Scribd
Upload
116 views16 pages

2022 MIPI DevCon CSI 2 Security Framework

The document discusses MIPI Alliance's development of a security specification to protect sensor data transmitted over MIPI CSI-2 for automotive applications like ADAS. It introduces two new protocols: the Service Extensions Protocol (SEP) which adds headers and footers to CSI-2 packets, and the Frame-based Service Extensions Data (FSED) which adds new packets. These protocols provide security features like authentication, integrity, and optional confidentiality with flexibility to trade off security level vs other factors. The specification aims to enable ECU control based on real-time system needs and is targeting completion in December 2022.

Uploaded by

sendra0285
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
116 views16 pages

2022 MIPI DevCon CSI 2 Security Framework

The document discusses MIPI Alliance's development of a security specification to protect sensor data transmitted over MIPI CSI-2 for automotive applications like ADAS. It introduces two new protocols: the Service Extensions Protocol (SEP) which adds headers and footers to CSI-2 packets, and the Frame-based Service Extensions Data (FSED) which adds new packets. These protocols provide security features like authentication, integrity, and optional confidentiality with flexibility to trade off security level vs other factors. The specification aims to enable ECU control based on real-time system needs and is targeting completion in December 2022.

Uploaded by

sendra0285
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

Phil Hawkes, Rick Wietfeldt

Qualcomm Inc.
Security WG Co-Chairs

MIPI CSI-2® Security


Framework

© 2022 MIPI Alliance, Inc.


Agenda
• MIPI Alliance is developing an industry security specification to
protect MIPI CSI-2®-based sensor data for ADAS/AD applications
• Two protocols tailored to MIPI CSI-2® frame structure:
– Service Extensions Protocol (SEP): Adds headers/footers to packets
– Frame-based Service Extensions Data (FSED) : Adds new packets
• Flexibility enables various tradeoffs
– Security level vs computation/power consumption/thermal
• Enables ECU control based on real-time system needs
• MIPI specifications targeting December 2022
© 2022 MIPI Alliance, Inc. 2
MIPI Automotive Security Goals
Considerable (10s Gbps) data volume in Distributing image data within the car over long distances 10-15m
Multiple Sensors (camera, lidar, radar) including for ADAS/AD

Authentication establishes trust between Sensor & ECU

Integrity (required)
• Ensures sensor data is unaltered between Sensor & ECU
• Security Consideration: Manipulating sensor ADAS data
• Ensures sensor control data is unaltered between ECU & Sensor
• Security Consideration: Manipulating sensor function
• Provided by Message Authentication Code (MAC)

Confidentiality (optional)
• Protects sensor data against unauthorized access between Sensor & ECU
Key Data Plane
• Security Consideration: Privacy: location-revealing images Control Plane
• Provided by Message encryption
Single cable

© 2022 MIPI Alliance, Inc. 3


Camera Services Extensions (CSESM) Layer
Source Sink
• Provides Services for Application Pixel Data Application

MIPI CSI-2® Traffic, Pixel Control Pixel Control

including Functional P2B


CSE
Control

Service Extensions over CSI-2


B2P
CSE
Control

Safety & Security


Security (SEP or FSED) Security
Safety Safety
Data Control Data Control

• Sits above MIPI CSI-2®


Existing CSI-2
Low Level Protocol Low Level Protocol
(LLP Sub-Layer)

LLP (Low Level Protocol) APPI


CSIA-SRC

16/32/64 bits
PAL/CSI-2

APPI
CSIA-SNK

16/32/64 bits

– Data-Type aware
Data + Control Data + Control

PHY Layer A-PHY PHY Layer

• CSESM Specification
A-PHY

© 2022 MIPI Alliance, Inc. 4


Security provided by SEP, FSED, CCISE Protocols

Controller Bridge to Long- Bridge to Long- Sensor


(SoC) Reach PHY Reach PHY

CSI-2®
SEP/ SEP/
Data Plane FSED SEP/FSED FSED
Messages
Agent Agent
CCI SM CCISE CCISE
Control Plane
Messag es Agent CCISE Agent
SEP: FSED: CCISE:
Service Extensions Packet Frame-Based Command and Control
Granularity: Message-based Service Extensions Data Interface Service Extensions
Sensor/Bridge -to- Granularity: Frame Based Granularity: I2C Transaction (StartàStop)
Controller/Bridge Sensor-to-Controller Sensor-to-Controller
© 2022 MIPI Alliance, Inc. 5
MIPI CSI-2 Frame Partitions
The sequence of CSI-2 Packets comprising a Frame
• A Sensor can transmit data in FP-1 Frame Start SP
multiple Virtual Channels FP-2
PH
PH
Embedded Data
Embedded Data
PF
PF
• Each Virtual Channel is a Top Block

sequence of Frames PH
PH
Embedded Data PF
Image Data PF
• Frame is a sequence of MIPI FP-3
Middle
PH
PH
Image Data
Image Data
PF
PF
CSI-2 packets Block
Sensor Pixel Data

