Secure Data Transmission and Storage for Access Control Management Systems (ACMS): Part 3 - Data Encryption and Security at the Access Control Panel

by Chris Vanderbles
in Blog

In part 3 of this blog series, we'll briefly discuss the data that is stored on an access control panel.  There are many different styles of panels, some of which act as both the controller and the "head-end".  This session specifically addresses controllers that report back to a central controlling software, either on-premise, or in-the-cloud.

The Importance of Data Encryption and Security at the Access Control Panel

Now that we have addressed the security issues surrounding getting the card data securely from the card to the access control panel (see our Part 1 - Card Cloning and Card Security, and Part 2 - Wiegand and OSDP articles in case you missed them), we can focus on the more sophisticated criminal that may be targeting your facility. 

The Problem:

Once a bad-actor gains physical access to an access control panel is usually game-over when it comes to bypassing security.  A knowledgeable attacker can implement several physical workarounds to bypass the panel’s decision-making process and implement their own overrides to gain access to your facility.  The often-overlooked danger here is that while an attacker may compromise one of the security panel locations, they cannot physically override the remainder of the security panels throughout your facility.  Each physical system bypass requires access to the security panel controlling each door, making a whole system compromise a much harder task.  The actual data being stored on the security panel may be the real prize in this battle.  Most access control panels store data relating to all the card holders that have access to the doors that it controls.  This may include card number, card format, access levels, and facility codes.  All panels store this information in a proprietary way specific to each panel manufacturer’s specifications, but legacy panels did not keep this data encrypted on-panel or at-rest.  This means that a determined, sophisticated attacker that gains physical access to one of these panels may be able to extract the access data from the panel and use it to create a duplicate card similar to the card cloning mentioned in previous blog entries, but never requiring access to the victims actual card, and with the added benefit of being able to determine the card with the highest access level in the panel to duplicate / clone.

The Solution - Data Encryption at Rest:

Modern security panels should have encryption available as an option, and it should be enabled in a best-practices implementation.  The terminology surrounding panel encryption can be confusing, make sure that when enabling / verifying that you are working with regards to the data being stored on the panel, and not the data in transit (our next blog entry).  The data encryption that will protect data on-panel is often referred to on-board encryption, SD card encryption, or Data at Rest encryption.  This means that the data being stored locally on the controller is encrypted and secured.  Some panels have an added security layer termed CNPI (Centre for the Protection of National Infrastructure).  A CNPI implementation sets a no-local-storage on non-volatile memory policy for the security panel, meaning that the security database and transactions are only stored in non-permanent panel memory (RAM), and are lost / destroyed when the panel is powered off.  This has the added benefit of ensuring that there is simply no data on the panel available to try and decrypt in the event of an attack.  The down-side to the CNPI implementation is that in order for a panel to regain functionality after a power loss, it must be able to successfully communicate with the server to retrieve the operational data once again.  This also means that any historical transactions that may have been stored on the panel (and not yet communicated to the server) will also be lost.  Encryption at Rest and other on-panel security protocol implementations like Trusted Execution Environment, Secure Boot, Firmware Signature Checking, etc. are a key factors to protecting the integrity of data present in the field.  These technologies should be implemented in addition to standard security breach notifications such as panel communication failures, AC power failures, and panel tamper alarm.

If you're interested in learning more, have questions, or just want a frank evaluation of your current or newly planned access control system, then please reach out to our knowledgeable sales team at This email address is being protected from spambots. You need JavaScript enabled to view it. or 346-200-3400.