Skip Navigation

Next-gen OSDP was supposed to make it harder to break in to secure facilities. It failed.

arstechnica.com Next-gen OSDP was supposed to make it harder to break in to secure facilities. It failed.

OSDP Secure Channel has yet to gain widespread usage, and it's already broken.

Next-gen OSDP was supposed to make it harder to break in to secure facilities. It failed.
3
3 comments
  • In this case the auto TLDR bot failed to summarize well.

    Short version: the ODSP is a complete mess.

    Here's in how many ways it failed:

    By default, Secure Channel isn’t turned on. Many admins aren’t aware that they must configure their equipment to use Secure Channel. And even when Secure Channel is on, some critical communications still occur in plaintext. Secure Channel also allows encryption to occur through the use of weak keys that are trivial to crack.

    Since OSDP provides no means to transfer the SCBK out of band—meaning through a channel other than the daisy chain connecting the peripheral devices to the control panel—the standard has no choice but to send it through the RS-485 line. That presents a vexing chicken-and-egg problem: Without possession of the SCBK, the control panel has no means to securely encrypt the key before sending said key to the new reader.

    Devices often advertise themselves as being OSDP-compliant or as supporting OSDP and yet provide no means of delivering the Secure Channel encryption described in the OSDP specification.

    Just after bootup, a reader transmits a message to the controller that provides a list of capabilities, including fingerprint scanning and the ability to provide tactile feedback. Once again, for chicken-and-egg reasons, this message can’t be encrypted. The researchers’ listening device can exploit this lack of encryption by intercepting the message and changing it to say the reader doesn’t support encryption.

    many controllers are configured to remain in ‘install mode’ persistently, perhaps forever,” the researchers wrote in their post. “Some controllers make the administrator manually click out of ‘install mode’ when they’re done. And if you forget to do that, your encryption is toast since an attacker can just request the encryption key!”

    OSDP also provides no means for generating the master encryption key that underpins the security of all other keys it uses. In this absence, it’s up to users to generate them on their own. The researchers said some admins simply choose easy-to-guess keys such as those hardcoded into sample code

    A cryptographic nonce used to ensure that session keys are random uses just 6 bytes of entropy. Similarly, message authentication codes, or MACs, used to verify that a message hasn’t been altered, are truncated to 32-bit to, as the OSDP spec puts it, “reduce overhead.”

    Secure Channel encryption has two modes that don’t actually encrypt data passing through the RS-485 cabling. Instead, these modes, known as Modes 15 and 16, apply only a MAC. As a consequence, anyone can read the data encrypted in these modes. “It's such a bizarre choice to have that mode which is basically doing a null cipher for most of the actual packets that are going back and forth,” the researchers said.

    Even when Secure Channel is set to encrypt data, a single byte of that data reserved for message commands is never encrypted. This allows a passive listener to learn all kinds of things, including when someone swiped a badge, whether that badge was valid, when the LEDs light up, and when the buzzer beeps.

  • How do things like this ever make it into production? Rather than a failure of the tech, it's more like a failure (or feature) of design-by-committee.

  • 🤖 I'm a bot that provides automatic summaries for articles:

    Click here to see the summary

    Researchers have discovered a suite of vulnerabilities that largely break a next-generation protocol that was designed to prevent the hacking of access control systems used at secure facilities on US military bases and buildings belonging to federal, state, and local governments and private organizations.

    Like an earlier protocol, known as Wiegand, OSDP provides a framework for connecting card readers, fingerprint scanners, and other types of peripheral devices to control panels that check the collected credentials against a database of valid personnel.

    When surreptitiously inserted by a would-be intruder into the wiring behind a peripheral device, Gecko performed an adversary-in-the-middle attack that monitors all communications sent to and from the control panel.

    Secure Channel allowed OSDP-based communications between peripheral devices and control panels to be encrypted with 128-bit AES, a tried and tested algorithm that is virtually impossible to break when used correctly.

    While all but four of the vulnerabilities can be effectively eliminated, mitigations require configuration settings that aren’t described in the official OSDP specification (available here for $200) and differ depending on the manufacturer of each device.

    OSDP works over RS-485, a serial communication protocol designed to provide relatively high bandwidth (up to 10 megabits per second), the ability to span reasonably long distances (up to 4,000 feet), tolerance for lots of radio frequency noise, and capacity for 32 devices on a single line.