Home
Administrator Guide
Learn about Synergis Cloud Link hardware and software.
Integration-specific configuration
Learn how to configure third-party devices to work with your Synergis Cloud Link unit.
OSDP devices connected to the Synergis Cloud Link RS-485 ports
Configuring OSDP readers to prevent relay attacks
Prevent relay attacks on supported OSDP readers by configuring a maximum delay for card authentication.

Release Notes
Learn about the Synergis Cloud Link release.
Hardware Installation Guide
Learn how to install and connect your Synergis Cloud Link appliance.
Administrator Guide
Learn about Synergis Cloud Link hardware and software.
- Preface
- Introduction
- General configuration
  Learn how to configure your Synergis Cloud Link unit.
- Integration-specific configuration
  Learn how to configure third-party devices to work with your Synergis Cloud Link unit.
  - Allegion Schlage wireless locks
  - ASSA ABLOY Aperio-enabled locks
  - ASSA ABLOY IP locks
  - AutoVu SharpV cameras
  - Axis controllers
  - DDS controllers
  - HID VertX sub-panels
  - Mercury controllers
  - Allegion Schlage locks through Mercury
  - BEST Wi-Q locks through Mercury
  - SimonsVoss SmartIntego locks through Mercury
  - SALTO SALLIS wireless locks
  - OSDP devices connected to the Synergis Cloud Link RS-485 ports
    - Creating a channel to configure OSDP devices in the Synergis Appliance Portal
      OSDP devices, such as secure I/O modules and readers, must have their RS-485 bit rate and address configured before they can be used. To configure your readers in the Synergis™ Appliance Portal, you must create an OSDP channel with Programming mode enabled.
    - Configuring supervised inputs on secure I/O modules
      To configure a supervised input on a secure I/O module, you must first configure the input as 4 state supervised in Config Tool, then configure the resistance values on the Hardware page the Synergis™ Appliance Portal.
    - Configuring and adding OSDP readers in the Synergis Appliance Portal
      To add OSDP readers to a Mercury or Synergis™ unit, configure the readers using the Synergis™ Appliance Portal.
    - Enabling secure pairing on OSDP readers in the Synergis Appliance Portal
      By default, OSDP readers are enrolled in an unencrypted state. Enabling secure pairing increases access-point security.
    - Enabling MIFARE DESFire for transparent OSDP readers
      OSDP readers in transparent mode require you to store the keys on your Synergis™ Cloud Link unit, or on secure access module (SAM) cards if you have the Synergis Cloud Link 312 model.
    - Configuring OSDP readers to prevent relay attacks
      Prevent relay attacks on supported OSDP readers by configuring a maximum delay for card authentication.
    - Transferring files to OSDP readers in the Synergis Appliance Portal
      You can upgrade the firmware or configuration of OSDP readers by transferring files to the readers in the Synergis™ Appliance Portal.
  - STid readers using the SSCP protocol
- Maintenance and troubleshooting
  Learn how to troubleshoot issues and keep your Synergis Cloud Link unit up to date.
Glossary
Where to find product information
You can find our product documentation in the following locations:
Technical support
Genetec™ Technical Assistance Center (GTAC) is committed to providing its worldwide clientele with the best technical support services available. As a customer of Genetec Inc., you have access to TechDoc Hub, where you can find information and search for answers to your product questions.

Configuring OSDP readers to prevent relay attacks

2024-05-10

Prevent relay attacks on supported OSDP readers by configuring a maximum delay for card authentication.

What you should know

During a relay attack, it takes longer than normal for the system to authenticate a card because the attackers must relay messages to each other in the middle. For this reason, relay attacks can be effectively prevented by setting a maximum delay for card authentication. When the maximum delay is exceeded during a card read, the Synergis™ Cloud Link unit does not proceed to make an access decision, and the door remains locked.

Note: No Access denied event is generated when the maximum delay is exceeded.

Procedure

Log on to the Synergis Cloud Link unit.
Click Configuration > MIFARE DESFire .
In the Readers and associated MIFARE DESFire configurations section, select the Proximity Check option beside one or more OSDP readers.
For each reader with Proximity Check enabled, enter a value in milliseconds to define the maximum card authentication delay in the ms field.

Tip: Relay attack prevention is enabled per reader. Since each reader's timing is different, determine the average time that the reader takes to authenticate a legitimate badge and add a small margin of error to calculate the maximum delay. The suggested margin of error is 40 milliseconds.
To determine how long a card took to be authenticated, go to Maintenance > Log viewer . In the Logger drop-down, select Syslog, and in the Filter by regex field, enter SmartCard. Check the logs with the SmartCard prefix for the authentication time.
Click Save.