fdsfd
adfss
2.1.7 is the latest do not use 2.1.6
Yes OSDP adds 128-bit AES encryption. (and the committee is working on adding 256 also)
other features: command and control signalling all goes o...
Read the full report here
'Secure Channel' OSDP Access Control Examined
Brian Rhodes
Jun 18, 2018U
Undisclosed #1
Jun 21, 2018One thing not clear to me about OSDP in general is what ISO level it operates at.
If it is just a high-level protocol, couldn’t OSDP be run over Ethernet/TCP/IP/TLS to provide end-to-end encryption using already extant protocols?
Brian Rhodes
Jun 21, 2018That's an interesting question.
My first thoughts: In terms of OSI Model, OSDP is layers 1 - 3, but the data isn't organized like 802.3 Ethernet.
Wiegand was pure analog, and not TX/RX. So in general, OSDP is pre-ethenet/post serial.
I'll reach out to members of OSDP Development Community and ask your question!
Brian Anderson, CPP®
Jun 22, 2018THIS is why I sub to IPVM, excellent subject to cover.
I talked to Mercury and HID about what it takes to get "OSDP compliant". For existing readers you'll need the OSDP module in the HID reader that supports it, or order the part # with the OSDP module in it, AND have a panel that supports it.
There is no firmware/software updates for existing panels that currently do not support OSDP. It requires a replacement of panels boards as of now.
AT
Andrew Tierney
Jun 22, 2018Shame the standard needs to be paid for.
I can't see any mention of authentication of end points or replay protection. There's not really a strong requirement for confidentiality in such a system, but it is all they seem to have handled.
Jonathan Lawry
Jun 24, 2018The linking process shares unique keys, which essentially serves the purpose of authentication as well as encryption. Also, the encryption itself uses CBC (cipher block chaining), which would protect against replay.
(Disclosure: I have worked on the implementation of OSDP and OSDP-SC for Mercury and others)
AT
Andrew Tierney
Jun 25, 2018Hmm, and how is that linking process secured?
CBC isn't a protection against replay - it's just a method used by a block cipher to work with arbitrary lengths of data longer than single block.
Jonathan Lawry
Jun 25, 2018The Linking process is secured using the default key, though it's understood that this should be be done in controlled circumstances.
As for CBC, what you said is accurate, but in this case the blocks of data are multiple comm cycles over time. The Ciphertext of the last message feeds the IV of the next message. 
Jonathan Lawry
Jun 24, 2018Brian, one thing that is misleading here your mention of the EP2500 in the graph. It is a straight controller, and has no reader connections on the board. It needs to be talking to an MR50/52 or MR51e to connect to a reader in any case.
That said, an EP2500 connected to an MR50/52 can absolutely support OSDP, and if you use an MR51e, it will support OSDP-SC as well. You are correct though that the EP1501 and EP1502 support OSDP-SC on their on-board connections.
Brian Rhodes
Jun 25, 2018Thanks for that, and it is worth noting.
That graph is Mercury's and not one we put together, and it might be confusing without knowing reader ports are not supported onboard the EP2500.
I understand that one of the big changes in the Series 3 Redboard Access Panels is enough physical resources to support OSDP SC on the I/O boards too.
WB
Warren Bell
Apr 30, 2019Wow that BLEKey one got me
New discussion
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.
Newest discussions