IoT - How it Works in Access Control

Internet of Things - How it Works in Access Control 

The "Internet of Things" precisely known as IoT is an integrated network of intelligent computing devices connected through the internet to communicate with each other without any human interference.

What is IoT?

The Internet of Things (IoT) is a technological concept of connecting multiple devices that have the possibility of switching on and off the web in order to use software and automation processes for smart living. IoT is an innovation that changes the way we organize our lives at home and at work, as well as the way we move and use transportation means and manage industrial machinery. Any object, even people, in terms of smartphones and wearables, can be a part of the IoT grid.

The IoT is not limited to computers or other most common devices used for web connections. It’s typical to expect a desktop, a tablet, and a mobile to find their place in the IoT, but the concept encompasses way more. For example, smart vehicles, whose navigation systems depend on a computer dashboard connected to the web can be part of the Internet of Things. Any equipment that can support the smart sensor technology is viable for the IoT environment.

It’s not too difficult to imagine how the IoT grid is and how it will be transforming our workplaces. The Internet of Things at work enables smart buildings that automate business processes and improve security. In a way, IoT office solutions are a bridge from the physical to the virtual workplace.

Taking the physical information and transforming it into virtual data via IoT sensors results in the ability to manage many processes from anything that has a computer processor. Although we haven’t exhausted all IoT ideas for offices, many organizations have benefited from accepting the basics of the concept, creating smart lighting and aircon systems, as well as smart access control systems.

The access control mechanisms restrict unauthorized users from accessing the system by introducing appropriate mechanisms. Data sharing is the process of exchanging information among IIoT users. The access control and data sharing strict the legitimate users can only exchange their data. The access control defines which type of users can access the information of the particular IIoT system and is permitted to perform the control activities.

Internet of Things Ecosystem

IoT is a new concept of integrated network of different kinds of computing devices in the field of information technology. It is based on the IP network in which every individual machine used in manufacturing, security, transportation, and other fields of our day-to-day life is assigned a unique IP to communicate with each other.

Every machine/device is connected with the related sensors, which trigger the control system to issue instructions to a particular machine for some action to perform automatically. This network can communicate through both wireless and wired internet connectivity.

How is IoT used in access control system?

Internet of things is a backbone of modern IoT access control system commonly known as intelligent door locking systems. In this system, every lock, lock access controller, card reader and other associated devices are assigned a separate IP address, which is used for communication among the devices.

In a single building, all those intelligent machines are normally connected through wireless networks to their consolidated management software or mobile application. These applications can be configured for automatic as well as manual operation of different locks and controllers. The security alerts and notifications can also be configured to receive on mobile apps in real time.

Each device/machine is configured for its operating conditions, criteria, sensitivity and authority in core management control software, which is used as controller of the entire system. A duplicate control of this system is used as a mobile app on your mobile devices too; you can receive the status of your access system and you can also issue instructions from your app. Any malicious activity in your access system generates an alert and detailed notification on your mobile app or main management software controller.

What products use it?

Internet of things is used by thousands of types of products in general and almost all parts of the IoT security system commonly used in modern buildings. In access control, intelligent locks, card readers, keypads and other related devices use the technology behind the concept of the internet of things.

Every authorized mobile device also uses its unique IP address in the network to get an access into the main controller for using the intelligent locking system. The main server also has a unique IP address to establish iot communication among the components of entire IoT access control ecosystem.

Advantages of IoT in Access Control

The main benefits of using IoT security system based on IoT include:

- Fully integrated and highly intelligent system

- Accessible from anywhere around the world

- Capabilities to configure for different level authorities

- Can be used for both automatic and manual operations

- Easy to track the records of events

- A comprehensive approach towards secure life

Disadvantages of IoT in Access Control

The main disadvantages of using IoT access control system include:

- Certain hacking and security related issues still persist

- Not so mature technology

- Complex and costly

The nodes maintain an access control list that includes information about IoT devices, users, and associated access levels. Generally, the IIoT is formed using a group of embedded devices like sensors, cameras, and actuators to achieve a specific task. Designing access control and data sharing in such environments are very challenging owing to limited resources and heterogeneity. Context awareness, inter-domain operation, privacy assurance, resource efficiency, manageability, and accountability are some of the requirements of IIoT access control. The access control strategies are categorized into rule-based, capability-based, user control, and attribute-based.

The phrase “knowledge is power” has been taken to a whole new level by IoT technology that has been adapted in diverse areas. Governments have implemented the use of IoT devices in their activity processes such as the use of military drones while IoT devices are used by healthcare facilities and hospitals to provide high-quality healthcare services.

