MIPI CSI-2 CSE2 Security Module

MIPI CSI‑2 is a widely adopted high‑speed interface for transmitting still and video data from image sensors to processors across mobile, automotive, robotics, industrial, medical, and IoT devices. Its scalability and performance make it ideal for modern multi‑camera systems as well as other modalities like radar and LiDar sensors, particularly in vehicles, xR, drones and robots that may integrate dozens of sensors. As imaging workloads increase, ensuring the integrity and trustworthiness of CSI‑2 data becomes critical.

The surge of MIPI in automotive led to the development of Camera Service Extensions adding standardized mechanisms for mitigating functional safety risks with CSE 1.0. MIPI followed this by introducing security capabilities such as data integrity protection and optional encryption in CSE 2.0 targeting all MIPI applications i.e., automotive, mobile and IoT. These security features safeguard mission‑critical and privacy‑sensitive image streams from tampering and unauthorized access. With support for authentication‑only or authentication‑plus‑encryption and independent per-sensor or even per‑virtual‑channel configuration, CSE 2.0 delivers flexible, inline security across heterogeneous sensor networks, even when data traverses bridges, aggregators, or long‑reach links.

The Synopsys MIPI CSE 2.0 Security Module is designed specifically to meet these security needs, integrating seamlessly with Synopsys CSI‑2 Host Controller IP. It provides high‑performance integrity validation, configurable encryption, and support for the CSE 2.0 protocols, including the Frame‑based Service Extension Data (FSED) and Service Extension Packet (SEP) formats, ensuring full compatibility with the latest MIPI specifications. With per‑virtual‑channel keys, multiple Security Associations, and on‑the‑fly mode switching, the solution offers flexible security management for complex multi‑sensor deployments.

• Supports MIPI - Camera Service Extensions CSE 2.0 specification
• Automotive‑ compliant: ISO 26262 (ASIL‑B) & ISO 21434
• Plug‑and‑play with Synopsys CSI‑2 Host Controllers
• Data integrity protection and optional encryption (AES-CMAC, AES-GMAC, AES-CTR)
• Per‑Virtual‑Channel or Per-Sensor security configuration
• FIPS 140‑3 Level 2 certification support
• Supports SEP and FSED protocols
• Up to 60 Gbps (C‑PHY) / 26 Gbps (D‑PHY) performance
• Multiple keys and multiple security contexts
• On‑the‑fly mode switching (between authentication and encryption)
• Multiple sensors/targets support
• Replay & integrity error detection