By Ross Bale
For many years the topology of an access control system has involved a server, door controller and field devices such as card readers, locks and request to exit buttons as a few examples.
However in recent years, with Internet of Things (IoT) developments and new ways of communicating, in my opinion, the days of the security controller may be numbered.
Internet of Things Influences
The IoT movement is all about small, cost effective devices that perform one or more specific functions, such as monitoring temperature or light levels and sending this data to one or more services. These services can interpret this data and make decisions based on it.
If, in the near future, manufacturers of devices such as card readers, locks and request to exit buttons produce intelligent devices capable of using wireless transmission methods and protocols such as MQTT (a lightweight machine to machine internet of things communications protocol). Each device would be able to directly interact with each other and send data back to a central server without requiring the door controller.
At Build 2017, Microsoft showed their Workplace Safety Demonstration, demonstrating how IP video surveillance cameras could be used with artificial intelligence powered by the Microsoft Azure cloud platform. It could be used to identify people, objects and potential hazards in the video image without edge based analytics, or any kind of local server processing – just with cloud hosted artificial intelligence and local IP cameras.
Whilst this is technologically possible now, there are some practical limitations…
One function that door controllers provide is the ability to hold card holder data locally and process requests to enter or exit a door if the network or sever goes offline, especially important if the system relies on a server based in a different location.
Whilst the card reader could hold an authorised card holder database in its memory, as the card reader is outside of the secured area, it would expose sensitive information.
In addition, the card reader still needs some form of communication path between itself and the other devices around the door.
Hard-wired access control systems are considered secure as data being transmission around the system cannot be hacked.
A secure access control system can only realistically be achieved by ensuring that the system is using card readers that support the Open Supervised Device Protocol (OSDP) protocol and all cabling is physically secured and monitored by the access control system for tampering, e.g. someone cutting a cable or trying to introduce additional equipment between the card reader and the access controls system.
Using card readers that support the Wiegand protocol, or cabling that is not physically secured would result in a system no more secure than a Wi-Fi or Bluetooth connected device.
While it may be possible to sniff data from equipment on the unsecured side of the door in a fully peer to peer IOT style configuration, encryption and authentication methods within the MQTT protocol mitigate this risk.
MQTT requires each device to subscribe with a central authority within the MQTT server environment to be able to send or receive data, hence it would be fairly straightforward to identify unauthorised devices.
This is difficult to quantify at this stage as devices that can achieve this type of configuration are not yet available.
Assuming the equipment just needs to be mounted and wired around the door, using POE for power and a little commissioning , it would be reasonable to expect installation costs including hardware to be equal to or slightly less than a conventional system.
Many sites will not want to take the risk of introducing unproven, new cutting edge technology unless it is developed by a trusted and proven manufacturer as the risk of failure or compromise of the system may be too high for the end user.
There needs to be a clear business benefit to deploying a cutting-edge solution over conventional installations.
So, should the door controller be worried?
Whether the door controller is in fact hurtling towards obsolescence is likely within the next few years, especially with the development of cloud platforms such as Microsoft Azure, smaller, more intelligent sensors, and faster wireless communications technologies including 5G.
What is clear is that the internet of things movement is gathering pace and momentum. The process is creating new system models, ways of working and new devices at a pace much faster than traditional security manufacturer’s research and development processes, which could threaten the traditional access control system architecture and market.
How do you think the internet of things will impact on traditional access control?
Comment below to let our Security team know.