While smartphone and computers have been around for a long time, IoT is a relatively new phenomenon. Therefore, manufacturers and software developers have had sufficient time to address the susceptibilities pertaining to their data breach. IoT devices, alternatively, are extremely useful and come with various capabilities. Manufacturers still encounter problems such as dearth of passable hardware that is strong enough to examine and encode data yet trivial enough to fit inside the restricted space. Cybercriminals can access your home Wi-Fi network through such indiscreet devices and use the opportunity to watch your home surveillance camera to carry out a crime.

The fundamental purpose of implementing IoT devices across numerous segments is to create a completely cohesive smart city. With this integration, any device used in a manufacturing industry can link to another being used by government organizations, healthcare providers, trades or even one’s home network. Nevertheless, the law is yet to formulate privacy protection laws that cover all weaknesses across the different sectors. Cybercriminals continue to take advantage of this shortcoming, which results in the loss of revenue already invested into the project.

How to secure IoT networks

Here are some of the steps that can boost the security of your IoT network.

Know your IoT network

The first measure to take to enhanced security is to recognize and learn what you have and what needs to be protected. While it may appear one of the initial and basic steps, many companies tend to ignore this. Having an appropriate list of what’s on your IoT network and updating it frequently is key to security in any IoT network.

An IoT network usually comprises numerous devices and any of these devices can be used as a source to upset an entire IoT network. Organizations should focus on fixing the fundamentals to face the mounting cyber-risks in IoT.

IoT network security architecture

Most of the normally used surveillance devices barely support the wireless network security standards such as WPA2 or WPA3, which makes them highly vulnerable, capable of easily falling into the hands of hackers. Companies find upgradation of all these devices extremely expensive, so they should think about redesigning their network security architecture.

Divide the responsibility

One of the main problems with IoT security is that businesses often end up with security flaws since they have too much to achieve. Organizations that have their own IoT network characteristically purchase or hire paraphernalia and services from numerous services or device providers. Because IoT has to do with all these devices working together in a network, this medley of equipment can open up numerous holes that can be used to disrupt the system.

Setting up one-way connections

Setting up one-way connections is very important in an IoT network. If the endpoints in an IoT network have more privileges, cybercriminals can exploit them for cyberattacks. With the rise in the number of devices being a part of the IoT, the surface area for the invaders to attack is also increasing. Hence, businesses should restrict the skills of these IoT devices for security motives. Frequently, IoT devices are arranged in a way that they can start network connections by themselves. Although this provides much flexibility and other benefits, it can also lead to numerous security problems. By applying the exercise that all IoT devices are able to stay linked or start connections only using network firewalls and access lists will guarantee better safety.

OSDP an Access Control Protocol by SIA

OSDP an Access Control Protocol by SIA

ACCESS CONTROL WIEGAND PROTOCOL

In access control world we used Wiegand Protocol (Invented by John Wiegand in 1970). The communication protocol used in the Wiegand interface is called the Wiegand protocol. This protocol talks reader to controller. Basically Wiegand interface is a wiring standard used for interconnecting peripherals like fingerprint readers, card swipers or iris recognition devices. Initially created by HID Corporation, the Wiegand devices gained popularity thanks to the popularity of the Wiegand effect card readers of the 1980s. The Wiegand interface is considered a de facto wiring standard for card swipe mechanisms, especially for electronic data entry. Wiegand devices were originally developed by HID Corporation.

The Wiegand interface consists of three wires in the physical layer, the first wire is for ground and other two for data transmission, known as Data low/DATA0 and Data high/DATA1. The wires are composed of an alloy with magnetic properties. DATA0 and DATA1 are pulled up to high voltage, when no data is sent. When "0" is transmitted, the DATA0 wire is pulled to a low voltage while the DATA1 stays at high voltage. When "1" is transmitted, DATA0 stays at high voltage, whereas the DATA1 is pulled to a low voltage.

The most popular Wiegand interface is 26. It could be 3 bytes (Wiegand-26), 5 bytes (Wiegand-42) and even 7 bytes. Cable runs are limited to 500 feet. The Wiegand interface is unidirectional. It means that data is transferred in one direction only: from reader to the access panel. So access panel waits for a code on the line. If code is absent it means that there is no card near the reader or the reader is dead or the line is corrupted. To solve this problem in this way I asked one vendor to make a new firmware for its reader and now it sends each half an hour a "heart beat" code.

