Presentation is loading. Please wait.

Presentation is loading. Please wait.

DICOM Security Andrei Leontiev, M.S. Dynamic Imaging.

Published byMorgan Holland Modified over 8 years ago

Similar presentations

Presentation on theme: "DICOM Security Andrei Leontiev, M.S. Dynamic Imaging."— Presentation transcript:

1 DICOM Security Andrei Leontiev, M.S. Dynamic Imaging

2 April 1, 2005DICOM Seminar – Singapore 2005 Security Profiles Secure Transport Connection Secure Transport Connection –DICOM over TLS Secure Media Secure Media –Secured DICOM files on media Secure Use Secure Use –Use of Digital Signatures Confidentiality Confidentiality –De-idedntification and re-identification

3 Secure Transport DICOM over TLS

4 April 1, 2005DICOM Seminar – Singapore 2005 Key Use Case How can an application know that: How can an application know that: –Association Request comes from an authorized node? –Data are not tempered with during transfer? –Data were protected from third-party?

5 April 1, 2005DICOM Seminar – Singapore 2005 Contents Addresses following Security aspects: Addresses following Security aspects: –Entity (node) Authentication –Data Integrity –Privacy Allows to establish secure transport connection between nodes Allows to establish secure transport connection between nodes –Via TLS negotiation –Via ISCL negotiation Three secure transport profiles Three secure transport profiles

6 April 1, 2005DICOM Seminar – Singapore 2005 TLS Secure Transport Profile Node Authentication Node Authentication –RSA Certificates Data Integrity Data Integrity –SHA Privacy (Encryption) Privacy (Encryption) –3DES CBC - optional

7 April 1, 2005DICOM Seminar – Singapore 2005 AES Profile Similar to TLS Basic Profile Similar to TLS Basic Profile Requires use of AES Encryption Requires use of AES Encryption Requires requestor tosupport fallback to 3DES Requires requestor tosupport fallback to 3DES

8 April 1, 2005DICOM Seminar – Singapore 2005 ISCL Secure Transport Profile Node Authentication Node Authentication –Three pass (four-way) authentication (ISO/IEC 9798-2) Data Integrity Data Integrity –MD-5 encrypted with DES, or DES-MAC (ISO 8730) Privacy (Encryption) Privacy (Encryption) –DES - optional

9 Secure Media

10 April 1, 2005DICOM Seminar – Singapore 2005 Key Use Case How can an application know that information in DICOM file on the media: How can an application know that information in DICOM file on the media: –Has not been tempered with? –Is protected from unauthorized access? –is produced by an authorized source?

11 April 1, 2005DICOM Seminar – Singapore 2005 Contents Addresses following Security aspects: Addresses following Security aspects: –Source Authentication (optional) –Data Integrity –Privacy Secures each File in DICOM File-Set single DICOM File by encapsulating its content with the Cryptographic Message Syntax as defined in RFC 2630 Secures each File in DICOM File-Set single DICOM File by encapsulating its content with the Cryptographic Message Syntax as defined in RFC 2630 Does not additionally secure File-Set or Media itself Does not additionally secure File-Set or Media itself

12 April 1, 2005DICOM Seminar – Singapore 2005 Secure Media Profile Source Authentication Source Authentication –RSA Digital Signature Data Integrity Data Integrity –SHA Digest Privacy (Encryption) Privacy (Encryption) –3DES or AES

13 Secure Use and Digital Signatures

14 April 1, 2005DICOM Seminar – Singapore 2005 Key Use Case How can an application know that an object it received: How can an application know that an object it received: –Is an Original or a Copy? –Has been authorized and by whom? –Has not been tampered with?

15 April 1, 2005DICOM Seminar – Singapore 2005 Contents Addresses following Security aspects: Addresses following Security aspects: –Source Authentication –Data Integrity Provides mechanisms to calculate Digital Signature for Object content and include it as part of an Object Provides mechanisms to calculate Digital Signature for Object content and include it as part of an Object Allows explicit distinction of Original and a Copy of a SOP Instance with the same UID Allows explicit distinction of Original and a Copy of a SOP Instance with the same UID

