DICOM Security DICOM Security Lawrence Tarbox, Ph.D. Lawrence Tarbox, Ph.D. Chair, WG 14 Chair, WG 14 Mallinckrodt Institute of Radiology Mallinckrodt Institute of Radiology Washington University in St. Louis School of Medicine Washington University in St. Louis School of Medicine
33
Embed
B17 Tarbox DICOM Securitydicom.nema.org/dicom/Conf-2005/Day-1_Seminar/B17... · Digital Signature Profiles ... – Reference other signed SRs that include ... Microsoft PowerPoint
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
DICOM SecurityDICOM Security
Lawrence Tarbox, Ph.D.Lawrence Tarbox, Ph.D.Chair, WG 14Chair, WG 14
Mallinckrodt Institute of RadiologyMallinckrodt Institute of Radiology
Washington University in St. Louis School of MedicineWashington University in St. Louis School of Medicine
�� Since some use cases require controlled Since some use cases require controlled access to the original Attribute values:access to the original Attribute values:–– Original values can be stored in a CMS Original values can be stored in a CMS
(Cryptographic Message Syntax) envelope(Cryptographic Message Syntax) envelope�� Embedded in the Data SetEmbedded in the Data Set
�� Only selected recipients can open the envelopeOnly selected recipients can open the envelope
�� Different subsets can be held for different recipientsDifferent subsets can be held for different recipients
–– Full restoration of data not a goalFull restoration of data not a goal
–– Specializations as neededSpecializations as needed
Lets Clear the Confusion!Lets Clear the Confusion!
�� Base XML message format specified Base XML message format specified (IETF (IETF RFC 3881)RFC 3881)
–– To be shared by multiple domainsTo be shared by multiple domains
–– Needs vocabulary definition to be usefulNeeds vocabulary definition to be useful
–– Transport mechanism blindTransport mechanism blind
�� Supplement 95 profiles, augments, and Supplement 95 profiles, augments, and defines DICOMdefines DICOM--specific vocabularyspecific vocabulary–– Use the schema in Supplement to create Use the schema in Supplement to create
messages and read DICOM extensionsmessages and read DICOM extensions
–– Audit repositories can interpret key using the Audit repositories can interpret key using the schema in the RFCschema in the RFC
�� Step toward crossStep toward cross--system system
authorization and access controlsauthorization and access controls
–– DICOM still leaves access control in the DICOM still leaves access control in the
hands of the applicationhands of the application
�� Query FilteringQuery Filtering
–– For productivity as well as securityFor productivity as well as security
Several OptionsSeveral Options
�� User identity alone, with no other User identity alone, with no other security mechanismssecurity mechanisms
�� User identity plus the current DICOM User identity plus the current DICOM TLS mechanismTLS mechanism
�� User identity plus future lower level User identity plus future lower level transport mechanisms (e.g. IPv6 with transport mechanisms (e.g. IPv6 with security option)security option)
�� Kerberos employs a Key Distribution Center (KDC) Kerberos employs a Key Distribution Center (KDC) thatthat–– Authenticates the userAuthenticates the user
–– May be incorporated into local login processMay be incorporated into local login process
–– Provides a Ticket Granting Ticket (TGT) to the local Provides a Ticket Granting Ticket (TGT) to the local systemsystem
�� Local application uses TGT to ask KDC to generate Local application uses TGT to ask KDC to generate the Service Ticket, which then is passed in the the Service Ticket, which then is passed in the Association Negotiation Request Association Negotiation Request
�� Remote application uses the Service Ticket to Remote application uses the Service Ticket to securely identify the user, and optionally generate a securely identify the user, and optionally generate a Server Ticket that is returned in the Association Server Ticket that is returned in the Association Negotiation ResponseNegotiation Response
Prepared for the FuturePrepared for the Future
�� Could support any mechanism that Could support any mechanism that