Image sensor for security applications with on-chip data authentication

Sensors in a networked environment which are used for security applications could be jeopardized by man-in-the-middle or address spoofing attacks. By authentication and secure data transmission of the sensor's data stream, this can be thwart by fusing the image sensor with the necessary digital encryption and authentication circuit, which fulfils the three standard requirements of cryptography: data integrity, confidentiality and non-repudiation. This paper presents the development done by AIM, which led to the unique sensor SECVGA, a high performance monochrome (B/W) CMOS active pixel image sensor. The device captures still and motion images with a resolution of 800x600 active pixels and converts them into a digital data stream. Additional to a standard imaging sensor there is the capability of the on-chip cryptographic engine to provide the authentication of the sensor to the host, based on a one-way challenge/response protocol. The protocol that has been realized uses the exchange of a session key to secure the following video data transmission. To achieve this, we calculate a cryptographic checksum derived from a message authentication code (MAC) for a complete image frame. The imager is equipped with an EEPROM to give it the capability to personalize it with a unique and unchangeable identity. A two-wire I 2 C compatible serial interface allows to program the functions of the imager, i.e. various operating modes, including the authentication procedure, the control of the integration time, sub-frames and the frame rate.