Copyright AIM INFRAROT-MODULE GmbH

AIM

AIM INFRAROT-MODULE GmbHAIM INFRAROT-MODULE GmbH

Security SVGA Image Sensor

VISION 2005, Dr. P. Stifter

SPIE 2005, 26,09.05Copyright AIM INFRAROT-MODULE GmbH

AIM

INTRODUCTION

SYSTEM DESIGN

MIXED SIGNAL

AUTHENTICATION

Transition Real World Virtual World

Some of our real world aspects are mapped into a digital representation and stored in large databases. The digital identity has to be protected !

FR

Software

SPIE 2005, 26,09.05Copyright AIM INFRAROT-MODULE GmbH

AIM

INTRODUCTION

SYSTEM DESIGN

MIXED SIGNAL

AUTHENTICATION

Application Scenario of optical Sensors

Ethernet

Video Surveillance

SecVGA-1

Face Recognition

SecVGA-3

Video Surveillance

SecVGA-2

Biometric Server Video Server

Ethernet based physical layer with TCP/IP as a transport and routing layer.

Sensors capture images, generate sensitive data and transfer data packets over an open and insecure channel to dedicated servers

SPIE 2005, 26,09.05Copyright AIM INFRAROT-MODULE GmbH

AIM

INTRODUCTION

SYSTEM DESIGN

MIXED SIGNAL

AUTHENTICATION

Secure Sensor Design

Requirements:

• Data Authentication

Authentication ProtocolCryptographic Checksum (MAC)Cryptographic hardware modules

• Usage of publicly known and proven algorithms

• Secret Unique Identifier

Key storage

Key programming

SPIE 2005, 26,09.05Copyright AIM INFRAROT-MODULE GmbH

AIM

INTRODUCTION

SYSTEM DESIGN

MIXED SIGNAL

AUTHENTICATION

System Design

large and busy digital core

Active Pixel Array

Column Decoder

Ro

w D

eco

de

r

Column Sample & Hold

Amplifier / ADC

SystemBus

TimingGenerator

CryptoUnit MainControl

RAM I2C

EEPROM

da

ta[9

:0]

SCL

SDA

dataOut[9:0]

PCLK

LSync

FSync

dataB

addrB

SPIE 2005, 26,09.05Copyright AIM INFRAROT-MODULE GmbH

AIM

INTRODUCTION

SYSTEM DESIGN

MIXED SIGNAL

AUTHENTICATION

Floorplan

Problem: CMOS imager is susceptible to various noise sources.

Noise level is increased by the activity of the digital core.

SPIE 2005, 26,09.05Copyright AIM INFRAROT-MODULE GmbH

AIM

INTRODUCTION

SYSTEM DESIGN

MIXED SIGNAL

AUTHENTICATION

Mixed Signal Design

• Most prominent noise: FPN

• Modules on the same substrate

Use CDS

Separation with multiple guard rings

Differential signal lines

Large blocking capacitors

• Signal integrity

• Stable reference voltages

SPIE 2005, 26,09.05Copyright AIM INFRAROT-MODULE GmbH

AIM

INTRODUCTION

SYSTEM DESIGN

MIXED SIGNAL

AUTHENTICATION

Key Storage

Selection between Polysilicon fuses or EEPROM cells

D-Matrix Pro

Poly

silicon

EEPROM

cells

Con

Simple interface External programming voltage

Not buried under metal layers

Burn-through process may damage pixel

Buried under shielded metal layer

No external access, on-chip charge pump

Encapsulation

Hardware overhead: controller

SPIE 2005, 26,09.05Copyright AIM INFRAROT-MODULE GmbH

AIM

INTRODUCTION

SYSTEM DESIGN

MIXED SIGNAL

AUTHENTICATION

ChecksumAuthentication

Operational Flow

Start

Send Challenge

))(()~

( fEE KK

Read Response

))~

(()'( 1 fEE KK

Read Image x

)(xCCK

Recalculate Checksum

)(' xCCK

'Set Alarm

y

n

Stop

)()( ' xCCxCC KK

y

n

Accept Image

IndicateManipulation

SPIE 2005, 26,09.05Copyright AIM INFRAROT-MODULE GmbH

AIM

INTRODUCTION

SYSTEM DESIGN

MIXED SIGNAL

AUTHENTICATION

Data Protection

Data transfer with TCP/IP can be easily manipulated in the context of raw sockets. Application of cryptographic methods (MAC) protects against bit manipulations and faked identities

nEkK

nx

nc

Block cipher E of length n encrypt the message x to the cipher text c with key K of length k.

SPIE 2005, 26,09.05Copyright AIM INFRAROT-MODULE GmbH

AIM

INTRODUCTION

SYSTEM DESIGN

MIXED SIGNAL

AUTHENTICATION

Data Protection

Data transfer with TCP/IP can be easily manipulated in the context of raw sockets. Application of cryptographic methods (MAC) protects against bit manipulations and faked identities

MacDES

(1) Padding

(2) Splitting

E

E

1K

)( 2K (3) Initial Transformation

E E

1x tx

1K 1K

1H 2H 1tH

(4) Iteration

E2K

),(21 , xMAC KK

(5) Output Transformation

SPIE 2005, 26,09.05Copyright AIM INFRAROT-MODULE GmbH

AIM

INTRODUCTION

SYSTEM DESIGN

MIXED SIGNAL

AUTHENTICATION

Conclusion

• One can obtain real end-point security on open and insecure data channels.

• On-chip cryptographic module provide real-time encryption and secure key storage.

• Challenge/Response method give any host in possession of the secret key the assurance of the data origin.

• Even a single bit manipulation is detectable.

• On-chip integration provides a high protection level against key recovery attacks.