FEATURE
Security framework protects image data BY PHILIP HAWKES & RICK WIETFELDT, CO-CHAIRS MIPI SECURITY There’s no doubt that image sensors play a crucial role in advanced driver assistance systems and autonomous driving. Today, the systems used to deliver the most advanced SAE Level 2 features typically utilize up to six image sensors, and that number is projected to increase significantly as more SAE Level 3 and beyond systems are introduced. Because of their safety-critical role in ADAS/AD systems, protecting image data against cybersecurity risks is paramount to the security of the overall vehicle. Security key for advanced image sensor-enabled ADAS It is essential for vehicle manufacturers to make advanced image sensor-enabled ADAS secure to protect against cybersecurity risks such as the installation of illegitimate substandard image sensor components, malicious manipulation of sensor data, and privacy violations from unauthorized access to images and any image-related metadata. To mitigate
16
Example placement of external image sensors and other sensors on a vehicle.
ELECTRONIC PRODUCTS & TECHNOLOGY / January/February 2024
these risks, the following security requirements must be considered: • ‘End-to-end data’ protection. Image data must be protected from ‘data source’ within each image sensor, to “data sink” within the sensor’s corresponding ECU SoC. This requirement favors the use of application layer security (as opposed to link layer), which provides end-to-end security irrespective of underlying communication network topology. • Component authentication. Components within the imaging system must be trusted, requiring the capability (by the ECU) to authenticate image sensors and the communication network components used to connect sensors to an ECU (e.g., SerDes bridges). • Source-selective security. The authenticity and integrity of image data generated by an image sensor must be verified by the ECU. This requires authentication tags containing message authentication codes (MACs) to be added into image data streams.This is not a trivial
task, and advanced techniques such as implementing partial data integrity protection, where the level of protection is “flexed” based on the criticality of the data sent within each image frame, may be leveraged to optimize the system design. This can reduce the heat generated in sensors, thus maintain the desired image quality, and reduce system power consumption. • Configurable data encryption. Where there is a risk of malicious data exfiltration from the imaging system, end-to-end data encryption should be applied. Solutions that allow the strength of encryption to be configured depending upon the level of risk should be leveraged to optimize the system design. • Secure command and control interfaces. It is essential to secure image sensor command-and-control interfaces, which today typically leverage I2C sideband interfaces, to mitigate risks arising from misconfigured sensors. • Standards-based framework. It is highly recommended that industry-verified security standards be leveraged within automotive imaging systems. Implementing Security • At the same time, the security requirements described above present multiple design challenges that must be overcome within the imaging system. For instance: • Imaging system security functions must be designed to operate within strict power and heat dissipation targets to limit overall cost and complexity of the system. • Due to the massive amount of data generated by image sensors, these systems require the use of specialized high-speed serial-deserializer (SerDes) communication links between the sensors and the processing ECU SoC. It is essential for security to be implemented with minimal data overhead to avoid exceeding the SerDes bandwidth. • To minimize cable harness weight and complexity, multiple image sensors will need to be connected using various communication network topologies, such as in a daisy chain or tree structure. Security functions should be agnostic of the underlying network topology to enable end-to-end security EPT.CA
Photo: MIPI Alliance
TRANSPORTATION AUTOMOTIVE