Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access Control Vulnerability & Interoperability: Improving the Reader-to-Panel Connection Tony Diodato, CTO Cypress Integration Solutions Access Control.

Published byMagnus Woods Modified over 8 years ago

Similar presentations

Presentation on theme: "Access Control Vulnerability & Interoperability: Improving the Reader-to-Panel Connection Tony Diodato, CTO Cypress Integration Solutions Access Control."— Presentation transcript:

1 Access Control Vulnerability & Interoperability: Improving the Reader-to-Panel Connection Tony Diodato, CTO Cypress Integration Solutions Access Control Vulnerability & Interoperability 1 Babak Javadi, Director of Research The CORE Group

2 Prevalent Assumptions – Agree or Disagree? 2 Got vulnerabilities? Access Control Vulnerability & Interoperability Wiegand is inherently secure... so is RS-485 If you have a guy hunkered down in your electrical room with alligator clips on the 485 runs, then you have bigger problems. There’s not enough power in a prox card to be skimmed beyond a few inches. The Cloud is your friend. The IT department has it under control. Wired connections are more secure than wireless.

3 Where are the vulnerabilities? 3 Got vulnerabilities? Access Control Vulnerability & Interoperability The card? Between card and reader? Panel to console? Console to Cloud? The last few inches of wire? Between reader and panel?

4 How tough is it to hack a Wiegand connection? 4 Got vulnerabilities? Access Control Vulnerability & Interoperability

5 So what's vulnerable? All of the above! 5 Got vulnerabilities? Access Control Vulnerability & Interoperability The card? Between card and reader? The last few inches of wire? Between reader and panel? Panel to console? Console to Cloud?

6 Vulnerable point 1: Card and reader 6 Securing Vulnerabilities with OSDP Access Control Vulnerability & Interoperability 125KHz Marconi One-way conversation 13.56 MHz HID iClass, MIFARE, DESFire, etc. 2-way conversation (key to securing) Can employ encryption and authentication

7 Vulnerable Point 2: Reader and panel 7 Securing Vulnerabilities with OSDP Access Control Vulnerability & Interoperability Fuel pump skimmers in the news Gecko Attack side / secure side 2-way conversation Can employ Secure Channel Authentication and encryption Standardization SIA standard (on track for ANSI)

8 Vulnerability 3: Panel to console 8 Securing Vulnerabilities with OSDP Access Control Vulnerability & Interoperability RS-232 RS-485 Ethernet Wi-Fi USB

9 Forecast: Cloudy with a chance of extinction 9 Securing Vulnerabilities with OSDP Access Control Vulnerability & Interoperability Substitute the phrase “Other peoples’ computers” for “The Cloud” Panel-to-console Console-to-Cloud

10 Current installation method overview: Reader to Panel 10 Installation Comparisons: Current Practices v. OSDP Access Control Vulnerability & Interoperability Wiegand Strobed Serial

11 Current installation method overview: Panel to door 11 Installation Comparisons: Current Practices v. OSDP Access Control Vulnerability & Interoperability Door strike REX Door monitor

12 Current installation method overview: Wiring 12 Installation Comparisons: Current Practices v. OSDP Access Control Vulnerability & Interoperability 11 wires 500 ft. limit Mixture of 22 to 12 AWG Most are unsupervised

13 Background on 2-wire protocols and OSDP “Back in my day...” 13 Installation Comparisons: Current Practices v. OSDP Access Control Vulnerability & Interoperability 2-wire protocol (not new) Very proprietary Fairly low speed No intent to be interoperable No progress until 2005, when Mercury Security Corporation and channel partners started work on an open protocol In 2012, Mercury, HID Global (and more recently Codebench, Inc.), assigned OSDP specification to SIA

14 Background on 2-wire protocols and OSDP 14 Installation Comparisons: Current Practices v. OSDP Access Control Vulnerability & Interoperability Can’t we all just get along? (Standardization) / 30th anniversary of “sun setting on Wiegand” OSDP leadership elicited stakeholder buy-in: Joe/SIA Frank/Mercury Criteria for standard from working group: Low cost of implementation for manufacturer Minimal packet structure Expandable as needed Well-defined security feature

15 OSDP overview 15 Installation Comparisons: Current Practices v. OSDP Access Control Vulnerability & Interoperability SIA Standard: Open Supervised Device Protocol Current version 2.1.6 On ANSI track Open Source Tools Interoperability Currently working on Ethernet version using TLS (ONVIF) Low-cost Minimal feature set

