DICOM Security - PowerPoint PPT Presentation

About This Presentation
Title:

DICOM Security

Description:

TJ refers to a field of activity and inquiry focused on how societies address: ... Sierra Leone (2002-2004) Truth and Reconciliation Commission ... – PowerPoint PPT presentation

Number of Views:387
Avg rating:3.0/5.0
Slides: 26
Provided by: gray5
Learn more at: https://dicom.nema.org
Category:

less

Transcript and Presenter's Notes

Title: DICOM Security


1
DICOM Security
  • Andrei Leontiev, M.S.
  • Dynamic Imaging

2
Security Profiles
  • Secure Transport Connection
  • DICOM over TLS
  • Secure Media
  • Secured DICOM files on media
  • Secure Use
  • Use of Digital Signatures
  • Confidentiality
  • De-idedntification and re-identification

3
Secure Transport
  • DICOM over TLS

4
Key Use Case
  • How can an application know that
  • Association Request comes from an authorized
    node?
  • Data are not tempered with during transfer?
  • Data were protected from third-party?

5
Contents
  • Addresses following Security aspects
  • Entity (node) Authentication
  • Data Integrity
  • Privacy
  • Allows to establish secure transport connection
    between nodes
  • Via TLS negotiation
  • Via ISCL negotiation
  • Three secure transport profiles

6
TLS Secure Transport Profile
  • Node Authentication
  • RSA Certificates
  • Data Integrity
  • SHA
  • Privacy (Encryption)
  • 3DES CBC - optional

7
AES Profile
  • Similar to TLS Basic Profile
  • Requires use of AES Encryption
  • Requires requestor tosupport fallback to 3DES

8
ISCL Secure Transport Profile
  • Node Authentication
  • Three pass (four-way) authentication (ISO/IEC
    9798-2)
  • Data Integrity
  • MD-5 encrypted with DES, or DES-MAC (ISO 8730)
  • Privacy (Encryption)
  • DES - optional

9
Secure Media
10
Key Use Case
  • How can an application know that information in
    DICOM file on the media
  • Has not been tempered with?
  • Is protected from unauthorized access?
  • is produced by an authorized source?

11
Contents
  • Addresses following Security aspects
  • Source Authentication (optional)
  • Data Integrity
  • Privacy
  • Secures each File in DICOM File-Set single DICOM
    File by encapsulating its content with the
    Cryptographic Message Syntax as defined in RFC
    2630
  • Does not additionally secure File-Set or Media
    itself

12
Secure Media Profile
  • Source Authentication
  • RSA Digital Signature
  • Data Integrity
  • SHA Digest
  • Privacy (Encryption)
  • 3DES or AES

13
Secure Use and Digital Signatures
14
Key Use Case
  • How can an application know that an object it
    received
  • Is an Original or a Copy?
  • Has been authorized and by whom?
  • Has not been tampered with?

15
Contents
  • Addresses following Security aspects
  • Source Authentication
  • Data Integrity
  • Provides mechanisms to calculate Digital
    Signature for Object content and include it as
    part of an Object
  • Allows explicit distinction of Original and a
    Copy of a SOP Instance with the same UID

16
Secure Use Profile
  • Allows AEs to negotiate support of the Secure Use
    Profile
  • Extended Negotiation of Digital Signature Level
  • Sets the management rules of Instance Status
    attribute
  • Original, Authorized Original, Authorized Copy
  • Rules assuring that only one Original of SOP
    Instance exists in the system
  • MOVE and COPY semantics for Storage Service

17
Secure Use Profile
  • Three Level of Digital Signature Support
  • No preservation
  • Non-bit preserving
  • Bit-Preserving
  • Requires Level 2 (Full) Storage Support

18
Secure Use Profile
  • Three Level of Digital Signature Support
  • No preservation
  • Non-bit preserving
  • Bit-Preserving
  • Requires Level 2 (Full) Storage Support

19
Attribute Confidentiality Profile
20
Key Use Case
  • How can an application know that an object it
    received
  • Does not have any personal protected information
    (identifiers)?
  • Provides authorized application to restore
    identifying information?

21
Contents
  • Addresses following Security aspects
  • Data Confidentiality
  • Provides mechanisms to de-identify SOP Instance
    and preserve original data within SOP Instance in
    protected (encrypted) envelope

22
Attribute Confidentiality Profile
  • Application can comply as
  • De-identifier
  • Re-identifier
  • De-identifier
  • Replaces confidential data with dummy values
    preserving validity of the SOP
  • Optionally encrypts original data and includes
    encrypted bit-stream as an attribute in the
    object (3DES or AES)
  • Profile defines list of attributes to replace

23
Attribute Name Tag
Instance Creator UID (0008,0014)
SOP Instance UID (0008,0018)
Accession Number (0008,0050)
Institution Name (0008,0080)
Institution Address (0008,0081)
Referring Physicians Name (0008,0090)
Referring Physicians Address (0008,0092)
Referring Physicians Telephone Numbers (0008,0094)
Station Name (0008,1010)
MORE ATTRIBUTES ARE DEFINED
24
Attribute Confidentiality Profile
  • Re-identifier
  • If possessing valid keys, de-crypts original
    values
  • Restores original values of attributes tht were
    de-identified
  • Profile defines list of attributes to replace

25
Questions?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "DICOM Security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!