dicom security
DESCRIPTION
DICOM Security. Andrei Leontiev, M.S. Dynamic Imaging. Security Profiles. Secure Transport Connection DICOM over TLS Secure Media Secured DICOM files on media Secure Use Use of Digital Signatures Confidentiality De-idedntification and re-identification. Secure Transport. - PowerPoint PPT PresentationTRANSCRIPT
DICOM SecurityDICOM Security
Andrei Leontiev, M.S.Andrei Leontiev, M.S.
Dynamic ImagingDynamic Imaging
April 1, 2005April 1, 2005 DICOM Seminar – Singapore 2005DICOM Seminar – Singapore 2005
Security ProfilesSecurity Profiles
Secure Transport ConnectionSecure Transport Connection– DICOM over TLSDICOM over TLS
Secure MediaSecure Media– Secured DICOM files on mediaSecured DICOM files on media
Secure UseSecure Use– Use of Digital SignaturesUse of Digital Signatures
ConfidentialityConfidentiality– De-idedntification and re-identificationDe-idedntification and re-identification
Secure TransportSecure Transport
DICOM over TLSDICOM over TLS
April 1, 2005April 1, 2005 DICOM Seminar – Singapore 2005DICOM Seminar – Singapore 2005
Key Use CaseKey Use Case
How can an application know How can an application know that:that:– Association Request comes from an Association Request comes from an
authorized node?authorized node?– Data are not tempered with during Data are not tempered with during
transfer?transfer?– Data were protected from third-Data were protected from third-
party?party?
April 1, 2005April 1, 2005 DICOM Seminar – Singapore 2005DICOM Seminar – Singapore 2005
ContentsContents
Addresses following Security aspects:Addresses following Security aspects:– Entity (node) AuthenticationEntity (node) Authentication– Data IntegrityData Integrity– PrivacyPrivacy
Allows to establish secure transport Allows to establish secure transport connection between nodesconnection between nodes– Via TLS negotiationVia TLS negotiation– Via ISCL negotiationVia ISCL negotiation
Three secure transport profilesThree secure transport profiles
April 1, 2005April 1, 2005 DICOM Seminar – Singapore 2005DICOM Seminar – Singapore 2005
TLS Secure Transport TLS Secure Transport ProfileProfile Node AuthenticationNode Authentication
– RSA CertificatesRSA Certificates Data IntegrityData Integrity
– SHASHA Privacy (Encryption)Privacy (Encryption)
– 3DES CBC - optional3DES CBC - optional
April 1, 2005April 1, 2005 DICOM Seminar – Singapore 2005DICOM Seminar – Singapore 2005
AES ProfileAES Profile
Similar to TLS Basic ProfileSimilar to TLS Basic Profile Requires use of AES EncryptionRequires use of AES Encryption Requires requestor tosupport Requires requestor tosupport
fallback to 3DESfallback to 3DES
April 1, 2005April 1, 2005 DICOM Seminar – Singapore 2005DICOM Seminar – Singapore 2005
ISCL Secure Transport ISCL Secure Transport ProfileProfile Node AuthenticationNode Authentication
– Three pass (four-way) authentication Three pass (four-way) authentication
(ISO/IEC 9798-2) (ISO/IEC 9798-2) Data IntegrityData Integrity
– MD-5 encrypted with DES, MD-5 encrypted with DES, or DES-MAC (ISO 8730) or DES-MAC (ISO 8730)
Privacy (Encryption)Privacy (Encryption)– DES - optionalDES - optional
Secure MediaSecure Media
April 1, 2005April 1, 2005 DICOM Seminar – Singapore 2005DICOM Seminar – Singapore 2005
Key Use CaseKey Use Case
How can an application know that How can an application know that information in DICOM file on the information in DICOM file on the media:media:– Has not been tempered with?Has not been tempered with?– Is protected from unauthorized Is protected from unauthorized
access?access?– is produced by an authorized is produced by an authorized
source?source?
April 1, 2005April 1, 2005 DICOM Seminar – Singapore 2005DICOM Seminar – Singapore 2005
ContentsContents
Addresses following Security aspects:Addresses following Security aspects:– Source Authentication (optional)Source Authentication (optional)– Data IntegrityData Integrity– PrivacyPrivacy
Secures each File in DICOM File-Set Secures each File in DICOM File-Set single DICOM File by encapsulating its single DICOM File by encapsulating its content with the Cryptographic content with the Cryptographic Message Syntax as defined in RFC Message Syntax as defined in RFC 2630 2630
Does not additionally secure File-Set or Does not additionally secure File-Set or Media itselfMedia itself
April 1, 2005April 1, 2005 DICOM Seminar – Singapore 2005DICOM Seminar – Singapore 2005
Secure Media ProfileSecure Media Profile
Source AuthenticationSource Authentication– RSA Digital SignatureRSA Digital Signature
Data IntegrityData Integrity– SHA DigestSHA Digest
Privacy (Encryption)Privacy (Encryption)– 3DES or AES3DES or AES
Secure Use and Secure Use and Digital SignaturesDigital Signatures
April 1, 2005April 1, 2005 DICOM Seminar – Singapore 2005DICOM Seminar – Singapore 2005
Key Use CaseKey Use Case
How can an application know that How can an application know that an object it received:an object it received:– Is an Original or a Copy?Is an Original or a Copy?– Has been authorized and by whom?Has been authorized and by whom?– Has not been tampered with?Has not been tampered with?
