Adding Security to a DICOM Connection

Based on the ISCL standards, LEADTOOLS provides support for adding security in the following areas:

Computer/Entity Authentication

Before establishing a DICOM Associate connection between two computers, each computer should "authenticate" the other computer. This ensures that both computers are legitimate, and are qualified to have access to the information that may be transferred. This is accomplished through mutual authentication. A more detailed description of this process can be found in either General Integrated Secure Communication Layer (ISCL) Information, or the "MEDIC-DC STANDARDS for Integrated Secure Communication Layer Protocols V 1.00."

A specific mode can be used for the mutual authentication process. This is set using the L_DicomSetMutualAuthAlgISCL function. Currently only the "Three-pass-four-way" mode is used. During the mutual authentication process, authentication data, an authentication key and an index for the authentication key is used to authenticate one entity to another. The authentication data used for this process can be set using the L_DicomSetAuthDataISCL function.

In addition, during the mutual authentication process an index into an array of authentication keys is used to further authenticate an entity. The authentication keys for both the client and the server must be the same. These keys can be set in the array using the L_DicomSetMutualAuthKeyISCL function. An index is used to specify which key in the array should be used for authentication. This index is set using the L_DicomSetIndexForMutualAuthISCL function. To determine the current index of the key to use for authentication, call the L_DicomGetIndexForMutualAuthISCL function.

Confidentiality

Once two computers have authenticated each other, they can begin transferring messages and data between them. The confidentiality of these transfers is maintained by encrypting the data sent over the communication channel. Currently LEADTOOLS supports the ISCL standard of either using no encryption or using the DES encryption in cipher block chaining mode. The encryption mode can be set using the L_DicomSetDefaultEncryptionISCL function.

In addition, during the encryption/decryption process an index into an array of encryption keys is used to further guard data confidentiality. The encryption keys for both the client and the server must be the same. These keys can be set in the array using the L_DicomSetEncryptKeyISCL function. An index is used to specify which key in the array should be used for encryption. This index is set using the L_DicomSetIndexForEncryptISCL function. To determine the current index of the key to use for encryption, call the L_DicomGetIndexForEncryptISCL function.

Data Integrity

Data integrity is maintained by adding message authentication codes to each message sent across the DICOM Network. The message authentication codes may be DESMAC or MD5. To set the type of message authentication codes to use, call the L_DicomSetDefaultSigningISCL function.

Digital Signatures

Digital Signatures capability provides a first step towards lifetime integrity checks. When creating a Digital Signature, the creator of a Digital Signature identifies those Data Elements of a DICOM Data Set that are included in the calculation of the Message Authentication Code (MAC) used in the Digital Signature. The creator calculates the MAC, and then encrypts the MAC with a key or the private part of a key pair unique to the creator of the Digital Signature. Any receiver of the DICOM Data Set that knows the key or public part of the key pair can then recalculate the MAC and compare it with the MAC recorded in the Digital Signature. If any of the identified Data Elements has been altered or removed, it is extremely unlikely that the MAC calculated by the receiver and the MAC within the Digital Signature will agree. Digital Signature Profiles are specified in Annex C of DICOM PS 3.15. For more information, refer to Working with Digital Signatures.