AllSeen Alliance's IoT Framework Gets Major Security Enhancements

As the Internet of Things (IoT) gains momentum, there is a need for collaboration, open and interoperable tools, and governance.  On this front, the AllSeen Alliance’s members have helped to move innovation forward. The alliance is building out an open source software framework, AllJoyn, to seamlessly connect a range of objects and devices in homes, cars and businesses. Earlier this year, when we talked with the alliance's leader, Philip DesAutels (shown here), he noted that security was going to become a big theme for the Internet of Things.

Now, the AllSeen Alliance has announced major authentication and device authorization updates to the AllJoyn open source framework for Internet of Things (IoT). The new functionality builds on AllJoyn's existing end-to-end data encryption and message-based security, adding semantics that extend familiar security models from the cloud and app domain to the devices that make up the IoT.

"The result is the industry's most complete IoT framework with built-in security," says the Alliance's announcement. "With this addition, AllJoyn-enabled devices will work safely and securely, regardless of platform, manufacturer, transports, OS or chipset."

The variety and volume of connected devices comprising the Internet of Things is poised to become staggering. Today's security protocols vary from manufacturer to manufacturer, and even device to device, resulting in fragmentation, poor network security policies and weak links that create undue risk. 

 Building on the existing AllJoyn message-based security model, major new security updates, such as fine-grained access controls, are targeted to allow developers and OEMs to easily implement security policies in a consistent way.

"For IoT to see mainstream adoption, and more importantly truly make people's lives better, any fears or concerns about security and device privacy must be addressed. We're enhancing AllJoyn's security with collaboration across the IoT ecosystem, allowing us to standardize security for IoT, regardless of manufacturer or use-case," said Philip DesAutels, Senior Director of IoT, AllSeen Alliance. "We've extended a familiar security model to the world of IoT, making it as easy as possible for developers, product managers and engineers to adopt an industry standard security protocol for all IoT devices, regardless of transport or operating system."

AllJoyn's new updates focus on three pillars of security:

- Authentication: enhanced AllJoyn authentication is fully managed by the framework. While completely transparent to users, it's possible to grant different users specific device access functionality by easily setting unique policies and permissions. User credentials are not stored and reused across all devices in a home or business. Usernames, passwords and pins are eliminated, which are all pain points for consumers and weak links with IoT security.

- Authorization: fine-grained access control grants permissions or restricts access to users. With enhanced AllJoyn authorization, no central authority or Internet connectivity is required. AllJoyn-enabled IoT devices can also become aware of specific end-users and adjust behavior accordingly.

- Encryption: The framework has existing end-to-end encryption to protect data and heighten user privacy.