THE DICOM 2014 Chengdu Workshop August 25, 2014 Chengdu, China Keeping It Safe Brad Genereaux, Agfa HealthCare Product Manager Industry Co-Chair, DICOM.

Slides:

Advertisements

Similar presentations

Internet Protocol Security (IP Sec)

Advertisements

IHE Radiology Integration Profiles: ▪ Post-Processing Workflow ▪ Reporting Workflow IHE Educational Workshop – June 11-13, 2007 Nikolaus Wirsz, PhD Manager.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Secure Data Transmission James Matheke Information Security Architect Ohio Department of Job and Family Services.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

THE DICOM 2013 INTERNATIONAL CONFERENCE & SEMINAR March 14-16Bangalore, India Keeping It Safe: Securing DICOM Lawrence Tarbox, Ph.D. Mallinckrodt Institute.

S Security and DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.

Key Management Lifecycle. Cryptographic key management encompasses the entire lifecycle of cryptographic keys and other keying material. Basic key management.

Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin – Medicity/THSA.

Storage Security and Management: Security Framework

ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.

Defining Security Issues

S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Robert Horn Agfa Healthcare.

7 February 2005IHE Europe Educational Event 1 Audit Trail and Node Authentication Integrating the Healthcare Enterprise G. Claeys Agfa Healthcare R&D Vendor.

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.

September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.

DICOM Security Lawrence Tarbox, Ph.D. Chair, WG 14 Mallinckrodt Institute of Radiology Washington University in St. Louis School of Medicine.

General Key Management Guidance. Key Management Policy  Governs the lifecycle for the keying material  Hope to minimize additional required documentation.

Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Profile IHE IT Technical and Planning Committee June 15 th – July 15 th 2004.

System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,

September, 2005What IHE Delivers 1 Cross-Enterprise Document Point-to-point Interchange (XDP) IHE Vendors Workshop 2006 IHE IT Infrastructure Education.

DICOM Security Andrei Leontiev, M.S. Dynamic Imaging.

Integrating the Healthcare Enterprise Audit Trail and Node Authentication Profile Name of Presenter IHE affiliation.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare.

Section 12.1 Discuss the functions of a Web site Create a feedback form Compare and contrast option buttons and check boxes Section 12.2 Explain the use.

Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security.

DICOM INTERNATIONAL CONFERENCE & SEMINAR Oct 9-11, 2010 Rio de Janeiro, Brazil Security, Privacy & Networking Lawrence Tarbox, Ph.D. Washington University.

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Education Workshop 2007 IHE IT Infrastructure Education John Moehrke GE Healthcare.

DICOMwebTM 2015 Conference & Hands-on Workshop University of Pennsylvania, Philadelphia, PA September 10-11, 2015 Keeping it Safe – Securing DICOM Robert.

Java Security Session 19. Java Security / 2 of 23 Objectives Discuss Java cryptography Explain the Java Security Model Discuss each of the components.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

September, 2005What IHE Delivers 1 Cross-Enterprise Document Point-to-point Interchange (XDM) IHE Vendors Workshop 2006 IHE IT Infrastructure Education.

Cross-Enterprise User Authentication Year 2 March 16, 2006 Cross-Enterprise User Authentication Year 2 March 16, 2006 John F. Moehrke GE Healthcare IT.

DICOM Security Andrei Leontiev, Dynamic Imaging Presentation prepared by: Lawrence Tarbox, Ph.D. Chair, WG 14 Mallinckrodt Institute of Radiology Washington.

4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.

Basic Security Cor Loef Philips Medical Systems Co-Chair IHE Radiology Technical Committee.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin - Medicity.

Firewalls and Tunneling Firewalls –Acts as a barrier against unwanted network traffic –Blocks many communication channels –Can change the design space.

Access to Radiology Information Paul Seifert Agfa HealthCare Co-chair, IHE Radiology Technical Committee.

