General Integrated Secure Communication Layer (ISCL) Information

The Integrated Secure Communication Layer (ISCL) provides a means of adding security to DICOM communication. The security added targets three main areas:

image\sqrblit.gif Computer or Entity Authentication

image\sqrblit.gif Confidentiality

image\sqrblit.gif Data Integrity

Computer/Entity Authentication

Computer or entity authentication let’s both the client and the server make sure the computer to which they are communicating (the peer computer) is "legitimate" for communication. This is accomplished by exchanging challenge codes and response codes. This occurs during "mutual authentication". Currently, the only mutual authentication protocol is the "Three-pass-four-way" protocol. For a more detailed description of this protocol, refer to the "MEDIS-DC STANDARDS for Integrated Secure Communication Layer Protocols V 1.00".

Confidentiality

Communication confidentiality is achieved by encrypting the data sent over the communication channel. Currently, the encryption options are:

image\sqrblit.gif No encryption

image\sqrblit.gif DES-CBC encryption. This is a 56 bit effective key length in a 64 bit key encryption in cipher block chaining mode.

For a more information on encryption, refer to the "MEDIS-DC STANDARDS for Integrated Secure Communication Layer Protocols V 1.00".

Data Integrity

Data integrity is maintained by using message authentication codes for each message sent across a DICOM Network. These message authentication codes are encrypted using the same encryption mode used for encrypting data. Currently, ISCL uses DESMAC (64 bit) and MD5 (128 bit) message authentication codes.