSDP has brought secure two-way communications between devices to access control products. The SIA (Security Industry Association) has adopted and driven the OSDP technology, and in May 2020 the protocol became an internationally recognized IEC standard. OSDP v2.2, which is based on this standard, was released in December 2020.
OSDP is an open-source protocol that, compared to Wiegand, also adds encryption, much higher levels of security, plus a lot more functionality and futureproofing.
Benefits of OSDP
Increased security - OSDP uses RS-485 protocols for secure channel communication with AES-128 encryption. This means you could pair an OSDP reader with a MIFARE DESFire card and an ICT Protege controller to create a totally encrypted communications path from the card to the server.
Improved communication - With Wiegand, data transmission is one-way only, meaning the controller is unable to ‘talk’ to the reader – it can only listen. OSDP allows bi-directional (or full-duplex) communication. Communication is also constant, which means that any interference with the reader cabling will be detected in seconds.
More cost-effective to install - OSDP only requires 2 wires to transfer data, saving you time during installation. Using a twisted pair cable for data transmission also allows for 6x the wiring length versus Wiegand, so you can safely run a cable up to 900 meters (about 1000 yards) instead of 150 meters (about 165 yards).
Improved interoperability - Being an open-source protocol, OSDP makes it easy to use ICT's advanced multi-technology tSec Readers with an existing access control system, or to use third-party OSDP card readers with a MIFARE DESFire card and an ICT Protege controller to create a totally encrypted communications path from the card to the server.
Smart Encryption with DESFire
The most common access control credentials are key-cards or fobs, however, not all of these are created equal. As formats like 125kHz have been proven insecure, people have started looking for more advanced smart card technology.
For an industry-leading level of security, we recommend MIFARE DESFire for all sites. This multi-application 13.56MHz smart card uses global open standards for interface and cryptography, including AES-128 and 3DES encryption for hardware. With Common Criteria EAL5+ certification (from EV2), cards have the same security level as credit cards and e-Passports. They are also compatible with existing NFC reader infrastructure and offer protection against replay attacks thanks to proximity checks.
DESFire has the highest standard of card security currently available, so users can feel assured that their credentials are protected by industry best practices. It is perfect for environments such as local councils, or government buildings, or any organization where security and confidentiality are a must.
We recommend giving customers a quick lesson on presenting DESFire credentials, to avoid any potential frustration. It has a shorter read range than older technologies as the cryptographic module on the card requires more energy to operate. This means you cannot simply wave or swipe a card in the general direction of the reader to gain access. It’s worth training people to think of it like contactless payment – just hold the card firmly near the reader until authorized.
Transitions Made Easy
ICT’s range of multi-technology tSec RFID readers offers a solution for any requirement. Our tSec readers make it easy to transition to the more secure MIFARE DESFire card format without having to change all cards immediately. These readers combine both 125kHz proximity and 13.56MHz smart card capability to deliver maximum compatibility while providing a path forward to the latest technology.
For new implementations where migrating from another technology is not a factor, you can go straight to a smart DESFire solution with 13.56mHz tSec readers.