Despite the increased focus on information security since the late 1990s, physical security remains a critical element in creating a secure site. The capability for field devices to respond to information from a controller formed the basis of the original access control systems. Those original systems - typically encompassing RFID readers or magnetic stripe readers running on Wiegand protocol - worked effectively as unidirectional arrangements, but there was ample opportunity for development.
Failings or shortfalls of existing device protocols included low speed, unencrypted or limited-encryption security, poor latency tolerance, and inefficient wiring configurations. The emerging Ethernet option, while delivering increased speed, had significant limitations in distance and presented additional security risks by exposing an organisations IT network on the unsecure side of the door. Other protocols, including Wiegand, are unencrypted allowing for data copying that left a site at risk of replay attacks.
Across all protocols, none were ideally suited to retrofitting as protocols such as Wiegand don't allow home run or daisy chain wiring of devices and devices must be star wired from a controller device.
The global technological move toward an overarching network of connectivity - where multiple devices with unique identifiers, simultaneously operate and communicate information - was a key driver in Gallagher’s development of a new protocol that would remove the limitations of the past and provide the security industry with a faster, more secure, interconnected, and scalable communications protocol.
What is HBUS?
In answer to the industry’s need for a more robust device communications protocol harnessing the principles of the internet of things, Gallagher developed and introduced its unique communications system: HBUS.
HBUS is a high speed RS-485 protocol, designed specifically for the needs of tomorrow’s field security hardware. HBUS delivers all the benefits of bringing edge field devices online, whilst providing unparalleled security and backwards compatibility with a site’s existing wiring, hardware, and infrastructure.
The introduction of HBUS dates back to 2011 when Command Centre version 7 was released. Since then, we have continuously innovated to bring more features and expand our device support. For example, we significantly improved support for Mobile Connect in 2016 and 2017. In 2021, we added extra security measures for Mifare Cards to detect cloned cards. Most recently, we introduced tag tracking, which allows our Multi-Tech readers to read Bluetooth Tags. This feature can be used for asset tracking, such as hands-free tracking of people travelling in vehicles at controlled speeds past the card readers.
Benefits of HBUS protocol
What set’s Gallagher apart is our cutting-edge HBUS communications protocol. This innovative protocol ensures accurate, secure, and fast communication, supporting a unique way to move information around our hardware and solutions. We developed HBUS as a revolutionary technology designed to surpass the functionalities of competing protocols.
Unique Identifiers
In keeping with the move toward physical security’s Internet of Things, Gallagher’s new communications protocol uses unique identifiers. These unique identifiers for all field devices, ensure the controller can recognise and trust the identity of each device individually. Through the introduction of unique identifiers, HBUS enables the controller to automatically recognise the devices, with only a simple authentication confirmation required for operation. The automatic recognition of HBUS delivers a plug and play solution – requiring minimal configuration between devices and the controller on set up.
Speed
Gallagher’s HBUS protocol runs on the RS-485 serial bus and operates at 1 Mb/s. This is substantially faster than other RS-485 based communications protocols which typically operate at a maximum speed of 38.4 Kb/s. The increased speed is achieved through Gallagher’s higher spec componentry and a significantly more efficient protocol. With a maximum speed difference of 96% over other protocols, HBUS delivers a substantially faster response time than other access control solutions.
Encryption
Gallagher aspires for all users to have the benefit of highly secure authenticated and encrypted device communications. Typically, device communication encryption has required installers to manually manage the configuration of the encryption keys; HBUS turns key management into a ‘plug and play’ solution.
During manufacturing, Gallagher installs certificates and Elliptic Curve p256 keys into every HBUS device to ensure there is no chance that any party can connect a counterfeit device to the HBUS network. At installation, shared keys are securely generated and stored in the controller and device so that even Gallagher do not have information that would allow the security to be circumvented. Additionally, each time a new communications session is initiated, AES128 keys are generated. If a session is maintained for more than a day these keys are regenerated.
While Wiegand has no security, and OSDP has security that needs to be properly configured and activated by the installer, HBUS is inherently secure - ensuring all Gallagher users have the best open standards based authentication and encryption that is available in today’s IT systems.
All HBUS devices maintain a heartbeat to generate an alert within the system should the device be taken off-line, and to protect against a wide range of potential attack methods. As HBUS devices communicate via RS-485 rather than TCP/IP, there is no need to expose a network Ethernet port on the non-secure side of the building.
High Sec End of Line Module
With Gallagher card readers protected by fully encrypted and authenticated communications, the weakest communication link remaining in the access control or intruder alarm system is the connection of the door sensors and the motion/intruder sensors. Traditionally they have been secured by end of line resistors housed in the enclosure of the sensor. This analogue voltage communication from the sensor to the controller can be defeated by attaching a small device, to the cable pair that report the sensor state to the controller, without triggering a tamper event. Another attack option is to substitute the sensor for a device that is under the control of the attacker.