• Frame can be partitioned into PH


PH
Image Data
Embedded Data
PF
PF
FP-4
5 Frame Partitions Bottom
Block
• MIPI CSI-2 packets from PH Embedded Data PF
FP-5 Frame End SP
multiple virtual channels can
be interleaved Key Embedded Data FP: Frame Partition PH: Packet Header
Image Data SP: Short Packet PF: Packet Footer

© 2022 MIPI Alliance, Inc. 6


FSED Frame Structure vs SEP Frame Structure
FSED: SEP:
CSI-2 format FSED Messages SEP Header/Footer added to CSI-2 Packets
inserted into Frame
FP-1 Frame Start SP PH SEP Header FN SEP Footer PF
PH
SP FSED CTRL_SYNC including MAC PF
PH Embedded Data (Opt Enc) PF PH SEP Header Embedded Data (Opt Enc) SEP Footer (Opt) PF
FP-2
PH Embedded Data (Opt Enc) PF PH SEP Header Embedded Data (Opt Enc) SEP Footer (Opt) PF
Top
Block
PH Embedded Data (Opt Enc) PF PH SEP Header Embedded Data (Opt Enc) SEP Footer (Opt) PF
PH FSED TOP TAG (opt) including MAC PF
PH Image Data (Opt Enc) PF PH SEP Header Image Data (Opt Enc) SEP Footer (Opt) PF
FP-3 PH Image Data (Opt Enc) PF PH SEP Header Image Data (Opt Enc) SEP Footer (Opt) PF
Middle PH Image Data (Opt Enc) PF PH SEP Header Image Data (Opt Enc) SEP Footer (Opt) PF
Block
PH Image Data (Opt Enc) PF PH SEP Header Image Data (Opt Enc) SEP Footer (Opt) PF
FP-4 PH Embedded Data (Opt Enc) PF PH SEP Header Embedded Data (Opt Enc) SEP Footer (Opt) PF
Bottom
Block
PH Embedded Data (Opt Enc) PF PH SEP Header Embedded Data (Opt Enc) SEP Footer (Opt) PF
PH FSED FRAME TAG including MAC PF
FP-5 Frame End SP PH SEP Header FN SEP Footer PF

Key PH: Packet Header SP: Short Packet


PF: Packet Footer FN: Frame Number (from Frame Start/End SP)

© 2022 MIPI Alliance, Inc. 7


Flexibility: Crypto algorithms
• “Efficiency” sensors: lower Gbps, can’t afford additional HW
• “Performance” sensors: Higher Gbps, can afford additional HW
• Efficiency “E” Algorithms: AES-CMAC Integrity. No Encryption
– AES HW for integrity only. Sensor can’t afford encryption.
– Not Parallelizable – limited throughput, but enough for “Efficiency” Sensors
• Performance “P” Algorithms : AES-GMAC Integrity w/ opt AES-CTR Encryption
– AES-GMAC needs Galois Field Multiplier HW
– (Opt) AES HW for encryption
– AES-GMAC and AES-CTR parallelizable – easily scale for high performance MIPI CSI-2
• Both algorithm Types (“E” & “P”) support use of AES with 128-bit key and 256-bit key
• ECU controls which Ciphersuite is applied

© 2022 MIPI Alliance, Inc. 8


Flexibility: Frame
Partition (FP)
Frame
Data
SEP
Tag Modes
FSED
Tag Mode

Tag Modes 1a 1b 1cd


(Per-Msg) (Per-Data-Type) (Per-Frame)
2ab
(Per-Frame)
Ciphersuite: P Ciphersuite: P Ciphersuite: E,P Ciphersuite: E,P
Tag = Security MAC &/or FuSa CRC FP-1 Frame Start Frame Number MAC CRC MAC CRC MAC CRC

FSED CTRL_SYNC MAC CRC


Tag Mode identifies when Tag is
Top
sent within a given Frame, & FP-2 Block
ED MAC CRC
which packets are covered by Tag (ED) ED MAC CRC MAC CRC MAC CRC

(O) FSED TOP_TAG MAC CRC


ECU controls which Tag Mode is
applied Data Type 1 MAC CRC
Middle Data Type 1 MAC CRC MAC CRC
FP-3 Block
KEY: Data Type 2 MAC CRC
(Image)
ED: Embedded Data Data Type 2 MAC CRC MAC CRC
Ciphersuite E: Efficiency
Ciphersuite P: Performance
Bottom ED MAC CRC
Unencrypted Payload FP-4 Block
ED MAC CRC MAC CRC
(ED)
Optionally Encrypted Payload FSED FRAME_TAG MAC CRC
FSED Message Frame End MAC CRC MAC CRC MAC CRC
FP-5 Frame Number

