Over the Air and Under Your Screen: The Magic of OTA Updates

A key, almost trademark feature of modern electronics is their ability to be updated wirelessly with help of the internet. Updates to games, device security policies, and even firmware are all bundled under the umbrella of over-the-air (OTA) updates. The advent of administering updates to technology over the internet revolutionized the way customer service for connected devices is carried out, eliminating the need to send a device back to the manufacturer to repair or upgrade it. Critical security updates can now be applied instantly, reducing the number of victims that would suffer in the time it took to have their device physically updated. This is a key functionality in mitigating the damage that could be caused by a data breach or other cyber-attack. The technology used to carry out such updates is also remarkable, especially when it comes to updating the firmware controlling the device’s hardware.

Due to the firmware being the base upon which all other software on a device runs, updating it poses certain challenges, such as how to optimize memory usage while also mitigating the possibility of an update malfunction. Two prevalent techniques for updating device firmware are binary replacement and delta updating.

Binary replacement is the simpler of the two, requiring the entire firmware binary file to be downloaded before the update can begin. Once the update is downloaded, some situation-specific trade-offs must be made before updating. If the manufacturer wishes to include a rollback feature (ability for an old firmware to be re-installed in the event of a failed/compromised update) then they must allocate space equal to three times that of the device’s firmware. The advantage to including a rollback is that it becomes very difficult for a device to be disabled due to a failed firmware update, and not including a rollback can cause damage beyond the scope of another OTA update.

A delta update is a more selective, resource-saving strategy to applying firmware updates. This technique uses knowledge of the firmware version already on the target device, and only transmits the differences between the new and old versions, reducing the amount of data needed for the update. Once the device has downloaded the patch and enters update mode, however, there still remains the risk of errors resulting in a bricked device if proper mitigation steps are not taken.

As the computers in connected cars begin to drive the innovation and progress of the automotive industry, secure OTA update capability will be a necessity in automotive applications of the future. Administering firmware and security patches to vehicles not only protects user data and privacy, but their very lives as well. Despite being born to the mobile device industry, OTA technology will see its true potential in the automotive ecosystem.

 Trillium Announces Vehicular GDPR Assurance Platform

Service enables companies that use vehicular data to comply with EU regulation

SUNNYVALE, CA and TOKYO, May, 25 2018 – Trillium Secure, the global leader in cybersecure automotive platforms, today announced enhanced privacy functionality to its SecureIoT platform that ensures compliance with the European Union’s General Data Privacy Regulation (GDPR).

“GDPR focuses on those who control and process personal data of European citizens. Fleet owners that collect and store customer and vehicular data from connected vehicles are scrambling to comply or face significant penalties. Trillium’s SecureIoT platform provides the requisite data protection needed to ensure compliance with this pioneering legislation” said Dr. Sachio Semmoto.

GDPR mandates that people have the right to know about the data that has been collected about them, its purpose and request its destruction. Individuals must be given the opportunity to opt out of having their personal information gathered and potentially shared. The legislation has especially severe impacts on the transportation domain where a data breach can have life threatening consequences.

“Trillium is spearheading the movement toward protecting the human behind the technology. Our platform ensures that customer data gathered from connected vehicles is kept away from prying hacker eyes” said Trillium Secure President and CEO, David Uze.

About Trillium Secure, Inc.

Trillium Secure provides a multi-layered solution for hardening connected and autonomous vehicles against cyber-attacks. Trillium’s SecureIOT platform provides authenticated operational and threat management data from fleet vehicles that preserves privacy, confidentiality and anonymity of data while at rest and in motion. Value-added service providers rely on secure and authentic data from Trillium for digital forensics, UBI, preventive maintenance, telematics, car sharing and other services. Trillium design centers and fleet security operation sites are located in Silicon Valley, Ann Arbor, Ho Chi Minh City and Tokyo. For more information, please visit www.trilliumsecure.com.


