Page 36 - EE Times Europe Magazine - June 2025
P. 36
36 EE|Times EUROPE
OPINION | AUTONOMOUS DRIVING | SAFETY AND SECURITY
How a Standardized • Secure command and control interfaces.
These mitigate risks arising from miscon-
figured sensors.
Approach Can Accelerate GENERAL DESIGN REQUIREMENTS
Development of Safety and Implementing the requirements laid out
in ISO 26262 and UN R155 within imaging
systems must be achieved within the general
Security in Automotive design requirements of the imaging system:
• Minimal data and power overhead.
Image sensors generate massive amounts
Imaging Systems of data and are sensitive to heat. It is
essential that they operate with minimal
data overhead, so as not to exceed IVN
By Philip Hawkes, Rick Wietfeldt, and Hiroo Takahashi, bandwidth, and within strict power and
heat dissipation targets.
MIPI Alliance • Minimized network design complexity.
Image sensors need to be connected using
flexible network topologies. Implement-
ing safety and security functionality at
the application layer, independently of
the IVN technology and components
(e.g., SerDes bridges and forwarding ele-
ments), can simplify network design.
• Lowest cost. For any solution to be
successful in the market, developers must
leverage technologies and techniques
Imaging systems, which use cameras, radar, and LiDAR, are essential to advanced driver that minimize the cost of the end system
assistance and autonomous driving systems. Today, the systems used to deliver SAE Level 2+ design.
capabilities may leverage 10 or more image sensors, and that number is projected to increase as
systems supporting higher levels of driving assistance and autonomy are introduced. A FRAMEWORK TO ADDRESS SAFETY
Imaging systems play a safety-critical role in vehicles, and the failure or compromise of even AND SECURITY IN AUTOMOTIVE
the most basic applications, such as a simple backup camera, can potentially lead to severe con- IMAGING SYSTEMS
sequences. Protecting such systems from safety and security risks is therefore paramount to the Adherence to industry standards is an
safety and security of the whole vehicle, its passengers, and their surroundings. Developers and effective way to reduce cost and complexity
system designers must mitigate against risks from system failures, installation of substandard or within electronic systems, driving econo-
unauthorized image system components, malicious manipulation of image data, and violations mies of scale to deliver advancements into
of occupant privacy. the mass market. For example, MIPI Camera
This article explains how a standardized, industry-led framework of specifications provides a Serial Interface 2 (MIPI CSI-2), a high-speed
blueprint for developing functionally safe and secure automotive imaging systems. protocol for data transmission between image
sensors and application processors, has
INDUSTRY REQUIREMENTS FOR FUNCTIONAL SAFETY AND SECURITY achieved widespread market adoption within
Automotive imaging systems must adhere to a range of safety and security standards and regula- the automotive industry, owing to its ease of
tions. For functional safety, the requirements laid out in ISO 26262, “Road vehicles—Functional use, support for high-performance imaging
safety,” address the unintentional malfunctioning behavior of electronic systems in vehicles. When applications, and proven implementation
applied to imaging systems, these requirements typically require the use of multiple image sensors in mobile and related ecosystems. Today,
to mitigate single-point failures, implementation of diagnostic mechanisms to detect and report virtually all automotive imaging systems use
failures, and integration of software designed to handle errors within imaging data. the CSI-2 protocol, which led MIPI Alliance to
For security, United Nations Regulation No. 155, “Cyber security and cyber security manage- introduce several specific automotive features
ment system” (UN R155), highlights specific risks in automotive imaging systems, including into the specification.
malicious manipulation of hardware (e.g., the use of unauthorized electronic hardware to enable At the same time, as OEMs were looking for
a “man-in-the-middle” attack), replacement of authorized hardware (e.g., sensors) with ways to streamline the integration of cameras
unauthorized hardware, and unauthorized manipulation of information generated by a sensor. and displays, MIPI developed MIPI
The regulation also highlights security risks to the in-vehicle networks (IVNs) that connect Automotive SerDes Solutions (MASS), an
image sensors to their corresponding electronic control units (ECUs). end-to-end connectivity framework for image
Mitigating the risks highlighted in R155 may typically require: sensors, displays, and other components. The
• End-to-end image data protection. Protection must extend from the “data source” within framework encompasses:
each image sensor to the “data sink” within the sensor’s corresponding ECU. • Higher-layer protocols. The application
• Component authentication. The ECU must authenticate image sensors and the key IVN protocol suite widely adopted i n auto-
components used to connect the sensors, i.e., serializer/deserializer (SerDes) bridges. motive applications includes CSI-2 for
• Data encryption. Applying end-to-end data encryption between each image sensor and cameras, MIPI DSI-2 and VESA eDP/DP
corresponding ECU guards against data exfiltration. for displays, and lower-speed protocols
JUNE 2025 | www.eetimes.eu
