AllSeen Alliance Addresses Major IoT Security Challenge; New Layer Gives More User Control and Key Management For Even Greater Device Security
SEATTLE, AllSeen Alliance Summit, Oct. 19, 2015 – The AllSeen Alliance, a cross-industry collaboration to advance the Internet of Everything through the AllJoyn®open source software project, today announced major authentication and device authorization updates to the AllJoyn open source framework for Internet of Things (IoT). The new functionality builds on AllJoyn’s existing end-to-end data encryption and message-based security, adding rich semantics that extend familiar security models from the cloud and app domain to the devices that make up the IoT. The result is the industry’s most complete IoT framework with built-in security. With this addition, AllJoyn-enabled devices will work safely and securely, regardless of platform, manufacturer, transports, OS or chipset.
The variety and volume of connected devices is staggering and the standard security protocols across the IoT ecosystem are lacking. Today’s security protocols vary from manufacturer to manufacturer, and even device to device, resulting in fragmentation, poor network security policies and weak links that create undue risk. The AllSeen Alliance recognizes that the use cases for connected devices, services and applications are highly customized by the user and provider, requiring a security framework that can offer protection across a breadth of scenarios. Building on the existing AllJoyn message-based security model, major new security updates, such as fine-grained access controls, allow developers and OEMs to easily implement security policies in a consistent way.
The updates follow a model of security commonly found in computing and applications with users, groups, roles, relationships and things extended to IoT. The security manager service architecture now inherent in AllJoyn minimizes development time and complexity, providing key management, permission rules, and certificates when managing IoT applications and devices.
“For IoT to see mainstream adoption, and more importantly truly make people’s lives better, any fears or concerns about security and device privacy must be addressed. We’re enhancing AllJoyn’s security with collaboration across the IoT ecosystem, allowing us to standardize security for IoT, regardless of manufacturer or use-case,” said Philip DesAutels, Senior Director of IoT, AllSeen Alliance.“ We’ve extended a familiar security model to the world of IoT, making it as easy as possible for developers, product managers and engineers to adopt an industry standard security protocol for all IoT devices, regardless of transport or operating system.”
Using a peer-to-peer communications framework, AllJoyn is the first IoT platform to provide end-to-end, application-level security and data encryption. AllJoyn security occurs at the application level; there is no trust at the device level. By running on the local, proximal network without LAN/Wi-Fi security requirements, AllJoyn-enabled applications and devices can talk directly to each other quickly and efficiently with reduced vulnerability to outside attacks. When cloud connection is required or desired, the AllJoyn Gateway Agent allows cloud services to bridge with the AllJoyn proximal network in a secure and private way.
AllJoyn’s new updates focus on three key pillars of security:
Authentication: enhanced AllJoyn authentication is fully managed by the framework. While completely transparent to users, it’s possible to grant different users specific device access functionality by easily setting unique policies and permissions. User credentials are not stored and reused across all devices in a home or business. Usernames, passwords and pins are eliminated, which are all pain points for consumers and weak links with IoT security.
Authorization: fine-grained access control grants permissions or restricts access to users. With enhanced AllJoyn authorization, no central authority or Internet connectivity is required. AllJoyn-enabled IoT devices can also become aware of specific end-users and adjust behavior accordingly.
Encryption: The framework has existing end-to-end encryption to protect data and heighten user privacy.
Available for download today, the AllJoyn security updates are open to developers’ feedback to ensure that the features best meet the needs of the market. Developers are especially encouraged to help fine-tune APIs and feature sets. Major contributors to the AllJoyn security updates include Microsoft, Qualcomm Connected Experiences, Inc., QEO and Symantec. To learn more about AllJoyn security, click here.
Figure: AllJoyn security architecture
About The AllSeen Alliance
The AllSeen Alliance is a non-profit open source consortium dedicated to driving the widespread adoption of products, systems and services that support the Internet of Everything with an open, universal development framework that is supported by a vibrant ecosystem and thriving technical community. The Alliance manages and advances an industry-supported collaborative open source software connectivity and services framework based on AllJoyn technology accepting contributions from premier, community and sponsor members and the open source community. This secure and programmable software connectivity and services framework enables companies and individuals to create interoperable products that can discover, connect and interact directly with other nearby devices, systems and services regardless of transport layer, device type, platform, operating system or brand. For more information, please visit: http://www.allseenalliance.org.
The AllSeen Alliance is a Collaborative Project at The Linux Foundation. Linux Foundation Collaborative Projects are independently funded software projects that harness the power of collaborative development to fuel innovation across industries and ecosystems. www.linuxfoundation.org.