copyright aim infrarot-module gmbh aim aim infrarot-module gmbh security svga image sensor vision...
TRANSCRIPT
![Page 1: Copyright AIM INFRAROT-MODULE GmbH AIM AIM INFRAROT-MODULE GmbH Security SVGA Image Sensor VISION 2005, Dr. P. Stifter](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e615503460f94b5c33c/html5/thumbnails/1.jpg)
Copyright AIM INFRAROT-MODULE GmbH
AIM
AIM INFRAROT-MODULE GmbHAIM INFRAROT-MODULE GmbH
Security SVGA Image Sensor
VISION 2005, Dr. P. Stifter
![Page 2: Copyright AIM INFRAROT-MODULE GmbH AIM AIM INFRAROT-MODULE GmbH Security SVGA Image Sensor VISION 2005, Dr. P. Stifter](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e615503460f94b5c33c/html5/thumbnails/2.jpg)
SPIE 2005, 26,09.05Copyright AIM INFRAROT-MODULE GmbH
AIM
INTRODUCTION
SYSTEM DESIGN
MIXED SIGNAL
AUTHENTICATION
Transition Real World Virtual World
Some of our real world aspects are mapped into a digital representation and stored in large databases. The digital identity has to be protected !
FR
Software
![Page 3: Copyright AIM INFRAROT-MODULE GmbH AIM AIM INFRAROT-MODULE GmbH Security SVGA Image Sensor VISION 2005, Dr. P. Stifter](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e615503460f94b5c33c/html5/thumbnails/3.jpg)
SPIE 2005, 26,09.05Copyright AIM INFRAROT-MODULE GmbH
AIM
INTRODUCTION
SYSTEM DESIGN
MIXED SIGNAL
AUTHENTICATION
Application Scenario of optical Sensors
Ethernet
Video Surveillance
SecVGA-1
Face Recognition
SecVGA-3
Video Surveillance
SecVGA-2
Biometric Server Video Server
Ethernet based physical layer with TCP/IP as a transport and routing layer.
Sensors capture images, generate sensitive data and transfer data packets over an open and insecure channel to dedicated servers
![Page 4: Copyright AIM INFRAROT-MODULE GmbH AIM AIM INFRAROT-MODULE GmbH Security SVGA Image Sensor VISION 2005, Dr. P. Stifter](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e615503460f94b5c33c/html5/thumbnails/4.jpg)
SPIE 2005, 26,09.05Copyright AIM INFRAROT-MODULE GmbH
AIM
INTRODUCTION
SYSTEM DESIGN
MIXED SIGNAL
AUTHENTICATION
Secure Sensor Design
Requirements:
• Data Authentication
Authentication ProtocolCryptographic Checksum (MAC)Cryptographic hardware modules
• Usage of publicly known and proven algorithms
• Secret Unique Identifier
Key storage
Key programming
![Page 5: Copyright AIM INFRAROT-MODULE GmbH AIM AIM INFRAROT-MODULE GmbH Security SVGA Image Sensor VISION 2005, Dr. P. Stifter](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e615503460f94b5c33c/html5/thumbnails/5.jpg)
SPIE 2005, 26,09.05Copyright AIM INFRAROT-MODULE GmbH
AIM
INTRODUCTION
SYSTEM DESIGN
MIXED SIGNAL
AUTHENTICATION
System Design
large and busy digital core
Active Pixel Array
Column Decoder
Ro
w D
eco
de
r
Column Sample & Hold
Amplifier / ADC
SystemBus
TimingGenerator
CryptoUnit MainControl
RAM I2C
EEPROM
da
ta[9
:0]
SCL
SDA
dataOut[9:0]
PCLK
LSync
FSync
dataB
addrB
![Page 6: Copyright AIM INFRAROT-MODULE GmbH AIM AIM INFRAROT-MODULE GmbH Security SVGA Image Sensor VISION 2005, Dr. P. Stifter](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e615503460f94b5c33c/html5/thumbnails/6.jpg)
SPIE 2005, 26,09.05Copyright AIM INFRAROT-MODULE GmbH
AIM
INTRODUCTION
SYSTEM DESIGN
MIXED SIGNAL
AUTHENTICATION
Floorplan
Problem: CMOS imager is susceptible to various noise sources.
Noise level is increased by the activity of the digital core.
