Download presentation
Presentation is loading. Please wait.
Published byWinfred Henry Modified over 9 years ago
1
THE DICOM 2014 Chengdu Workshop August 25, 2014 Chengdu, China Keeping It Safe Brad Genereaux, Agfa HealthCare Product Manager Industry Co-Chair, DICOM WG-27, Web Technologies Securing DICOM
2
Topics (hidden) DICOM over TLS DICOM file encryption DICOM content in other transports Security profiles DICOM anonymization profiles 2August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux
3
What is security? Protecting data security (against unauthorized access) Protecting data integrity (against unauthorized changes) Protecting data loss (against unauthorized deletions) Protecting data availability (against denial of service)
4
What are the implications if security is compromised? Data corruption and loss Fraud against those victimized Civil penalties (fines and lawsuits) Criminal penalties Serious harm and death
5
What is NOT security? Changing names of parameters, servers or functions to make it harder to guess Including dangerous functions in a release but not including them in documentation
6
Keeping DICOM Safe August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux6 DICOM Simple workflow Modality transmits images to archive Radiologist requests images for reading : Out to cause security issues
7
DICOM Security Profiles Defined in PS3.15, “Security and System Management Profiles” Describes methods to mitigate various security concerns Items in red describe solutions that are used in the industry but not explicity part of the DICOM standard August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux7
8
DICOM in Transit Who sees this image? The modality, who sends the image The archive, who receives the image Anyone on the network between August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux8 DICOM
9
DICOM-TLS Transport Level Security encryption (defined in PS3.15 Section B.1) Encryption is negotiated as part of TLS Traffic encrypted with public certificate and decrypted by private key Network VPN tunnels is another mechanism DICOMweb can leverage HTTPS (TLS based) August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux9 DICOM
10
DICOM in Transit August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux10 Who are the actors in transmission? The modality, who sends the image The archive, who receives the image Anyone pretending to be these actors DICOM
11
Node Identity DICOM-TLS certificates specifies identifying information about the owner Verification of certificates are done against a signing authority AE titles are a less secure alternative August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux11 DICOM
12
User Authentication Who can retrieve images? Device is validated by DICOM-TLS User can retrieve images Anyone else using device can, too August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux12 DICOM
13
User Authentication Defined in PS3.15 B.4-7 Authentication of users can occur via Mutual TLS authentication (each side presents certificates) Authentication during association negotiation (SAML, Kerberos, etc) Authenticating users at the application level and making trusted calls to the imaging backend is an alternative approach August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux13 DICOM
14
Auditing Described in PS 3.15 Part A.5 User should be known Events for authentication, query, access, transfer, import/export, and deletion This is used in the IHE ITI ATNA profile with Radiology option August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux14
15
DICOM at Rest Who ensures the images are genuine as the modality provides them? The archive accomplishes this task Anyone else who can manipulate the archive August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux15 DICOM
16
Digital Signatures DICOM supports digital signatures which provides integrity check and other features Defined in PS3.15 Section C Individual fields can also be selectively encrypted Disk-level encryption can also be used to maintain integrity at rest August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux16 DICOM
17
Media Storage Used when DICOM is transmitted via physical media (CD, DVD, USB key) Guarantees confidentiality, integrity, and media origin Defined in PS3.15 section D August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux17
18
Anonymization Anonymization profiles exist to support masking of data for various purposes Clinical trials Teaching files Defined in PS3.15 section E Addresses removal and replacement of DICOM attributes that may reveal protected health information August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux18
19
DICOM’s Stance DICOM enables a very wide variety of authentication and access control policies, but does not mandate them DICOMweb shares the same position through the use of standard internet technologies August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux19
20
Suggestions Use DICOM-TLS and HTTPS for DICOMweb Use appropriate authentication and authorization measures Use appropriate at-rest encryption mechanisms Control access via managed environments, strong identity management, firewalls Consider security throughout your project lifecycle, not at the end August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux20
21
Keep It Safe! Questions? Thank you! August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux21 DICOM
22
Image Sources http://echoesofhumanity.co.uk/wp-content/uploads/2014/05/photo.jpg http://icdn.pro/images/en/l/o/lock-icone-6201-128.png http://blog.getcertified4less.com/wp-content/uploads/2012/02/Certificate_Icon.jpg http://fc06.deviantart.net/fs71/i/2010/223/6/4/Computer_Icon_by_DrunkenSandwich.png http://www.clker.com/cliparts/e/2/a/d/1206574733930851359Ryan_Taylor_Green_Tick.svg.med.png August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux22
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.