Ride-Sharing: Paving the Way for the Future of Transportation

Since their introduction into the transportation landscape, ride sharing companies such as Uber, Lyft, Gett, and MOIA have changed the way travel is viewed for an entire generation of riders. Filling a gap in the industry left by traditional public transportation and private vehicle ownership, ride sharing services are set to be a focal part of the transportation landscape of tomorrow. Their impact is already being seen today, with new buildings in cities like Chicago already accounting for people arriving through ride-share by reducing the number of parking spots made.

A large part of what makes fleets of ride share cars so powerful is their ability to gather large amounts of data over a long period of time. The data gathered includes that of routes traveled, time in transit, popular destinations/starting points, vehicle condition, and more. This is possible thanks to advancements in vehicle connectivity, allowing tire pressure monitors, GPS modules, and Electronic Control Units to send their data to a backend server through cellular networks and Wi-Fi.

Of particular use to fleet owners seeking to manage their vehicles is the diagnostic data that can be collected from the different components in the vehicles. Dashboard alerts that can sometimes be missed by drivers can be foregone in favor of direct notifications to the fleet management server, alerting the owner of the vehicle more effectively. This data can also be analyzed over long periods of time, and through the use of analytical algorithms pre-emptive maintenance can be applied, saving time and money by detecting potentially costly faults ahead of time.

With the ability to gather data from millions of vehicles at once, the mobility of the future will continue to be refined, leading to new innovative smart mobility solutions. With the efficiency provided by car-pooling-based ride sharing services, the transportation of tomorrow is set to improve the environment, human work rate, and overall community productivity.

Trillium at VDI in Dusseldorf

From May 16th-17th, Trillium’s executive team joined the VDI IT Security for Vehicles conference in Dusseldorf, Germany, leading a workshop on automotive cyber-security and giving two keynote speeches to the audience of automotive industry professionals. The event brought together leading experts from the automotive and cyber-security industries to address the need for vehicular IT security in the future of the transportation industry. We would like to thank all our partners in the logistics and fleet ownership sectors that came to support Trillium and the event, and we look forward to your continued support.

GDPR and Your Connected Car

On May 25th 2018, the General Data Protection Regulation (GDPR) passed by the EU in 2016 will begin to take effect. This set of regulation standards for the handling of European citizens’ data is an unprecedented document in the history of data protection policy, bringing to these issues a level of clarity rarely seen in legislation.

The regulation dictates many policies for anyone that offers products or services to consumers in the EU, regardless of the location of the provider. All policies veer in favor of the consumer’s rights to their data. This includes prohibiting use of data without the owner’s consent, allowing the consumer to see what data is being used and how, and allowing consumers to request that their data be deleted from any service without question. Of equal importance is the GDPR’s strict policies regarding data breaches, stating that knowledge of a user’s data being compromised must be reported to them without “undue delay,” and that any breach must be reported to Data Protection Authorities within 72 hours. The penalty for non-compliance in the event of a breach is heavy, equaling 4% of a firm’s annual revenue or € ($23 million), whichever is greater.

This legislation will have a profound impact on the automotive industry in the coming decades. The vehicles of tomorrow process an enormous amount of user data every day for the purpose of connected car-enabled safety systems and user experience enhancements. The contents of this data ranges from phonebook data and call history to minute-by-minute location data provided through GPS. With real-time V2X technologies coming to fruition through Dedicated Short-Range Communication and 5G technology, even more venues in the vehicle will have access to sensitive user data.

The changes brought by the GDPR will motivate members of the automotive industry to pursue strategies that prioritize the security and accessibility of user data. This calls for all data collected from a vehicle to be securely aggregated and analyzed with around-the-clock safeguards in place to react to any data breaches. Vehicular cyber security must be implemented at every level from In-Vehicle Networks to back-end cloud servers, safeguarding the closed-loop data architecture that is key to the success of connected vehicle deployment. SecureIoT, Trillium’s multilayered automotive cyber security suite is made with this need in mind, having been built from the ground up for ensuring user and data protection in vehicular applications.

