Configuring OSDP readers to prevent relay attacks - Cloud Link Roadrunner 3.1.0

Cloud Link Roadrunnerâ„¢ User Guide 3.1.0

Product
Cloud Link Roadrunner
Content type
Guides > User guides
Version
3.1
Release
3.1.0
Language
English
Last updated
2024-07-22

Prevent relay attacks on supported OSDP readers by configuring a maximum delay for card authentication.

What you should know

During a relay attack, it takes longer than normal for the system to authenticate a card because the attackers must relay messages to each other in the middle. For this reason, relay attacks can be effectively prevented by setting a maximum delay for card authentication. When the maximum delay is exceeded during a card read, the Cloud Link Roadrunnerâ„¢ unit does not proceed to make an access decision, and the door remains locked.
NOTE: No Access denied event is generated when the maximum delay is exceeded.

Procedure

  1. Log on to the Cloud Link Roadrunner unit.
  2. Click Configuration > MIFARE DESFire.
  3. In the Readers and associated MIFARE DESFire configurations section, select the Proximity Check option beside one or more OSDP readers.
  4. For each reader with Proximity Check enabled, enter a value in milliseconds to define the maximum card authentication delay in the ms field.
    Tip: Relay attack prevention is enabled per reader. Since each reader's timing is different, determine the average time that the reader takes to authenticate a legitimate badge and add a small margin of error to calculate the maximum delay. The suggested margin of error is 40 milliseconds.

    To determine how long a card took to be authenticated, go to Maintenance > Log viewer. In the Logger drop-down, select Syslog, and in the Filter by regex field, enter SmartCard. Check the logs with the SmartCard prefix for the authentication time.

  5. Click Save.