Security Extensions to DICOM

Security extensions to DICOM

Andreas Thiel¹, Johannes Bernarding¹, Joachim Hohmann², Domagoj Cosic³, Gunter Bellaire⁴

and Thomas Tolxdorff¹

¹Departments of Medical Informatics and ²Radiology, University Hospital Benjamin Franklin, Free University of Berlin, 12200 Berlin, Germany (thiel(at)ukbf.fu-berlin.de)
³Computer Graphics Workgroup, Institute of Technical Informatics, Technical University of Berlin, Germany
⁴Surgical Research Unit OP 2000, Robert Rössle Klinik, Virchow Klinikum, Humboldt University Berlin, Germany

Purpose:

Local area networks in hospitals with Internet connection enable remote access to medical data and the deployment of distributed medical services. The use of standardized protocols like DICOM, which is required by a heterogeneous hard- and software infrastructure, increases the potential that intruders may gain access to sensitive data. The level of data protection required depends on the utilization of secured or publicly accessible networks, the use of standardized communication, and the differing national data security regulations.

Scenario:

The hospital network is separated from the Internet by a firewall. To facilitate communication between DICOM applications, we have integrated a security level between the DICOM upper layer protocol and the TCP/IP interface. The whole datastream has been encrypted using the Secure Socket Layer Protocol (SSL), in accordance with the recommendations of the DICOM working group 14 on security. The current working draft for security enhancements (supplement 31) does not allow encryption of selected parts of DICOM messages and files. For faster communication and off-line storage of data, we have developed methods for encrypting and encoding the patient-relevant data in a DICOM-conform manner.

Discussion:

Data transfer between different hospital departments does not require the encryption of the data stream. However, the integrity of the images has to be guaranteed by a digital signature. Data transfer is restricted to registered machines and registered users. The transfer of data outside the secured network can only be initiated from inside. Before the transfer can be initiated, the users have to decide between a more secure but slower encryption of the whole data stream or a partial but faster encryption of the relevant parts. We use the public key of the partner as encryption key. Safeguarding access to the public key of the partner necessitates key management. Digital certification is required to verify the validity of the key and to guarantee connection between the cryptograph key and the communication partner. This can be provided by a certification authority (CA). The CA can store the public keys of the communication partners after personal identification. To establish a secure connection, the public key of the CA is used to receive the public key of the communication partner.

Conclusion:

Future modifications of the DICOM standard will allow the fast and secure transfer of large amounts of medical data over insecure highspeed networks. Encryption is needed that includes a digital signature of data for transport over insecure networks. The use of certification authorities can solve the problem of user identification.

Key words: DICOM, ATM, data security, highspeed networking, telemedicine, medical workstation

Oral presentation at EuroPACS'98, Barcelona, Spain