Keeping it safe: Securing DICOM

20
THE DICOM 2014 Chengdu Workshop August 25, 2014 Chengdu, China Keeping It Safe Brad Genereaux, Agfa HealthCare Product Manager Industry Co-Chair, DICOM WG-27, Web Technologies Securing DICOM

description

Presentation I gave at the DICOM Workshop, held in Chengdu, China, in August 2014. Topics include: DICOM over TLS, DICOM file encryption, DICOM content in other transports, security profiles, and DICOM anonymization profiles.

Transcript of Keeping it safe: Securing DICOM

Page 1: Keeping it safe: Securing DICOM

THE DICOM 2014 Chengdu Workshop

August 25, 2014 Chengdu, China

Keeping It Safe

Brad Genereaux, Agfa HealthCare

Product Manager

Industry Co-Chair, DICOM WG-27, Web Technologies

Securing DICOM

Page 2: Keeping it safe: Securing DICOM

What is security?

• Protecting data security (against unauthorized access)

• Protecting data integrity (against unauthorized changes)

• Protecting data loss (against unauthorized deletions)

• Protecting data availability (against denial of service)

Page 3: Keeping it safe: Securing DICOM

What are the implications if security is compromised?

• Data corruption and loss• Fraud against those victimized• Civil penalties (fines and lawsuits)• Criminal penalties• Serious harm and death

Page 4: Keeping it safe: Securing DICOM

What is NOT security?

• Changing names of parameters, servers or functions to make it harder to guess

• Including dangerous functions in a release but not including them in documentation

Page 5: Keeping it safe: Securing DICOM

Keeping DICOM Safe

August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 6

DICOMDICOM

Simple workflow• Modality transmits images to archive• Radiologist requests images for reading

: Out to cause security issues

Page 6: Keeping it safe: Securing DICOM

DICOM Security Profiles

• Defined in PS3.15, “Security and System Management Profiles”

• Describes methods to mitigate various security concerns

• Items in red describe solutions that are used in the industry but not explicity part of the DICOM standard

August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 7

Page 7: Keeping it safe: Securing DICOM

DICOM in Transit

Who sees this image?• The modality, who sends the image• The archive, who receives the image• Anyone on the network between

August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 8

DICOMDICOM

Page 8: Keeping it safe: Securing DICOM

DICOM-TLS

• Transport Level Security encryption (defined in PS3.15 Section B.1)

• Encryption is negotiated as part of TLS• Traffic encrypted with public certificate and

decrypted by private key• Network VPN tunnels is another mechanism• DICOMweb can leverage HTTPS (TLS based)

August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 9

DICOMDICOM

Page 9: Keeping it safe: Securing DICOM

DICOM in Transit

August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 10

Who are the actors in transmission?• The modality, who sends the image• The archive, who receives the image• Anyone pretending to be these actors

DICOMDICOM

Page 10: Keeping it safe: Securing DICOM

Node Identity

• DICOM-TLS certificates specifies identifying information about the owner

• Verification of certificates are done against a signing authority

• AE titles are a less secure alternativeAugust 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 11

DICOMDICOM

Page 11: Keeping it safe: Securing DICOM

User Authentication

Who can retrieve images?• Device is validated by DICOM-TLS• User can retrieve images• Anyone else using device can, too

August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 12

DICOMDICOM

Page 12: Keeping it safe: Securing DICOM

User Authentication

• Defined in PS3.15 B.4-7• Authentication of users can occur via

• Mutual TLS authentication (each side presents certificates)• Authentication during association negotiation (SAML,

Kerberos, etc)

• Authenticating users at the application level and making trusted calls to the imaging backend is an alternative approach

August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 13

DICOMDICOM

Page 13: Keeping it safe: Securing DICOM

Auditing

• Described in PS 3.15 Part A.5• User should be known• Events for authentication, query,

access, transfer, import/export, and deletion

• This is used in the IHE ITI ATNA profile with Radiology option

August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 14

Page 14: Keeping it safe: Securing DICOM

DICOM at Rest

Who ensures the images are genuine as the modality provides them?• The archive accomplishes this task• Anyone else who can manipulate the

archive

August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 15

DICOMDICOM

Page 15: Keeping it safe: Securing DICOM

Digital Signatures

• DICOM supports digital signatures which provides integrity check and other features

• Defined in PS3.15 Section C• Individual fields can also be selectively encrypted• Disk-level encryption can also be used to maintain

integrity at rest

August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 16

DICOMDICOM

Page 16: Keeping it safe: Securing DICOM

Media Storage

• Used when DICOM is transmitted via physical media (CD, DVD, USB key)

• Guarantees confidentiality, integrity, and media origin

• Defined in PS3.15 section D

August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 17

Page 17: Keeping it safe: Securing DICOM

Anonymization

• Anonymization profiles exist to support masking of data for various purposes

• Clinical trials• Teaching files

• Defined in PS3.15 section E• Addresses removal and replacement of

DICOM attributes that may reveal protected health information

August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 18

Page 18: Keeping it safe: Securing DICOM

DICOM’s Stance

• DICOM enables a very wide variety of authentication and access control policies, but does not mandate them

• DICOMweb shares the same position through the use of standard internet technologies

August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 19

Page 19: Keeping it safe: Securing DICOM

Suggestions

Use DICOM-TLS, and HTTPS for DICOMweb Use appropriate authentication and

authorization measures Use appropriate at-rest encryption

mechanisms Control access via managed environments,

strong identity management, firewalls Consider security throughout your project

lifecycle, not at the end

August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 20

Page 20: Keeping it safe: Securing DICOM

Keep It Safe!

Questions? Thank you!

August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 21

DICOMDICOM