Some government security authorities have deemed this a significant vulnerability, so Gallagher have created a small HBUS device, called the High Sec End of Line Module (ELM). The ELM fits inside the tamper protected case of a sensor and will guarantee that an alarm will be triggered if substitution or tampering with the communications to the sensor is attempted.
This device achieves the requirements for EN50131 Grade 4 and AS/NZS 2201 Class 5 intruder alarm standards.
Ease of configuration and maintenance
Unlike many IP based edge field devices, HBUS devices require no IT networking knowledge to install and configure. HBUS devices can be configured in Command Centre in advance, allowing quick ‘plug and play’ installation for the field installer. Configuration options on HBUS devices can be easily changed, allowing sites to customise how the device operates based on their specific needs. As HBUS devices regularly communicate to the Controller, their status can be easily monitored for maintenance and alarms purposes.
Upgradeability
The seamless upgrade capability of HBUS is a unique feature of the system. Firmware can be upgraded remotely from a central location and is then automatically updated at the device. The capacity to upgrade firmware without taking devices offline delivers operational continuity and significantly speeds up an installer’s time upgrading devices across large sites. The ease and simplicity of the upgrading process increases the probability of sites adopting new firmware as and when it becomes available.
Retrofit capability
As an RS485 protocol, HBUS allows for either star wired or home run/daisy chain wired installation - enabling the installer to make use of existing star wiring configurations on site. The Controller 6000 with 8H Module provides ten connections for star wiring. Another option available for a retrofit is to use a daisy chain of interconnected devices to minimize expenditure when new or additional wiring is required.
Communication
HBUS provides bi-directional communication, enabling information to be shared back and forth between the controller and device. This two-way communication creates an environmentally aware network that can adapt to changing needs and circumstances – and make the automated decisions necessary - as information is fed back from reader/sensor devices. As HBUS devices regularly communicate back to the Controller, their status is easily monitored for maintenance and alarms purposes.
Flexibility
HBUS has been designed with flexibility and scalability in mind. Star / home-run wired from an HBUS 8H or 4H Module, the system can host up to 80 devices (subject to device type) from each Controller 6000. As HBUS Modules are backward compatible with pre-existing Controller 6000 hardware HBUS can easily be added to current installations. HBUS runs over a wide range of common security and IT network cabling, making HBUS devices the perfect choice for retrofitting sites with existing wiring, eliminating costly and time consuming re-wiring.
HBUS Product Compatibility
HBUS is compatible with Gallagher hardware and software. For a complete list and specifications, please contact your local representative.
- Command Centre – from v7.05
- Controller 6000 – including previously installed units
- 4H / 8H HBUS Module
- T-Series Readers
- T20 Card + PIN Terminal
- T20 Alarms Terminal
- F22 Fence Controller
- Z10 Tension Sensor
- C300680 – HBUS 8in Board
- C300683 – HBUS 8in/4out Board
- C300688 – HBUS 16in/16out Board
- C300660 HBUS 8in/2out Door Module
Protocol Comparisons
When it comes to access control, Gallagher has it covered. Our controllers and devices support our own protocols as well as industry third-party protocols such as OSDP and Wiegand.
The Gallagher Controller 6000 is compatible with multiple protocols including Wiegand and OSDP, in order to support customers seeking a system where interoperability is the primary concern.
Gallagher’s OSDP implementation allows 3rd party card readers to connect and communicate basic access commands with the Gallagher Controller 6000.
For ultimate site security and performance, Gallagher recommends HBUS as the protocol for devices due to the additional benefits of increased speed, default high-level encryption, automated upgrading, and scalability.
Wiegand |
OSDP |
HBUS |
|
---|---|---|---|
Communication |
Unidirectional |
Bi-directional |
Bi-directional |
Encryption |
Unencrypted |
Optional Encryption (SCP) |
Mandatory encryption |
Speed |
n/a |
38.4 kb/s RS-485 |
1 Mb/s RS-485 |
Compatibility |
Open-standard |
Open-standard |
Gallagher HBUS |
Upgradability |
No upgrade option |
Optional, dependent on manufacturer |
All HBUS devices |
FAQs
Which Gallagher products support OSDP?
- OSDP version 2.1.6 is available from Gallagher Command Centre v7.30.
- OSDP connectivity is available on each of the two RS-485 ports of the Controller 6000 only, with support for up to 16 OSDP readers per controller over a maximum of 10 controlled doors.
- Gallagher’s implementation of OSDP supports OSDP enabled card and card + PIN readers.
Which Gallagher products support HBUS?
- Gallagher Command Centre – from v7.05
- Controller 6000 – including previously installed units
- 4H / 8H HBUS Module
- T-Series Readers
- T20 Card + PIN Terminal
- T20 Alarms Terminal
- F3 and F4 Fence Controllers
- Z10 Tension Sensor
- C300680 – HBUS 8in Board
- C300683 – HBUS 8in/4out Board
- C300688 – HBUS 16in/16out Board
- C300660 HBUS 8in/2out Door Module
Is additional licencing required for HBUS or OSDP?
Support for both HBUS and OSDP is a core feature of Command Centre, requiring no additional licensing.