frenta - Fotolia


AllSeen Alliance's AllJoyn framework eases IoT security issues

The updated AllJoyn framework is addressing many of the IoT security issues plaguing connected devices.

The AllJoyn framework, managed by AllSeen Alliance, calls itself "the industry's most complete IoT framework with built-in security." New functionality added last fall helps AllJoyn prevent IoT security issues and enable the secure interoperability of Internet of Things devices, regardless of operating system, manufacturer or type of device, and without requiring a cloud connection.

It is currently the largest open source project aimed expressly at IoT, with over 200 manufacturers signed up to it so far, including Samsung, Cisco and Panasonic, as well as Microsoft, which has made it a core component of Windows 10.

The AllJoyn framework: Gateways, Apps and Routers

AllJoyn handles all the communication between devices using a common API that all devices can use to communicate. Once the framework is integrated into a device, AllJoyn handles all standard IoT processes, such as onboarding new devices, sending notifications and remote control of the device. The framework also allows private communication between devices. Although cloud communication is not required (for example, if all AllJoyn devices are on the same network), cloud connections are supported if needed using a gateway device. In this scenario, only one device -- the gateway -- would be connected to the cloud, reducing the need for every device to have a public-facing IP address. This significantly reduces the attack surface of the network.

AllJoyn works using what it calls "Apps" and "Routers." AllJoyn Apps cannot communicate with each other without going through a router first. An AllJoyn Router is not a physical device; in fact, it can be on the same device as an App, which it will be for an Android or iOS device. Embedded devices (as quite a few IoT devices are) lack the computing power to run the Router, so will connect to a different device first. For businesses, this means that if all IoT devices support the AllJoyn framework, it will significantly reduce the overhead of managing those devices through different systems. Building management systems, for example, could use devices from different manufacturers but maintain easy interoperability between them where the AllJoyn framework is used.

The AllJoyn framework: All about security

IoT security issues have always been a major concern. At the end of the day, the archetypal IoT device is just a very small computer with an IP address and open ports and services just like any other IP-connected device.

The AllJoyn framework is trying to address security by enforcing end-to-end encryption, meaning the data stored and transmitted by the device cannot be intercepted and read by anyone on the same network. This is especially important as nearly all IoT devices are wireless enabled, making interception of data far easier than on a wired network. There have been a number of cases, where IoT devices have leaked the authentication details, of a wireless network, such as with the iKettle that could be tricked into connecting to another wireless network and reveal the wireless key. Any framework that helps prevent basic security mistakes -- and IoT security issues -- such as this is always welcome.

More on IoT security issues

IoT security: A hurdle of the connected world

How to cook up an IoT security strategy

Your guide to IoT security challenge prevention

The AllJoyn framework addresses security at the application level, not at the device level. This is done through the Simple Authentication and Security Layer framework using the SASL exchange protocol D-Bus Specification to exchange authentication data.

Overall, AllJoyn is an ambitious project that could, with the right support, provide a framework to allow businesses to interconnect many different devices securely and with minimal effort. However, it isn't the only framework vying to be the de facto standard for IoT. Others include Weave, OIC, ZigBee and Z-Wave -- and it's too early to say which will become the dominant force.

Next Steps

The Wild West of IoT standards

Exploring a world with more IoT standards bodies than IoT standards and figuring out who will win the IoT standards war

Dig Deeper on Internet of Things (IoT) Standards and Certifications