16 April 1, 2005DICOM Seminar – Singapore 2005 Secure Use Profile Allows AEs to negotiate support of the Secure Use Profile Allows AEs to negotiate support of the Secure Use Profile –Extended Negotiation of Digital Signature Level Sets the management rules of Instance Status attribute Sets the management rules of Instance Status attribute –Original, Authorized Original, Authorized Copy Rules assuring that only one Original of SOP Instance exists in the system Rules assuring that only one Original of SOP Instance exists in the system –MOVE and COPY semantics for Storage Service

17 April 1, 2005DICOM Seminar – Singapore 2005 Secure Use Profile Three Level of Digital Signature Support Three Level of Digital Signature Support –No preservation –Non-bit preserving –Bit-Preserving Requires Level 2 (Full) Storage Support Requires Level 2 (Full) Storage Support

18 April 1, 2005DICOM Seminar – Singapore 2005 Secure Use Profile Secure Use Profile Three Level of Digital Signature Support Three Level of Digital Signature Support –No preservation –Non-bit preserving –Bit-Preserving Requires Level 2 (Full) Storage Support Requires Level 2 (Full) Storage Support

19 Attribute Confidentiality Profile

20 April 1, 2005DICOM Seminar – Singapore 2005 Key Use Case How can an application know that an object it received: How can an application know that an object it received: –Does not have any personal protected information (identifiers)? –Provides authorized application to restore identifying information?

21 April 1, 2005DICOM Seminar – Singapore 2005 Contents Addresses following Security aspects: Addresses following Security aspects: –Data Confidentiality Provides mechanisms to de-identify SOP Instance and preserve original data within SOP Instance in protected (encrypted) envelope Provides mechanisms to de-identify SOP Instance and preserve original data within SOP Instance in protected (encrypted) envelope

22 April 1, 2005DICOM Seminar – Singapore 2005 Attribute Confidentiality Profile Application can comply as Application can comply as –De-identifier –Re-identifier De-identifier De-identifier –Replaces confidential data with “dummy” values preserving validity of the SOP –Optionally encrypts original data and includes encrypted bit-stream as an attribute in the object (3DES or AES) –Profile defines list of attributes to replace

23 April 1, 2005DICOM Seminar – Singapore 2005 Attribute NameTag Instance Creator UID(0008,0014) SOP Instance UID(0008,0018) Accession Number(0008,0050) Institution Name(0008,0080) Institution Address(0008,0081) Referring Physician’s Name(0008,0090) Referring Physician’s Address(0008,0092) Referring Physician’s Telephone Numbers(0008,0094) Station Name(0008,1010) … MORE ATTRIBUTES ARE DEFINED…

24 April 1, 2005DICOM Seminar – Singapore 2005 Attribute Confidentiality Profile Re-identifier –If possessing valid keys, de-crypts original values –Restores original values of attributes tht were de-identified –Profile defines list of attributes to replace

25 Questions?

Download ppt "DICOM Security Andrei Leontiev, M.S. Dynamic Imaging."

Similar presentations

Enhancing Demand Response Signal Verification in Automated Demand Response Systems Daisuke Mashima, Ulrich Herberg, and Wei-Peng Chen SEDN (Solutions for.

Enhancing Demand Response Signal Verification in Automated Demand Response Systems Daisuke Mashima, Ulrich Herberg, and Wei-Peng Chen SEDN (Solutions for.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication E-Mail Security E-Mail Security Secure Sockets Layer Secure.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.

DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.
An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.

An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
THE DICOM 2014 Chengdu Workshop August 25, 2014 Chengdu, China Keeping It Safe Brad Genereaux, Agfa HealthCare Product Manager Industry Co-Chair, DICOM.

THE DICOM 2014 Chengdu Workshop August 25, 2014 Chengdu, China Keeping It Safe Brad Genereaux, Agfa HealthCare Product Manager Industry Co-Chair, DICOM.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 8 Web Security.

Chapter 8 Web Security.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
THE DICOM 2013 INTERNATIONAL CONFERENCE & SEMINAR March 14-16Bangalore, India Keeping It Safe: Securing DICOM Lawrence Tarbox, Ph.D. Mallinckrodt Institute.

THE DICOM 2013 INTERNATIONAL CONFERENCE & SEMINAR March 14-16Bangalore, India Keeping It Safe: Securing DICOM Lawrence Tarbox, Ph.D. Mallinckrodt Institute.
E-mail Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Similar presentations

Ads by Google