At MIPI’s first event of 2023, the co-chairs of the MIPI Security Working Group, Philip Hawkes and Rick Wietfeldt, provided a comprehensive introduction to the upcoming MIPI Security Framework, including an overview of specifications slated to be released this year, the framework’s security objectives and its underlying components.
The suite of four specifications that make up the framework is initially targeted at automotive advanced driver-assistance systems (ADAS) and autonomous driving systems (ADS) applications that require end-to-end protection of data streams between MIPI CSI-2®-based sensors and their related electronic control units (ECUs). In the near future, the same underlying security framework is expected to be applied to other application areas, such as the MIPI DSI-2℠ display protocol.
The following security-related specifications are currently being finalized, with MIPI member review scheduled in the coming months:
Safety-critical automotive use cases demand end-to-end protection (from pixel data source to data sink) of CSI-2 image sensor data. The MIPI Security Framework addresses this need by leveraging authentication to protect against unauthorized system components, integrity protection to prevent manipulation of sensor data and confidentiality to protect data privacy.
The flexible framework balances security requirements against the practical need to develop system components within tight power, size and heat tolerances. A key attribute to achieve this flexibility is the framework’s ability to support source-selective security, which enables a developer to flex the level of security to the structure of the CSI-2 protocol and, more specifically, to the anatomy of the CSI-2 image frame itself.
Furthermore, four security vectors have been built into the MIPI Security Framework to give developers flexibility in implementation:
The framework can maintain end-to-end security over a wide range of network topologies (e.g., for networks that leverage bridges, aggregators, etc.). When both security and functional safety service extensions are enabled, security is layered on top of functional safety—from a source (or transmitter) perspective, security is applied to the image data first, followed by the application of functional safety.
The functionality of the MIPI Security Framework is based on several key components.
The system security management suite is used to authenticate components within the system, to establish secure transport channels using session keys and, using these secure channels, to read/write security context parameters within the system.
The data service protocols then synchronize and execute security contexts. In this way, the data service protocols—namely the Service Extensions Packet (SEP) and Frame-Based Service Extensions Data (FSED) protocols—enable integrity protection and optional data encryption of CSI-2 data streams.
The system security management suite is built on the DMTF’s SPDM standard. Use of the SPDM protocol (which is itself based on TLS) was selected by the MIPI Security Working Group as a basis for the framework due to its flexibility and efficiency, having already been used to secure other applications that present many similarities to automotive network architectures.
The MIPI Security Profiles specification narrows down the options provided by the SPDM protocol and defines a set of common profiles to aid interoperability between system components and reduce test effort.
The session recording and presentation materials from the 2023 MIPI CSI-2 Security Forum are now available on demand. Additional information can be found on the Security Framework page of the MIPI website.
For updates on MIPI security specifications, upcoming events and new security resources, sign up for the security mailing list to receive notifications.