Given such limitations it has become increasingly clear that for reader technology and capabilities to progress, a bi-directional connection between the reader and access control system is a necessity. Some access control and reader manufacturers have recognized this need and developed proprietary bidirectional solutions. The OSDP a nonpriority interface specification that can be implemented without restriction. The protocol was originally developed by HID Global and Mercury Security Corp. in 2008 and adopted by SIA as a standard in 2011. SIA formed OSDP working groups, open to all members, and subsequent contributions have been provided by those participants.

What is OSDP

Open Supervised Device Protocol (OSDP) is an access control communications standard developed by the Security Industry Association (SIA) to improve interoperability among access control and security products. OSDP v2.1.7 is currently in-process to become a standard recognized by the American National Standards Institute (ANSI), and OSDP is in constant refinement to retain its industry-leading position. Open Supervised Device Protocol (OSDP) v.2.1.7 is a communications protocol that allows peripheral devices such as card readers and biometric readers to interface with control panels or other security management systems. It adds sophistication and security benefits through features such as bi-directional communication and read/write capabilities. The OSDP standard with Secure Channel Protocol (SCP) will support both IP communications and point-to-point serial interfaces, such as RS-485.

BI-DIRECTIONAL COMMUNICATION

The access control industry’s move to open standards is cultivating a broad range of interoperable products with enhanced features and security. Open standards also ensure that solutions can be easily upgraded to support changes in technology and applications, and give users the confidence that investments in today’s technologies can be leveraged in the future. OSDP with SCP specification provides bi-directional communications and security features for connecting card readers to control panels or other security management systems.

Bi-directional communication is particularly beneficial for enabling users to change configurations and to poll and query readers from a central system, which reduces costs while speeding, and simplifying configuration and improving the ability to service readers.

Unlike earlier unidirectional protocols, including the Wiegand interface and the clock-and-data signal approach used with magnetic stripe readers, OSDP enables continuous reader status monitoring. It can also immediately indicate a failed, missing or malfunctioning reader, as well as provide tamper detection and indication capabilities. All signaling is done over two data lines, providing the ability to use four-conductor cable to both power the reader and send and receive data. This lowers installation cost compared to the 6 to 10 conductors typically used for Wiegand.

HID Global is one of the first manufacturers to support OSDP with SCP in its reader portfolio as part of its iCLASS SE platform. iCLASS SE platform readers with OSDP enable central management, which lowers operational costs by making them faster and easier to configure and service.

SYSTEM INTEGRATION

OSDP gives Higher Security, Advanced Functionality, Ease of Use, More Interoperability. OSDP provides continuous monitoring of reader status, and can immediately indicate a failed, missing or malfunctioning reader. OSDP can also provide tamper indication for readers with onboard tamper detection capabilities. OSDP protocol for control panels to send messages for display to a cardholder via a screen embedded within or connected to the reader. The OSDP standard is particularly important for government installations because it supports high-end AES-128 encryption (required in federal government applications). And it meets the requirements of the Federal Identity, Credential and Access Management (FICAM) guidelines. OSDP also works with biometrics – Weigand does not.

SYSTEM ARCHITECHURE

Replacing legacy access control panels while maintaining operation with legacy card readers and other field devices.

When the need arises to replace or upgrade a card access or security control panel and if the new panel is OSDP compliant, it may be advantageous or necessary to convert the field devices to OSDP compatibility. This normally means replacing all readers, sensors, contacts, relays, and door control equipment to OSDP compliant versions as well. If this is not an immediate option due to time or cost constraints, the Cypress OSDP-1000 can provide an effective solution.

Credential Reader - Any Wiegand (Data 0 / Data 1), Strobed (Clock/Data), F/2F, or Serial interface can be handled by the OSDP-1000 when configured in "Reader Interface Mode". Since the format of the data is reported by the OSDP-1000 to the new control panel as an array of bits or characters, the panel's software must be configured to process the raw bit stream or character string. The reader type is configured by either on-board DIP switch or via OSDP configuration command from the panel.

Door Strike / Gate Operator - If the panel has provisions for multiple, dry-contact relay outputs and the panel's power supply is capable of driving the door or gate operator, then the 2 wires already in place to provide this function can continue to be used. Otherwise, since the OSDP-1000 is mounted in a secure location (not accessible from the un-secure side of the door or gate), it can be used to control the door or gate via OSDP command from control panel. If the control current is 1amp or less (at 12 to 24Vdc), the OSDP-1000's on-board, form C relay can be used. The new control panel will simply command the OSDP-1000 to turn the relay on or off. If higher currents are required, an external relay can be added. The power for the door strike, mag lock, or gate operator can be supplied from the panel (centralized power) or a local power supply near the door or gate (distributed power).