![Page 7: Copyright AIM INFRAROT-MODULE GmbH AIM AIM INFRAROT-MODULE GmbH Security SVGA Image Sensor VISION 2005, Dr. P. Stifter](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e615503460f94b5c33c/html5/thumbnails/7.jpg)
SPIE 2005, 26,09.05Copyright AIM INFRAROT-MODULE GmbH
AIM
INTRODUCTION
SYSTEM DESIGN
MIXED SIGNAL
AUTHENTICATION
Mixed Signal Design
• Most prominent noise: FPN
• Modules on the same substrate
Use CDS
Separation with multiple guard rings
Differential signal lines
Large blocking capacitors
• Signal integrity
• Stable reference voltages
![Page 8: Copyright AIM INFRAROT-MODULE GmbH AIM AIM INFRAROT-MODULE GmbH Security SVGA Image Sensor VISION 2005, Dr. P. Stifter](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e615503460f94b5c33c/html5/thumbnails/8.jpg)
SPIE 2005, 26,09.05Copyright AIM INFRAROT-MODULE GmbH
AIM
INTRODUCTION
SYSTEM DESIGN
MIXED SIGNAL
AUTHENTICATION
Key Storage
Selection between Polysilicon fuses or EEPROM cells
D-Matrix Pro
Poly
silicon
EEPROM
cells
Con
Simple interface External programming voltage
Not buried under metal layers
Burn-through process may damage pixel
Buried under shielded metal layer
No external access, on-chip charge pump
Encapsulation
Hardware overhead: controller
![Page 9: Copyright AIM INFRAROT-MODULE GmbH AIM AIM INFRAROT-MODULE GmbH Security SVGA Image Sensor VISION 2005, Dr. P. Stifter](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e615503460f94b5c33c/html5/thumbnails/9.jpg)
SPIE 2005, 26,09.05Copyright AIM INFRAROT-MODULE GmbH
AIM
INTRODUCTION
SYSTEM DESIGN
MIXED SIGNAL
AUTHENTICATION
ChecksumAuthentication
Operational Flow
Start
Send Challenge
))(()~
( fEE KK
Read Response
))~
(()'( 1 fEE KK
Read Image x
)(xCCK
Recalculate Checksum
)(' xCCK
'Set Alarm
y
n
Stop
)()( ' xCCxCC KK
y
n
Accept Image
IndicateManipulation
![Page 10: Copyright AIM INFRAROT-MODULE GmbH AIM AIM INFRAROT-MODULE GmbH Security SVGA Image Sensor VISION 2005, Dr. P. Stifter](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e615503460f94b5c33c/html5/thumbnails/10.jpg)
SPIE 2005, 26,09.05Copyright AIM INFRAROT-MODULE GmbH
AIM
INTRODUCTION
SYSTEM DESIGN
MIXED SIGNAL
AUTHENTICATION
Data Protection
Data transfer with TCP/IP can be easily manipulated in the context of raw sockets. Application of cryptographic methods (MAC) protects against bit manipulations and faked identities
nEkK
nx
nc
Block cipher E of length n encrypt the message x to the cipher text c with key K of length k.
![Page 11: Copyright AIM INFRAROT-MODULE GmbH AIM AIM INFRAROT-MODULE GmbH Security SVGA Image Sensor VISION 2005, Dr. P. Stifter](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e615503460f94b5c33c/html5/thumbnails/11.jpg)
SPIE 2005, 26,09.05Copyright AIM INFRAROT-MODULE GmbH
AIM
INTRODUCTION
SYSTEM DESIGN
MIXED SIGNAL
AUTHENTICATION
Data Protection
Data transfer with TCP/IP can be easily manipulated in the context of raw sockets. Application of cryptographic methods (MAC) protects against bit manipulations and faked identities
MacDES
(1) Padding
(2) Splitting
E
E
1K
)( 2K (3) Initial Transformation
E E
1x tx
1K 1K
1H 2H 1tH
(4) Iteration
E2K
),(21 , xMAC KK
(5) Output Transformation
![Page 12: Copyright AIM INFRAROT-MODULE GmbH AIM AIM INFRAROT-MODULE GmbH Security SVGA Image Sensor VISION 2005, Dr. P. Stifter](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e615503460f94b5c33c/html5/thumbnails/12.jpg)
SPIE 2005, 26,09.05Copyright AIM INFRAROT-MODULE GmbH
AIM
INTRODUCTION
SYSTEM DESIGN
MIXED SIGNAL
AUTHENTICATION
Conclusion
• One can obtain real end-point security on open and insecure data channels.
• On-chip cryptographic module provide real-time encryption and secure key storage.
• Challenge/Response method give any host in possession of the secret key the assurance of the data origin.
• Even a single bit manipulation is detectable.
• On-chip integration provides a high protection level against key recovery attacks.