1 / 20

DICOM Security

DICOM Security. Andrei Leontiev, Dynamic Imaging Presentation prepared by: Lawrence Tarbox, Ph.D. Chair, WG 14 Mallinckrodt Institute of Radiology Washington University in St. Louis School of Medicine. 3 Supplements. Digital Signatures in Structured Reports

williambjames
Télécharger la présentation

DICOM Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DICOM Security Andrei Leontiev, Dynamic Imaging Presentation prepared by: Lawrence Tarbox, Ph.D. Chair, WG 14 Mallinckrodt Institute of Radiology Washington University in St. Louis School of Medicine

  2. 3 Supplements • Digital Signatures in Structured Reports • In its public comment period (Supp. 86) • Audit Trail Messages • Frozen Trial Use Draft (Supp. 95) • Extended Negotiation of User Identity • Out for letter ballot now (Supp. 99) DICOM Seminar – Singapore 2005

  3. Digital Signatures in Structured Reports Supplement 86

  4. Status • Has evolved to meet a new set of use cases • Completed public comment • Currently in Letter Ballot DICOM Seminar – Singapore 2005

  5. Contents • Addresses issues brought up in Digital Signature implementations: • Digital Signature Purpose field (e.g. author, verifier, transcriptionist, device) • Reports with multiple signers • Adds methods to securely reference other composite objects • Via Digital Signature in the referenced object • Via MAC embedded in the reference itself • Adds profiles for using Digital Signatures in SRs • Extends Key Object Selection template to address new use cases DICOM Seminar – Singapore 2005

  6. Key Use Case How can an application know what objects constitute a complete set? DICOM Seminar – Singapore 2005

  7. Options Considered • Why not MPPS? • MPPS is not a persistent (composite) object • MPPS could trigger generation of a signed Key Object Selection document • Why not Storage Commitment • Did not wish to change semantics some applications currently associate with Storage Commitment DICOM Seminar – Singapore 2005

  8. Key Object Selection Extensions • New Document Titles: • Complete Study/Acquisition Content • Manifest • Related Contend • Allow Key Object Selection Documents to refer to other Key Object Selection Documents (not allowed previously) DICOM Seminar – Singapore 2005

  9. Audit Messages Supplement 95

  10. Status • Supplement 95 was frozen last June for trial use • Several trial implementations of the new audit trail message format now exist (IHE Connectathon 2005) • No significant changes expected before letter ballot this spring • IHE considering deprecating the initial message format DICOM Seminar – Singapore 2005

  11. Lets Clear the Confusion! • Base XML message format specified in RFC nnnn • To be shared by multiple domains • Needs vocabulary definition to be useful • Supplement 95 profiles, augments, and defines DICOM-specific vocabulary • Use the schema in Supplement to create messages and read DICOM extensions • Audit repositories can interpret key using the schema in the RFC DICOM Seminar – Singapore 2005

  12. Next Steps Expected to go to Letter Ballot in June DICOM Seminar – Singapore 2005

  13. Extended Negotiation of User Identity Supplement 99

  14. Use Cases • Facilitates audit logging • Step toward cross-system authorization and access controls • DICOM still leaves access control in the hands of the application • Query Filtering • For productivity as well as security DICOM Seminar – Singapore 2005

  15. Design Goals • Independent of other security mechanisms • Avoid incompatibility with the installed base • No changes to current DICOM security mechanisms • Minimum of changes to existing implementation libraries • Extensible for future mechanisms, e.g. Security Assertion Markup Language (SAML) • Established during association negotiation before any regular DIMSE transactions take place, allowing SCU to reject associations based on ID DICOM Seminar – Singapore 2005

  16. Several Options • User identity alone, with no other security mechanisms • User identity plus the current DICOM TLS mechanism • User identity plus future lower level transport mechanisms (e.g. IPv6 with security option) • User identity plus VPN DICOM Seminar – Singapore 2005

  17. ID Type Profiles • Un-authenticated identity assertion • Systems in a trusted environment • Username plus passcode • Systems in a secure network • Kerberos-based authentication • Strongest security DICOM Seminar – Singapore 2005

  18. Kerberos • Kerberos employs a Key Distribution Center (KDC) that • Authenticates the user • May be incorporated into local login process • Provides a Ticket Granting Ticket (TGT) to the local system • Local application uses TGT to ask KDC to generate the Service Ticket, which then is passed in the Association Negotiation Request • Remote application uses the Service Ticket to securely identify the user, and optionally generate a Server Ticket that is returned in the Association Negotiation Response DICOM Seminar – Singapore 2005

  19. Prepared for the Future • Could support any mechanism that supports uni-directional assertion mechanism (e.g. using PKI and Digital Signatures) • Does not support identity mechanisms that require bi-directional negotiation (e.g. Liberty Alliance proposals) DICOM Seminar – Singapore 2005

  20. Questions?

More Related