New Camera Security Framework Addresses Security Requirements for Automotive and Other Embedded Applications

February 04, 2025

Blog

Advancements in image sensor technology are enabling a host of new applications, leveraging more advanced image sensing capabilities, in smaller form factors, with lower power consumption and lower cost. Examples include cars using cameras, radars, and lidars to become more autonomous; autonomous drones performing aerial reconnaissance with beyond-line-of-sight operation; industrial robots using high-resolution image processing to perform real-time quality control; and advanced endoscopic medical imaging resulting in faster diagnosis and treatment.

This article introduces the newly released MIPI Camera Security Framework, which defines a flexible approach to adding end-to-end security to automotive and other machine vision applications. The framework leverages the MIPI Camera Serial Interface 2 (MIPI CSI-2®), a high-speed interface primarily intended for high-bandwidth, point-to-point image data transmission between image sensors and application processors. CSI-2 has achieved widespread market adoption for its ease of use and ability to support a broad range of high-performance imaging applications using cameras, lidars, infrared, and other types of image sensors. In practice, automotive machine vision applications typically involve the use of CSI-2 over a long-reach connection technology between the sensor and the application processor.

Why Imaging Systems Need to be Secure

When considering new machine vision use cases, it quickly becomes apparent that systems must be protected from security threats. In automotive, where security equals safety, the image systems associated with advanced driver assistance and autonomous driving must be protected against risks such as the installation of substandard or unauthorized image system components, malicious manipulation of image data and violations of occupant privacy. Similarly in manufacturing, where imaging systems are used for quality control and automated logistics, such systems must be protected against security risks that could impact production, and privacy violations that may enable industrial espionage.

Imaging System Security Requirements

To address these threats, imaging systems must be secure and protected end-to-end, from the source of image data within an image sensor to the data sink within a corresponding application processor (e.g., automotive ECU). This fundamental requirement presents key design challenges:

• Image sensors generate massive amounts of data. It is essential that security operates with minimal data overhead to not exceed the in-vehicle network bandwidth, and with strict power and heat dissipation targets. Advanced security techniques—such as the use of partial data integrity protection, where the level of protection is "flexed" based on the criticality of the data sent within each image frame—must be leveraged to optimize system design.
• It is necessary for cameras to be connected using various network topologies to minimize design complexity. Security that is agnostic of the network topology, implemented at the application layer and independent of the communication network technology and components (SerDes bridges, forwarding elements, etc.) used to provide the communication network, is highly beneficial to system designers.

Introducing the MIPI Camera Security Framework

To mitigate security threats and meet these requirements within embedded imaging systems that leverage the use of CSI-2, the MIPI Alliance has created a new MIPI Camera Security Framework. The flexible framework, which leverages industry-verified security protocols, enables the authentication of imaging system sensors and networking components, integrity protection and optional encryption of image data, and protection of sensor command-and-control interfaces. The framework provides application-based, end-to-end security within vehicular and other image sensor applications as shown in Figure 1.

Figure 1: MIPI Camera Security Framework applied to a vehicular image sensor application (Source: MIPI Alliance)

Although the framework has been designed to protect automotive data streams, it is agnostic of the underlying communication network technology and can also be applied to the Internet of Things (IoT), industrial, and other use cases that leverage CSI-2-based image sensors for machine vision applications.

Framework Specifications and Features

The framework consists of four specifications:

1. MIPI Camera Service Extensions (MIPI CSE™) v2.0 – Defines security services to enable data integrity protection and optional encryption of CSI-2 data. This is in addition to the functional safety services provided in CSE v1.0.
2. MIPI Camera Security v1.0 – Defines system security management of MIPI CSE and MIPI CCISE, using the DMTF (Distributed Management Task Force) SPDM (Security Protocol and Data Model) architecture to authenticate and establish secure sessions between imaging system components.
3. MIPI Camera Security Profiles v1.0 – Defines a set of common security profiles to enable interoperability, including profiling SPDM authentication mechanisms.
4. MIPI Command and Control Interface Service Extensions (MIPI CCISE) v1.0 – Defines security services to enable data integrity protection and optional encryption of the MIPI Command and Control (CCI) interface based on I2C. This specification is presently under development with completion expected early this year.

In addition to authentication, integrity protection, and (optional) encryption of the image sensor data, the framework provides a high degree of flexibility to balance required security levels against processing efficiency, thermal regulation,n and power consumption. Other features include:

• Choice of ciphersuites – Options include an "efficiency" ciphersuite providing AES-CMAC data integrity only (no encryption) targeted toward sensors with limited hardware resources, as well as a "performance" ciphersuite that provides AES-GMAC data integrity and optional AES-CTR encryption aimed at sensors with dedicated hardware support.
• Choice of tag modes – Multiple tag mode options allow the implementer to choose how often the security tag is computed and transmitted.
• Granular security controls – These controls provide highly granular “source-selective” control over the different segments of the CSI-2 image frame to enable a sliding scale of security levels.

The MIPI Camera Security Framework also provides implementation flexibility. When both security and functional safety service extensions are enabled, security is layered on top of functional safety—from a source (or transmitter) perspective, security is applied to the image data first, followed by the application of functional safety.

Leveraging economies of scale and technical advancements from the smartphone industry, the new MIPI Camera Security Framework, coupled with the existing CSI-2 camera interface specification, will reduce design complexity, cost and development time. This standardized framework will free developers from the complications of creating security solutions for multiple existing interfaces, allowing them to focus on greater-value, product-differentiating technologies that sit higher up the protocol stack—such as applications that leverage machine learning and artificial intelligence to provide improved outcomes and enhanced customer experiences.

More  information on the MIPI Camera Security Framework can be found in a new white paper, “A Guide to the MIPI Camera Security Framework for Automotive Applications.”

---

Philip Hawkes is co-chair of the MIPI Security Working Group. His experience covers mobile networks, location technologies, IoT/M2M, WiFi and wired connectivity. Phil is currently a principal engineer, technology, at Qualcomm, and started his career as a symmetric cryptography expert involved in both design and analysis of algorithms.

Rick Wietfeldt is a senior director, technology, at Qualcomm Technologies Inc. in San Diego. He is responsible for wired connectivity interface technologies and their standards development organizations. He serves on the MIPI Board of Directors and is co-chair of the MIPI Security Work Group.