Modern cryptography covers digital image security exposures

Advances in cryptography technologies, available for years, have recently been applied to the encryption of medical images to enhance security and data integrity. A 2003 RSNA poster exhibited one way of applying advance encryption standard and public key infrastructure techniques to secure digital images in institutional PACS and teleradiology.

The cryptography technique first embeds clinical information, a digital signature, and asymmetric and symmetric keys into the medical image. It then uses the advance encryption standard to encrypt the image along with its associated clinical information, said Dr. Heston Kwong, principal medical officer of the Department of Health in Hong Kong.

The U.S. Health Insurance Portability and Accountability Act requires healthcare entities to safeguard the privacy of individually identifiable patient information. Just how to achieve this is left to the discretion of each facility, although most PACS and teleradiology systems provide secure image and data transmission through public networks using secure socket layers and virtual private networks.

While broadband Internet access facilitates timely transfer of medical images, it also exposes data integrity, data confidentiality, and user authentication vulnerabilities.

Kwong's method incorporates several security advantages to address these vulnerabilities:
? The public key infrastructure, which supports digital signatures with private and public key pairs, provides authentication.
? Digital signatures authenticate the identity of the sender and assure message integrity, thereby providing a system of nonrepudiation.
? A hash function that detects additions and deletions from the image during transmission ensures data integrity.
? Symmetric encryption guarantees data privacy.

The new advance encryption standard 128-bit encryption algorithm - tested and blessed by the U.S. government - takes about 1.5 seconds of overhead processing.

Kwong built his model in the normal routine workflow of an institutional PACS and teleradiology system. The model was tested on a Unix machine with PACS chest studies in a simulated DICOM environment.

The whole process of encryption and decryption of a 7-Mb chest film takes about 3.2 seconds under a Linux operating system with 1-GHz Intel CPU and 512-MB RAM, according to Kwong.

"The implementation of security measures through software is more flexible than through common hardware implementations using application-specific integrated circuit chips," he said.