April 1, 2005April 1, 2005 DICOM Seminar – Singapore 2005DICOM Seminar – Singapore 2005
ContentsContents
Addresses following Security aspects:Addresses following Security aspects:– Source AuthenticationSource Authentication– Data IntegrityData Integrity
Provides mechanisms to calculate Provides mechanisms to calculate Digital Signature for Object content Digital Signature for Object content and include it as part of an Object and include it as part of an Object
Allows explicit distinction of Original Allows explicit distinction of Original and a Copy of a SOP Instance with the and a Copy of a SOP Instance with the same UIDsame UID
April 1, 2005April 1, 2005 DICOM Seminar – Singapore 2005DICOM Seminar – Singapore 2005
Secure Use ProfileSecure Use Profile
Allows AEs to negotiate support of the Allows AEs to negotiate support of the Secure Use ProfileSecure Use Profile– Extended Negotiation of Digital Signature Extended Negotiation of Digital Signature
LevelLevel Sets the management rules of Instance Sets the management rules of Instance
Status attribute Status attribute – Original, Authorized Original, Authorized CopyOriginal, Authorized Original, Authorized Copy
Rules assuring that only one Original of Rules assuring that only one Original of SOP Instance exists in the systemSOP Instance exists in the system– MOVE and COPY semantics for Storage ServiceMOVE and COPY semantics for Storage Service
April 1, 2005April 1, 2005 DICOM Seminar – Singapore 2005DICOM Seminar – Singapore 2005
Secure Use ProfileSecure Use Profile
Three Level of Digital Signature Three Level of Digital Signature SupportSupport– No preservationNo preservation– Non-bit preservingNon-bit preserving– Bit-PreservingBit-Preserving
Requires Level 2 (Full) Storage Requires Level 2 (Full) Storage Support Support
April 1, 2005April 1, 2005 DICOM Seminar – Singapore 2005DICOM Seminar – Singapore 2005
Secure Use ProfileSecure Use Profile
Three Level of Digital Signature Three Level of Digital Signature SupportSupport– No preservationNo preservation– Non-bit preservingNon-bit preserving– Bit-PreservingBit-Preserving
Requires Level 2 (Full) Storage Requires Level 2 (Full) Storage Support Support
Attribute Attribute Confidentiality ProfileConfidentiality Profile
April 1, 2005April 1, 2005 DICOM Seminar – Singapore 2005DICOM Seminar – Singapore 2005
Key Use CaseKey Use Case
How can an application know that How can an application know that an object it received:an object it received:– Does not have any personal Does not have any personal
protected information (identifiers)?protected information (identifiers)?– Provides authorized application to Provides authorized application to
restore identifying information?restore identifying information?
April 1, 2005April 1, 2005 DICOM Seminar – Singapore 2005DICOM Seminar – Singapore 2005
ContentsContents
Addresses following Security Addresses following Security aspects:aspects:– Data ConfidentialityData Confidentiality
Provides mechanisms to de-Provides mechanisms to de-identify SOP Instance and identify SOP Instance and preserve original data within SOP preserve original data within SOP Instance in protected (encrypted) Instance in protected (encrypted) envelope envelope
April 1, 2005April 1, 2005 DICOM Seminar – Singapore 2005DICOM Seminar – Singapore 2005
Attribute Attribute Confidentiality ProfileConfidentiality Profile Application can comply asApplication can comply as
– De-identifierDe-identifier– Re-identifierRe-identifier
De-identifier De-identifier – Replaces confidential data with “dummy” Replaces confidential data with “dummy”
values preserving validity of the SOPvalues preserving validity of the SOP– Optionally encrypts original data and Optionally encrypts original data and
includes encrypted bit-stream as an includes encrypted bit-stream as an attribute in the object (3DES or AES)attribute in the object (3DES or AES)
– Profile defines list of attributes to replaceProfile defines list of attributes to replace
April 1, 2005April 1, 2005 DICOM Seminar – Singapore 2005DICOM Seminar – Singapore 2005
Attribute Name Tag
Instance Creator UID (0008,0014)
SOP Instance UID (0008,0018)
Accession Number (0008,0050)
Institution Name (0008,0080)
Institution Address (0008,0081)
Referring Physician’s Name (0008,0090)
Referring Physician’s Address (0008,0092)
Referring Physician’s Telephone Numbers (0008,0094)
Station Name (0008,1010)
… MORE ATTRIBUTES ARE DEFINED…
April 1, 2005April 1, 2005 DICOM Seminar – Singapore 2005DICOM Seminar – Singapore 2005
Attribute Attribute Confidentiality ProfileConfidentiality Profile
Re-identifier Re-identifier – If possessing valid keys, de-crypts If possessing valid keys, de-crypts
original valuesoriginal values– Restores original values of attributes Restores original values of attributes
tht were de-identifiedtht were de-identified– Profile defines list of attributes to Profile defines list of attributes to
replacereplace
Questions?Questions?