Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

AllSeen Alliance's AllJoyn framework eases IoT security issues

The updated AllJoyn framework is addressing many of the IoT security issues plaguing connected devices.

The AllJoyn framework, managed by AllSeen Alliance, calls itself "the industry's most complete IoT framework with...

built-in security." New functionality added last fall helps AllJoyn prevent IoT security issues and enable the secure interoperability of Internet of Things devices, regardless of operating system, manufacturer or type of device, and without requiring a cloud connection.

It is currently the largest open source project aimed expressly at IoT, with over 200 manufacturers signed up to it so far, including Samsung, Cisco and Panasonic, as well as Microsoft, which has made it a core component of Windows 10.

The AllJoyn framework: Gateways, Apps and Routers

AllJoyn handles all the communication between devices using a common API that all devices can use to communicate. Once the framework is integrated into a device, AllJoyn handles all standard IoT processes, such as onboarding new devices, sending notifications and remote control of the device. The framework also allows private communication between devices. Although cloud communication is not required (for example, if all AllJoyn devices are on the same network), cloud connections are supported if needed using a gateway device. In this scenario, only one device -- the gateway -- would be connected to the cloud, reducing the need for every device to have a public-facing IP address. This significantly reduces the attack surface of the network.

AllJoyn works using what it calls "Apps" and "Routers." AllJoyn Apps cannot communicate with each other without going through a router first. An AllJoyn Router is not a physical device; in fact, it can be on the same device as an App, which it will be for an Android or iOS device. Embedded devices (as quite a few IoT devices are) lack the computing power to run the Router, so will connect to a different device first. For businesses, this means that if all IoT devices support the AllJoyn framework, it will significantly reduce the overhead of managing those devices through different systems. Building management systems, for example, could use devices from different manufacturers but maintain easy interoperability between them where the AllJoyn framework is used.

The AllJoyn framework: All about security

IoT security issues have always been a major concern. At the end of the day, the archetypal IoT device is just a very small computer with an IP address and open ports and services just like any other IP-connected device.

The AllJoyn framework is trying to address security by enforcing end-to-end encryption, meaning the data stored and transmitted by the device cannot be intercepted and read by anyone on the same network. This is especially important as nearly all IoT devices are wireless enabled, making interception of data far easier than on a wired network. There have been a number of cases, where IoT devices have leaked the authentication details, of a wireless network, such as with the iKettle that could be tricked into connecting to another wireless network and reveal the wireless key. Any framework that helps prevent basic security mistakes -- and IoT security issues -- such as this is always welcome.

More on IoT security issues

IoT security: A hurdle of the connected world

How to cook up an IoT security strategy

Your guide to IoT security challenge prevention

The AllJoyn framework addresses security at the application level, not at the device level. This is done through the Simple Authentication and Security Layer framework using the SASL exchange protocol D-Bus Specification to exchange authentication data.

Overall, AllJoyn is an ambitious project that could, with the right support, provide a framework to allow businesses to interconnect many different devices securely and with minimal effort. However, it isn't the only framework vying to be the de facto standard for IoT. Others include Weave, OIC, ZigBee and Z-Wave -- and it's too early to say which will become the dominant force.

Next Steps

The Wild West of IoT standards

Exploring a world with more IoT standards bodies than IoT standards and figuring out who will win the IoT standards war

This was last published in May 2016

Dig Deeper on Internet of Things (IoT) Standards and Certifications

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What security measures is the AllJoyn framework missing?
Cancel
Specifically, how would AllJoyn enable two-factor authentication to unlock your connected front door or access the security cameras on your house?  

Maybe AllJoyn is missing "strong authentication" which is what SurePassID provides. They licensed their IoT Security Famework to Freescale/NXP to enable chip manufacturers and IoT product makers to embed authentication at the core level.  This "authentication server-on-a-chip" is available on Freescale's i.MX series and Kinetis chips.

The SurePassID IoT Security Framework enables a user to apply 2-factor authentication to any connected device. For example, you may want to have strong authentication to open your front door, open the garage door or access your security video system. For turning on your lights or setting your thermostat, you simply would not enable 2FA for those items.

Give the end user the choice to require two-factor authentication to access or control a connected device. The first factor would be the username/password to launch the app that controls the connected device. the second factor would be any number of methods such as fingerprint sensor on the mobile phone, facial or voice recognition apps, Nymi Biometric (ECG) Wristband, FIDO keyfob (NFC or BLE) or even Google Authenticator.

Check it out.
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close