Trillium in Israel – MI Mobility Israel Mission

From May 5th to May 9th, Trillium Secure, Inc. along with executives from the American Center for Mobility and Michigan Economic Development Corporation led the MI Mobility Israel Mission in Tel Aviv, Israel. Trillium executives offered valuable insight regarding the use of cyber-security systems in the automotive sector as the envoy set out to realize the host of mobility and cyber technology Israel is home to. Recognizing Israel’s position as a mecca of innovative cyber technologies, Trillium has made several strides towards instilling itself as a leading innovator in the region. We look forward to further strengthening our relationships with the ACM and our partners in the Israeli cyber market.

Trillium Secure, Inc. at MobilityX 2018

On Thursday, May 10th 2018, President and CEO of Trillium Secure, Inc. David M. Uze will deliver a keynote speech at the MobilityX conference in Dublin, Ireland.

Every year, MobilityX brings together the best of the mobility industry, connecting disruptive startups and CEOs of leading global corporations to realize the future of transportation.

The 2018 conference will focus on autonomous, connected, electric, and shared vehicles, and Uze’s speech will highlight the importance of cyber-security in connected vehicle and fleet deployment.

To schedule a private meeting and/or demonstration, please contact adrian.sossna@trilliumsecure.com.

When Cars Talk: An overview of V2X Technologies

Cars are no longer self-contained mechanical modes of transportation. Thanks to added connectivity, they are interactive members of their environment, with the ability to communicate with other vehicles, surrounding infrastructure and more. This subset of connected car features are referred to as Vehicle to Everything (V2X) systems.
V2X systems require high-speed connectivity to implement the real-time functionalities they seek to implement. This connectivity is provided by DSRC, or Dedicated Short-Range Communications. DSRC uses a protocol similar to the IEEE Wi-Fi standard, using 75 MHz of spectrum in the 5.9 GHz band exclusively for intelligent transportation systems. These systems broadcast useful data about their host vehicle including GPS position, path data, velocity, future paths, and more. Broadcast over 300 meters away at a frequency of 10 Hz, this information can be picked up by other vehicles and connected infrastructure to implement advanced vehicle safety and convenience-enhancing systems.
Vehicle to Vehicle (V2V) systems let vehicles communicate with one another wirelessly in real time, allowing them to inform their drivers of upcoming threats and obstacles. This leads to improved road safety, as cars using DSRC can be alerted of emergency vehicles coming around a corner, cars travelling in their blind spots, or hidden cars occupying a pass lane. Even in a car driven by a human, notification of these conditions can greatly reduce the risk of an accident or other incident. In cars with autonomous driving capabilities, V2V communication can be used to implement efficient platooning, improving mileage and trip time for all cars in the platoon.
Vehicle to Infrastructure (V2I) technology can be used in similar ways to V2V, increasing road safety and enhancing driver experience. Traffic signals can broadcast their color and how much time remains before they change – giving drivers ample time to adjust their behavior before approaching an intersection. Parking areas can advertise open parking spots to vehicles over DSRC, reducing time wasted roaming a parking lot to find an empty space.
Apart from V2V and V2I systems, there exists another classification of systems called Vehicle to Pedestrian (V2P). These systems involve interacting with pedestrians around a vehicle, alerting them via smartphone notification of a passing emergency vehicle, the arrival of their rideshare, or where their vehicle is located.
These technologies are a clear example of the benefit to be gained from a transportation environment occupied by connected vehicles. Allowing vehicles to interact with their surroundings and users wirelessly and in real time improves both the safety and the quality of our roads and other transportation infrastructure. As vehicles move closer to perfect autonomy, the value of their ability to communicate will only increase. As cutting-edge technologies like 5G come to fruition, the scale on which these applications can be applied will widen drastically, and new ways to improve transportation will make their way into the world.