Sensors, Contacts, Switches, EOL Devices - Since the OSDP-1000 is mounted on the secure side of the door or gate, all remaining field wiring can be terminated at the OSDP1000. The new control panel will request data via protocol command/response and use it to determine the status of the door position switch, request-to-exit button, or motion detector. The OSDP-1000 has 2 Supervised alarm inputs to accomodate end-of-line resistor configurations. These can also be used as digital inputs.

Power Considerations - The OSDP-1000 does not magically create power for itself, the reader, or door strike from the twisted pair communication wires (but we might be working on it). The legacy panel or other power supply provided enough power to operate the reader, sensors, and door or gate operator. If the new control panel does not provide this power, then a suitable power supply must be installed at the panel location or at the door or gate. The OSDP-1000 only requires about 50ma and accepts a wide range of voltage (7 to 24Vdc). The reader, door strike, and any powered end-of-line device typically dictate what voltage to use (12 or 24Vdc).

All Devices - As mentioned earlier, converting all devices at the door or gate is recommended since this adds supervision of all signals. It also sets up the site for migration to an OSDP Control Panel in the future. Since the OSDP-1000 is mounted in a secure enclosure not vulnerable to tamper from the un-secure side of the door or gate, all signals can be terminated to it and supervised. The OSDP Reader has it's own polling address as does the second OSDP-1000 module configured for "Remote Interface Mode".

There still are many Weigand-base legacy systems in place and due to limited resources, it may take time to replace them all, but the migration is underway. Many organizations are taking a step-by-step approach replacing perimeter readers first and moving to interior readers as funding and time allow.

Future-proof your access control strategy today. Meet Signo, the signature line of access control readers from HID Global. This new reader line provides performance, versatility and security meet in a sleek, modern design. HID Signo™ Readers deliver mobile access capabilities, ensure easy migration from Wiegand to OSDP and support the widest range of credential technology so organizations can to upgrade at their own pace.

GROW YOUR BUSINESS

Integrators can differentiate from the competition by promoting open standard protocols, which can help build new customer relationships and win more projects by providing new found PACS features. With OSDP only four conductors are ever needed, two for power and two for all communication.

Wiegand does not allow for remote configuration or upgrade of a reader. OSDP enables a customer to remotely change the configuration of a reader (i.e. security keys or LED color) from any network-connected location.

BENEFITS OF OSDP

Compared to common low-security legacy protocols, the emerging OSDP standard offers:

Higher Security

·  OSDP is more secure than the most common access control communications protocol.

·     OSDP Secure Channel supports high-end AES-128 encryption (required in federal government applications).

·     OSDP constantly monitors wiring to protect against attack threats.

Advanced Functionality

·         Supports advance smartcard technology applications, including PKI/FICAM and biometrics.

·         Supports bi-directional communications among devices.

·         OSDP supports advanced user interface, including welcome messages and text prompts.

·         OSDP’s use of 2 wires instead of 12+ allows for multi-drop installation, supervised connections to indicate reader malfunctions, and scalability to connect more field devices.

Ease of Use

·         Audio-visual user feedback mechanisms provide a rich, user-centric access control environment.

·         Guesswork is eliminated since encryption and authentication are predefined.

·         Low cost of implementation on an embedded device.

More Interoperability

·         Using OSDP enables communication among different manufacturers' devices and solutions.

·         The standard applies to peripheral devices (PDs) such as card readers and other devices at secured access doors/gates and their control panels (CPs).

·         SIA promotes the standard at regular “plugfests” among manufacturers and at InteropFest – an annual interoperability event held at ISC West tradeshow every spring in Las Vegas, Nevada.

·         The OSDP specification is currently recommended when TCP/IP, USB, or other common protocols do not lend themselves to the application.

·         The OSDP specification is extensible to IP environments and the OSDP WG is working on deploying OSDP over IP soon.

Ref:

http://www.securityindustry.org/Pages/Standards/OSDP.aspx

http://www.securityindustry.org/Pages/IndustryEvents/SIA-InteropFest.aspx

https://scottontechnology.com/osdp-open-supervised-device-protocol/

http://www.suprex.net/centralunit.html

https://ipvm.com/reports/osdp-access