Vision-Based System Design Part 5 – Designing Safety and Security into an Embedded Vision System

Article Index

Giles Peckham, Regional Marketing Director at Xilinx

Adam Taylor CEng FIET, Embedded Systems Consultant

So far, this series has examined techniques and devices for implementing the functions of an Embedded Vision (EV) System. This article will describe tools and techniques to ensure the system meets applicable safety and security requirements.

A suitable design methodology should include a risk assessment to understand the likelihood of technical failure, accident or incorrect operation, and its possible consequences. Equipment such as medical imaging equipment, industrial vision systems or automotive applications such as an Advanced Driver Assistance System (ADAS) typically require formalised assessment, referencing standards such as ISO 14971 for medical systems. In any case, teams should be able to demonstrate that safety has been given due consideration.

The results of risk assessment may call for functional safety measures. These are active systems designed to prevent dangerous failures. The IEC 61508 series are general international standards governing electrical/electronic and programmable functional-safety systems. Other application-specific safety standards include ISO 26262 for automotive applications, IEC 62061 for machinery, or DO178 / DO254 for flight applications. Each defines several safety integrity or assurance levels according to the time to failure of the safety system; the longest time to failure represents the highest safety assurance.

Safety-related design decisions can be evaluated and documented by following an engineering lifecycle and agreed standards. The engineering lifecycle (figure 1) will be determined by the end application and the resultant certification required. Within this life cycle, the engineering review gates which control the progress of the project can be defined. During these reviews, independent technical experts will examine requirements, designs, technical reports and test results to allow the design to progress to the next stage, or demand further work to achieve the desired standard of evidence.

The engineering plan will also outline the verification and validation process at every level, which is undertaken to gain the body of evidence to achieve compliance against the applicable standard. This may require testing of the EV system across environmental operating ranges, dynamic vibration and shock. Accelerated life testing may also be necessary, to ensure the operating life of the system can be achieved.

Security-Conscious Design
As far as security is concerned, the high-level issues engineers deal with include the following:
• Competitors reverse engineering the design
• Unauthorized modification of the design
• Unauthorized access to the data within the design
• Unauthorized control or manipulation of the end application

There are several ways to address some of these challenges. Access to the design and manufacturing files can be controlled. Encrypting bit streams can prevent spoofing attacks or theft of data by eavesdropping. The physical design can be protected by limiting access to JTAG ports in the final product, and by implementing software security measures depending upon the architecture of the device chosen.

The heart of any EV System is the image processing pipeline, which combines high-bandwidth processing with supervisory and control capability. By enabling a more tightly integrated architecture than is achieved using a processor and logic implemented in a separate FPGA, the All Programmable Zynq AP SoC®-7000 not only allows for a better SWaP-C solution (discussed in part 2 of this series) but also provides for a more secure system because data passing between the processor and logic fabric is not presented at external pins where it can be intercepted or monitored.

Moreover, the Zynq AP SoCdevice provides an embedded security architecture that can be used to support secure configuration. Within both the Processor System (PS) and the Programmable Logic (PL) a three-stage process can be used to ensure system partitions are secure. This comprises a Hashed Message Authentication Code (HMAC), Advanced Encryption Standard (AES) decryption, and RSA Authentication. Both the AES and HMAC use 256-bit private keys while the RSA uses 2048-bit keys. The security architecture of the Zynq AP SoCdevice also allows for JTAG access to be enabled or disabled.

T&M Supplement

The Annual T&M Supplement, sponsored by Teledyne LeCroy, was published in July. Click on the image above to read this exclusive report for free.

Follow us