1 / 25

DICOM Security

DICOM Security. Andrei Leontiev, M.S. Dynamic Imaging. Security Profiles. Secure Transport Connection DICOM over TLS Secure Media Secured DICOM files on media Secure Use Use of Digital Signatures Confidentiality De-idedntification and re-identification. Secure Transport.

madeson-kaufman
Télécharger la présentation

DICOM Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DICOM Security Andrei Leontiev, M.S. Dynamic Imaging

  2. Security Profiles • Secure Transport Connection • DICOM over TLS • Secure Media • Secured DICOM files on media • Secure Use • Use of Digital Signatures • Confidentiality • De-idedntification and re-identification DICOM Seminar – Singapore 2005

  3. Secure Transport DICOM over TLS

  4. Key Use Case • How can an application know that: • Association Request comes from an authorized node? • Data are not tempered with during transfer? • Data were protected from third-party? DICOM Seminar – Singapore 2005

  5. Contents • Addresses following Security aspects: • Entity (node) Authentication • Data Integrity • Privacy • Allows to establish secure transport connection between nodes • Via TLS negotiation • Via ISCL negotiation • Three secure transport profiles DICOM Seminar – Singapore 2005

  6. TLS Secure Transport Profile • Node Authentication • RSA Certificates • Data Integrity • SHA • Privacy (Encryption) • 3DES CBC - optional DICOM Seminar – Singapore 2005

  7. AES Profile • Similar to TLS Basic Profile • Requires use of AES Encryption • Requires requestor tosupport fallback to 3DES DICOM Seminar – Singapore 2005

  8. ISCL Secure Transport Profile • Node Authentication • Three pass (four-way) authentication (ISO/IEC 9798-2) • Data Integrity • MD-5 encrypted with DES, or DES-MAC (ISO 8730) • Privacy (Encryption) • DES - optional DICOM Seminar – Singapore 2005

  9. Secure Media

  10. Key Use Case • How can an application know that information in DICOM file on the media: • Has not been tempered with? • Is protected from unauthorized access? • is produced by an authorized source? DICOM Seminar – Singapore 2005

  11. Contents • Addresses following Security aspects: • Source Authentication (optional) • Data Integrity • Privacy • Secures each File in DICOM File-Set single DICOM File by encapsulating its content with the Cryptographic Message Syntax as defined in RFC 2630 • Does not additionally secure File-Set or Media itself DICOM Seminar – Singapore 2005

  12. Secure Media Profile • Source Authentication • RSA Digital Signature • Data Integrity • SHA Digest • Privacy (Encryption) • 3DES or AES DICOM Seminar – Singapore 2005

  13. Secure Use and Digital Signatures

  14. Key Use Case • How can an application know that an object it received: • Is an Original or a Copy? • Has been authorized and by whom? • Has not been tampered with? DICOM Seminar – Singapore 2005

  15. Contents • Addresses following Security aspects: • Source Authentication • Data Integrity • Provides mechanisms to calculate Digital Signature for Object content and include it as part of an Object • Allows explicit distinction of Original and a Copy of a SOP Instance with the same UID DICOM Seminar – Singapore 2005

  16. Secure Use Profile • Allows AEs to negotiate support of the Secure Use Profile • Extended Negotiation of Digital Signature Level • Sets the management rules of Instance Status attribute • Original, Authorized Original, Authorized Copy • Rules assuring that only one Original of SOP Instance exists in the system • MOVE and COPY semantics for Storage Service DICOM Seminar – Singapore 2005

  17. Secure Use Profile • Three Level of Digital Signature Support • No preservation • Non-bit preserving • Bit-Preserving • Requires Level 2 (Full) Storage Support DICOM Seminar – Singapore 2005

  18. Secure Use Profile • Three Level of Digital Signature Support • No preservation • Non-bit preserving • Bit-Preserving • Requires Level 2 (Full) Storage Support DICOM Seminar – Singapore 2005

  19. Attribute Confidentiality Profile

  20. Key Use Case • How can an application know that an object it received: • Does not have any personal protected information (identifiers)? • Provides authorized application to restore identifying information? DICOM Seminar – Singapore 2005

  21. Contents • Addresses following Security aspects: • Data Confidentiality • Provides mechanisms to de-identify SOP Instance and preserve original data within SOP Instance in protected (encrypted) envelope DICOM Seminar – Singapore 2005

  22. Attribute Confidentiality Profile • Application can comply as • De-identifier • Re-identifier • De-identifier • Replaces confidential data with “dummy” values preserving validity of the SOP • Optionally encrypts original data and includes encrypted bit-stream as an attribute in the object (3DES or AES) • Profile defines list of attributes to replace DICOM Seminar – Singapore 2005

  23. DICOM Seminar – Singapore 2005

  24. Attribute Confidentiality Profile Re-identifier • If possessing valid keys, de-crypts original values • Restores original values of attributes tht were de-identified • Profile defines list of attributes to replace DICOM Seminar – Singapore 2005

  25. Questions?

More Related