16 OSDP overview 16 Installation Comparisons: Current Practices v. OSDP Access Control Vulnerability & Interoperability 2-Way Conversation 4 wires (sometimes 2) Fully supervised Authenticated Encrypted Expanded I/O Point-to-point Multi-drop

17 OSDP installation 17 Installation Comparisons: Current Practices v. OSDP Access Control Vulnerability & Interoperability Control Panel (CP) Master unit Command (poll) Peripheral Device (PD) Slave unit Response Addressable (126 devices) Multiple device types

18 OSDP installation demo 18 Installation Comparisons: Current Practices v. OSDP Access Control Vulnerability & Interoperability Legacy panel, OSDP reader Wiegand reader port REX, door monitor, tamper Supervision Secure Channel OSDP panel, Wiegand reader/door Signal wires reduced to single pair Supervision Secure Channel New install Panel Reader Door control

19 How hackable is OSDP? 19 Installation Comparisons: Current Practices v. OSDP Access Control Vulnerability & Interoperability

20 Review previous assumptions/assessments Thoughts, comments, questions 20 Summary: OSDP v. Wiegand Access Control Vulnerability & Interoperability

Download ppt "Access Control Vulnerability & Interoperability: Improving the Reader-to-Panel Connection Tony Diodato, CTO Cypress Integration Solutions Access Control."

Similar presentations

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Arctic IEC-104 Gateway Jari Lahti, CTO.

Arctic IEC-104 Gateway Jari Lahti, CTO.
Director of Product Line Management HID Proprietary & Confidential

Director of Product Line Management HID Proprietary & Confidential
Tech Data’s 2010 Physical Security Playbook Enablement for Networking Resellers.

Tech Data’s 2010 Physical Security Playbook Enablement for Networking Resellers.
N-TEC Access Control Connecting For Growth.

N-TEC Access Control Connecting For Growth.
Peek – ACS Lite Deployment Quixote Traffic Corporation Peter Ragsdale August 17, 2006.

Peek – ACS Lite Deployment Quixote Traffic Corporation Peter Ragsdale August 17, 2006.
1 Conversion Solutions Easy, inexpensive solutions for converting analog to digital and upgrading Wiegand to WSE.

1 Conversion Solutions Easy, inexpensive solutions for converting analog to digital and upgrading Wiegand to WSE.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Configure a Wireless Router LAN Switching and Wireless – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Configure a Wireless Router LAN Switching and Wireless – Chapter 7.
Presents The Silver Family An Integrated Approach to Processors, Data Communication and Head End Integration.

Presents The Silver Family An Integrated Approach to Processors, Data Communication and Head End Integration.
1 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall.

1 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall.
Overview The Basics Core Specification Version Spectrum International Radio Frequency Allocation Range Power Benefits Protocol Stack Bluetooth Architecture.

Overview The Basics Core Specification Version Spectrum International Radio Frequency Allocation Range Power Benefits Protocol Stack Bluetooth Architecture.
USB – An Overview Group 3 Kaushik Nandha Bikram What is the Universal Serial bus (USB)? Is a cable bus that supports data exchange between a host computer.

USB – An Overview Group 3 Kaushik Nandha Bikram What is the Universal Serial bus (USB)? Is a cable bus that supports data exchange between a host computer.
System Components Hardware overview for Apollo ACS.

System Components Hardware overview for Apollo ACS.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Module Summary  Ethernet cables and segments can span only a limited physical distance,

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Module Summary  Ethernet cables and segments can span only a limited physical distance,
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Computers Are Your Future © 2008 Prentice-Hall, Inc.

Computers Are Your Future © 2008 Prentice-Hall, Inc.
Cisco PIX 515E Firewall. Overview What a PIX Firewall can do Adaptive Security Algorithm Address Translation Cut-Through Proxy Access Control Network.

Cisco PIX 515E Firewall. Overview What a PIX Firewall can do Adaptive Security Algorithm Address Translation Cut-Through Proxy Access Control Network.
Introduction To DSX WinDSX DSS (Dallas Security Systems)

Introduction To DSX WinDSX DSS (Dallas Security Systems)
Introduction to USB Development. USB Development Introduction Technical Overview USB in Embedded Systems Recent Developments Extensions to USB USB as.

Introduction to USB Development. USB Development Introduction Technical Overview USB in Embedded Systems Recent Developments Extensions to USB USB as.
Profile Series v.S1 Intelligent Power over Ethernet Access Control Solution With the power of iCLASS.

Profile Series v.S1 Intelligent Power over Ethernet Access Control Solution With the power of iCLASS.

Similar presentations

Ads by Google