© 2022 MIPI Alliance, Inc. 9


Flexibility: Security Variants
• Integrity protection may not be Relative Security Level (Integrity)
required on all data in frame
1 2
– E.g., video frame spatial redundancy
– Partial integrity: some data integrity Equivalent
relative security
protected; other data skipped 3 levels based on 4
Partial Integrity
• Encryption may not be required for parameters
all data in frame 5
Full Integrity Partial Integrity No Integrity
– E.g., Encrypt Embedded Data, but not SV-1 Enc On, SV-2 Enc Off Enc Off Enc Off
image data
SV-1 SV-2 SV-3 SV-4 SV-5
• Security Variants (SV) enable Full Int, Full Int, Line-based Partial Int, Byte-based Partial Int, No Int,
Enc On Enc Off Enc Off Enc Off Enc Off
applying Integrity/Encryption for
only specified portions of Video Video line Video line Video line Video line Video line
Video line Video line Video line Video line Video line
frame Video line Video line Video line Video line Video line
Video line Video line Video line Video line Video line
– Enables tradeoffs between security,
computation and power consumption Encrypted Integrity-protected (Covered by MAC) No Security

© 2022 MIPI Alliance, Inc. 10


Flexibility: Security Variants & Frame Partitions Frame Security Variant Options for each Frame Partition within a given Frame
Partition (FP) Example selection shown in red outline

• Security Variant selected separately for FP- SV-1 SV-2 SV-3 SV-4 SV-5
2, FP-3, FP-4 within a given Frame Full Int,
Enc ON
Full Int,
Enc OFF
Line Partial Int,
Enc OFF
Byte Partial Int,
Enc OFF
No Int,
Enc OFF

– FP-2: 4 options (SV-1/2/3/5) FP-1 Frame Start


Always use SV-2
SEP Only

– FP-3: 5 options (SV-1/2/3/4/5) FP-2 Top Block 1st Line Only


(Embedded Data)
• For SV-3 & SV-4 in Middle Block, Stride 4 Options: SV-1/2/3/5

Pattern selects which data is integrity


protected (blue) and which data is not FP-3 Middle Block Stride Pattern Stride Pattern
protected (white) (Image data)
5 Options: SV-1/2/3/4/5

– FP-4: 4 options (SV-1/2/3/5)


• ECU controls: FP-4 Bottom Block
(Embedded Data)
1st Line Only

4 Options: SV-1/2/3/5
– Which Security Variants are applied in Top,
Middle and Bottom Block FP-5 Frame End SEP Only
Always use SV-2

– Stride Pattern for Middle Block SV-3 & SV-4 No Security Data is Integrity-protected (MAC) Data is Encrypted
Key
Example selected SVs for a given Frame

© 2022 MIPI Alliance, Inc. 11


Flexibility: ECU selects options
• MIPI CSI-2 security operations has four facets:
– Protocol: SEP, FSED
– Ciphersuites: Efficiency, Performance
– Tag Modes: SEP: per-Message, per-Data-Type, per-Frame. FSED: per Frame
– Security Variants: for each Frame Partition
• Vendors choose which options they implement
• ECU controls security operations based on system needs
– Each Virtual Channel controlled independently
– Changes can be applied on Frame boundaries
• Commonalities of FSED & per-frame SEP enable dual-protocol implementations

© 2022 MIPI Alliance, Inc. 12


Conclusion
• MIPI Alliance is developing an industry security specification to
protect MIPI CSI-2-based sensor data for ADAS/AD applications
• Two protocols tailored to MIPI CSI-2 Frame structure
– Service Extensions Protocol (SEP): Adds headers/footers to packets
– Frame-based Service Extensions Data (FSED) : Adds new packets
• Flexibility enables various tradeoffs
– Security level vs computation/power consumption/thermal
• The MIPI Security (v1.0), CSESM (v2.0) and CCISESM (v1.0)
specifications are targeted for December 2022
• Further information may be obtained via [email protected]
© 2022 MIPI Alliance, Inc. 13
ADDITIONAL RESOURCES

• Available now/soon
– MIPI CSI-2 Security Technical Overview (ppt)
• Coming in December for MIPI Member Review
– MIPI Security v1.0 Specification
– MIPI CSE v2.0 Specification
– MIPI CCISE v1.0 Specification
• MIPI Security Working Group
– https://members.mipi.org/wg/Security/dashboard
• Security Update at MIPI Automotive Workshop, 15 Nov 2022, 07:00-10:30 PDT
– https://www.mipi.org/knowledge-library/webinars/events/2022-automotive-workshop

© 2022 MIPI Alliance, Inc. 14


© 2022 MIPI Alliance, Inc.
© 2022 MIPI Alliance, Inc.

You might also like