Radiology Option for Audit Trail and Node Authentication Robert Horn

Integrating the Healthcare Enterprise

BY GAWARE S.R. DEPT.OF COMP.SCI

Pooja programmer,cse department

IS4680 Security Auditing for Compliance

Security in SDR & cognitive radio

Presentation transcript:

THE DICOM 2014 Chengdu Workshop August 25, 2014 Chengdu, China Keeping It Safe Brad Genereaux, Agfa HealthCare Product Manager Industry Co-Chair, DICOM WG-27, Web Technologies Securing DICOM

Topics (hidden) DICOM over TLS DICOM file encryption DICOM content in other transports Security profiles DICOM anonymization profiles 2August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux

What is security? Protecting data security (against unauthorized access) Protecting data integrity (against unauthorized changes) Protecting data loss (against unauthorized deletions) Protecting data availability (against denial of service)

What are the implications if security is compromised? Data corruption and loss Fraud against those victimized Civil penalties (fines and lawsuits) Criminal penalties Serious harm and death

What is NOT security? Changing names of parameters, servers or functions to make it harder to guess Including dangerous functions in a release but not including them in documentation

Keeping DICOM Safe August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux6 DICOM Simple workflow Modality transmits images to archive Radiologist requests images for reading : Out to cause security issues

DICOM Security Profiles Defined in PS3.15, “Security and System Management Profiles” Describes methods to mitigate various security concerns Items in red describe solutions that are used in the industry but not explicity part of the DICOM standard August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux7

DICOM in Transit Who sees this image? The modality, who sends the image The archive, who receives the image Anyone on the network between August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux8 DICOM

DICOM-TLS Transport Level Security encryption (defined in PS3.15 Section B.1) Encryption is negotiated as part of TLS Traffic encrypted with public certificate and decrypted by private key Network VPN tunnels is another mechanism DICOMweb can leverage HTTPS (TLS based) August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux9 DICOM

DICOM in Transit August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux10 Who are the actors in transmission? The modality, who sends the image The archive, who receives the image Anyone pretending to be these actors DICOM

Node Identity DICOM-TLS certificates specifies identifying information about the owner Verification of certificates are done against a signing authority AE titles are a less secure alternative August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux11 DICOM

User Authentication Who can retrieve images? Device is validated by DICOM-TLS User can retrieve images Anyone else using device can, too August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux12 DICOM

User Authentication Defined in PS3.15 B.4-7 Authentication of users can occur via Mutual TLS authentication (each side presents certificates) Authentication during association negotiation (SAML, Kerberos, etc) Authenticating users at the application level and making trusted calls to the imaging backend is an alternative approach August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux13 DICOM

Auditing Described in PS 3.15 Part A.5 User should be known Events for authentication, query, access, transfer, import/export, and deletion This is used in the IHE ITI ATNA profile with Radiology option August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux14

DICOM at Rest Who ensures the images are genuine as the modality provides them? The archive accomplishes this task Anyone else who can manipulate the archive August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux15 DICOM

Digital Signatures DICOM supports digital signatures which provides integrity check and other features Defined in PS3.15 Section C Individual fields can also be selectively encrypted Disk-level encryption can also be used to maintain integrity at rest August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux16 DICOM

Media Storage Used when DICOM is transmitted via physical media (CD, DVD, USB key) Guarantees confidentiality, integrity, and media origin Defined in PS3.15 section D August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux17

Anonymization Anonymization profiles exist to support masking of data for various purposes Clinical trials Teaching files Defined in PS3.15 section E Addresses removal and replacement of DICOM attributes that may reveal protected health information August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux18

DICOM’s Stance DICOM enables a very wide variety of authentication and access control policies, but does not mandate them DICOMweb shares the same position through the use of standard internet technologies August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux19

Suggestions Use DICOM-TLS and HTTPS for DICOMweb Use appropriate authentication and authorization measures Use appropriate at-rest encryption mechanisms Control access via managed environments, strong identity management, firewalls Consider security throughout your project lifecycle, not at the end August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux20

Keep It Safe! Questions? Thank you! August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux21 DICOM

Image Sources August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux22