Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research.

Published byDustin Gardner Modified over 8 years ago

Similar presentations

Presentation on theme: "Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research."— Presentation transcript:

1

2 Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research

3 What’s Available Now  Use of Secure Communications Channels –Data integrity during transit –Entity authentication –Confidentiality during transit via encryption –Secure Transport Connection Profiles TSL 1.0 (derived from SSL) ISCL  Secure Use Profiles –Online Electronic Storage –Base and Bit-preserving Digital Signature (storage)

4 What’s Available Now  Secure Media via CMS Envelopes –Data integrity checks –Confidentiality via encryption –Only targeted recipients can access –Media Storage Security Profiles  Embedded Digital Signatures –Data integrity for the life of the SOP Instance –Identifies signatories, with optional timestamps –Digital Signature Profiles Base, Creator, and Authorization RSA Profiles

5 Profiles in DICOM?  Main standard body provides the ‘hooks’  Profiles provide the particulars, e.g. –Standard selection –Algorithm selection –Parameter selection  Primarily refer to existing IT standards  Easy migration to new ideas  Simplifies conformance claims

6 What’s coming  Attribute Level Encryption (a.k.a. de-identification) –Teaching Files –Clinical Trials –???  Audit Log Collection –Spans multiple organizations, pushed by IHE  Structured Report Digital Signature Profile

7 De-Identification, How? –Simply remove Data Elements that contain patient identifying information? e.g., per HIPAA’s safe harbor rules BUT –Many such Data Elements are required SO –Instead of remove, replace with a bogus value

8 Attribute Level Encryption  Since some use cases require controlled access to the original Attribute values: –Original values can be stored in a CMS (Cryptographic Message Syntax) envelope Embedded in the Data Set Only selected recipients can open the envelope Different subsets can be held for different recipients –Full restoration of data not a goal  Attribute Confidentiality Profiles

9 Attributes to be encrypted Item 1 (of only 1) Modified Attributes Sequence Cryptographic Message Syntaxt envelope CMS attributes Encrypted Content Transfer Syntax Encrypted Content encryptedContent Item 1 (of n) Encrypted Content Transfer Syntax Encrypted Content Item 2 (of n) CMS envelope Encrypted Content Transfer Syntax Encrypted Content Item n (of n) CMS envelope Encrypted Attributes Sequence Attributes (unencrypted) SOP Instance Attribute Encryption Diagram

10 IHE year 4: collection of trusted nodes Local authentication of user (Userid, Password) Authentication of the remote node (digital certificates) Local access control Audit trail Time synchronization System A Secure network Secure domain System B Secure domain

11 Selection of Standards  Use TLS for Transport Layer Security –Basic TLS Secure Transport Connection Profile  Use X.509 Certificates for node identity and keys –Basic TLS Secure Transport Connection Profile  Use NTP for Time Synchronization  Use ??? For Audit Trail Collection

12 Audit Log Collection  Joint NEMA / JIRA / COCIR Security and Privacy Committee proposal –Governmental regulation –Push management responsibility to one location  ASTM PS 115: Provisional Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems  HL7 Common Audit Message (informative)  Part of IHE Year 4 plans

13 Application Specific Trigger/Content Security AdminAudit Trail Mgt User Generated Events HL7 Security SIG Driven – DICOM references DICOM WG14 Security Driven – HL7 References Audit Trail Records Transfer Session and Transport : Reliable SYSLOG or ebXML ? Common DICOM/HL7 infrastructure Audit Trail Standards in Healthcare A Proposed Model

14 Division of Tasks  IHE generating initial proposals –Reliable Delivery for Syslog (RFC 3195) –XML schema for defined content –IHE in Technical Framework : Out for Public Comment Now  HL7 and DICOM WG 14 work on messaging standard  ASTM and SPC work on policy issues

15 Signatures in SR  Identified as an important use case  Reference Mechanism –To other signed SOP Instances –To unsigned SOP Instances  Resolve issues identified during demonstrations  SR-specific Profile

Download ppt "Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research."

Similar presentations

Network Security Chapter 1 - Introduction.

Network Security Chapter 1 - Introduction.
Audit Trail and Node Authentication / Consistent Time

Audit Trail and Node Authentication / Consistent Time
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT, EUA, PWP, DSIG IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn,

September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT, EUA, PWP, DSIG IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn,
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Mpeg-21 and Medical data A strategy for Tomorrow ’ s EMR.

Mpeg-21 and Medical data A strategy for Tomorrow ’ s EMR.
DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.

DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
DICOM and Integrating the Healthcare Enterprise: Five years of cooperation and mutual influence Charles Parisot Chair, NEMA Committee for advancement of.

DICOM and Integrating the Healthcare Enterprise: Five years of cooperation and mutual influence Charles Parisot Chair, NEMA Committee for advancement of.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
THE DICOM 2014 Chengdu Workshop August 25, 2014 Chengdu, China Keeping It Safe Brad Genereaux, Agfa HealthCare Product Manager Industry Co-Chair, DICOM.

THE DICOM 2014 Chengdu Workshop August 25, 2014 Chengdu, China Keeping It Safe Brad Genereaux, Agfa HealthCare Product Manager Industry Co-Chair, DICOM.
Chapter 8 Web Security.

Chapter 8 Web Security.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
Integrating the Healthcare Enterprise IHE Technical Committee Status IHE ITI Plan Committee - February 2004.

Integrating the Healthcare Enterprise IHE Technical Committee Status IHE ITI Plan Committee - February 2004.
THE DICOM 2013 INTERNATIONAL CONFERENCE & SEMINAR March 14-16Bangalore, India Keeping It Safe: Securing DICOM Lawrence Tarbox, Ph.D. Mallinckrodt Institute.

THE DICOM 2013 INTERNATIONAL CONFERENCE & SEMINAR March 14-16Bangalore, India Keeping It Safe: Securing DICOM Lawrence Tarbox, Ph.D. Mallinckrodt Institute.
S Security and DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.

S Security and DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.
8 Nob 06 / CEN/ISSS www.thalesgroup.com/esecurity ETSI STF 305: Procedures for Handling Advanced Electronic Signatures on Digital Accounting CEN/ISSS Workshop.

8 Nob 06 / CEN/ISSS ETSI STF 305: Procedures for Handling Advanced Electronic Signatures on Digital Accounting CEN/ISSS Workshop.
1 Charles Parisot, GE Healthcare IHE IT Infrastructure Planning Committee Co-chair IHE Update to DICOM.

1 Charles Parisot, GE Healthcare IHE IT Infrastructure Planning Committee Co-chair IHE Update to DICOM.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.

S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.

Similar presentations

Ads by Google