280 likes | 546 Views
DICOM Security. Andrei Leontiev, M.S. Dynamic Imaging. Security Profiles. Secure Transport Connection DICOM over TLS Secure Media Secured DICOM files on media Secure Use Use of Digital Signatures Confidentiality De-idedntification and re-identification. Secure Transport.
E N D
DICOM Security Andrei Leontiev, M.S. Dynamic Imaging
Security Profiles • Secure Transport Connection • DICOM over TLS • Secure Media • Secured DICOM files on media • Secure Use • Use of Digital Signatures • Confidentiality • De-idedntification and re-identification DICOM Seminar – Singapore 2005
Secure Transport DICOM over TLS
Key Use Case • How can an application know that: • Association Request comes from an authorized node? • Data are not tempered with during transfer? • Data were protected from third-party? DICOM Seminar – Singapore 2005
Contents • Addresses following Security aspects: • Entity (node) Authentication • Data Integrity • Privacy • Allows to establish secure transport connection between nodes • Via TLS negotiation • Via ISCL negotiation • Three secure transport profiles DICOM Seminar – Singapore 2005
TLS Secure Transport Profile • Node Authentication • RSA Certificates • Data Integrity • SHA • Privacy (Encryption) • 3DES CBC - optional DICOM Seminar – Singapore 2005
AES Profile • Similar to TLS Basic Profile • Requires use of AES Encryption • Requires requestor tosupport fallback to 3DES DICOM Seminar – Singapore 2005
ISCL Secure Transport Profile • Node Authentication • Three pass (four-way) authentication (ISO/IEC 9798-2) • Data Integrity • MD-5 encrypted with DES, or DES-MAC (ISO 8730) • Privacy (Encryption) • DES - optional DICOM Seminar – Singapore 2005
Key Use Case • How can an application know that information in DICOM file on the media: • Has not been tempered with? • Is protected from unauthorized access? • is produced by an authorized source? DICOM Seminar – Singapore 2005
Contents • Addresses following Security aspects: • Source Authentication (optional) • Data Integrity • Privacy • Secures each File in DICOM File-Set single DICOM File by encapsulating its content with the Cryptographic Message Syntax as defined in RFC 2630 • Does not additionally secure File-Set or Media itself DICOM Seminar – Singapore 2005
Secure Media Profile • Source Authentication • RSA Digital Signature • Data Integrity • SHA Digest • Privacy (Encryption) • 3DES or AES DICOM Seminar – Singapore 2005
Key Use Case • How can an application know that an object it received: • Is an Original or a Copy? • Has been authorized and by whom? • Has not been tampered with? DICOM Seminar – Singapore 2005
Contents • Addresses following Security aspects: • Source Authentication • Data Integrity • Provides mechanisms to calculate Digital Signature for Object content and include it as part of an Object • Allows explicit distinction of Original and a Copy of a SOP Instance with the same UID DICOM Seminar – Singapore 2005
Secure Use Profile • Allows AEs to negotiate support of the Secure Use Profile • Extended Negotiation of Digital Signature Level • Sets the management rules of Instance Status attribute • Original, Authorized Original, Authorized Copy • Rules assuring that only one Original of SOP Instance exists in the system • MOVE and COPY semantics for Storage Service DICOM Seminar – Singapore 2005
Secure Use Profile • Three Level of Digital Signature Support • No preservation • Non-bit preserving • Bit-Preserving • Requires Level 2 (Full) Storage Support DICOM Seminar – Singapore 2005
Secure Use Profile • Three Level of Digital Signature Support • No preservation • Non-bit preserving • Bit-Preserving • Requires Level 2 (Full) Storage Support DICOM Seminar – Singapore 2005
Key Use Case • How can an application know that an object it received: • Does not have any personal protected information (identifiers)? • Provides authorized application to restore identifying information? DICOM Seminar – Singapore 2005
Contents • Addresses following Security aspects: • Data Confidentiality • Provides mechanisms to de-identify SOP Instance and preserve original data within SOP Instance in protected (encrypted) envelope DICOM Seminar – Singapore 2005
Attribute Confidentiality Profile • Application can comply as • De-identifier • Re-identifier • De-identifier • Replaces confidential data with “dummy” values preserving validity of the SOP • Optionally encrypts original data and includes encrypted bit-stream as an attribute in the object (3DES or AES) • Profile defines list of attributes to replace DICOM Seminar – Singapore 2005
Attribute Confidentiality Profile Re-identifier • If possessing valid keys, de-crypts original values • Restores original values of attributes tht were de-identified • Profile defines list of attributes to replace DICOM Seminar – Singapore 2005