33rd Annual International Conference of the IEEE EMBS

Boston, Massachusetts USA, August 30 - September 3, 2011

Secure Communications for PACS in a Cloud Environment

Tim Rostrom, Chia-Chi Teng

Abstract—–Picture Archiving and Communication Systems debated [6]. Extending a medical imaging system from a
(PACS) have been traditionally constrained to the premises of protected network on the healthcare provider’s premises to a
the healthcare provider. This has limited the availability of public cloud service requires additional security measures
these systems in many parts of the world and mandated major including a secure communications policy that is carefully
costs in infrastructure for those who employ them. Public
designed and implemented to protect data in transit. The
cloud services could be a solution that eases the cost of
ownership and provide greater flexibility for PACS security of data traveling over the open Internet is critical to
implementations. Moving these systems to the public cloud protect patient privacy and the integrity of the data.
requires that an authentication and encryption policy for This paper discusses how secure communications can be
communications is established within the PACS environment. established in a cloud-based medical image network with
This paper investigated an implementation which uses details outlined as the following. First, the current systems,
Transport Layer Security for communications between a cloud-
standards and publications will be discussed. Second, the
based PACS server and client.
working prototype which creates secured communications
I. INTRODUCTION with a cloud-based server. Lastly, an outline of future work
that needs to be done will be presented.
M EDICAL imaging systems have been traditionally
constrained to the premises of the healthcare provider.
These facilities incur major costs to provide the
II. BACKGROUND RESEARCH
infrastructure for the medical imaging systems. Cost of Picture Archiving and Communication Systems (PACS)
ownership has been a major road block to small scale are commonly used in the hospital environment as the tool to
healthcare providers and in less developed areas. According manage medical images. These systems have standardized
to the World Health Organization, two-thirds of the world’s on the Digital Imaging and Communications in Medicine
population has no access to basic diagnostic imaging (DICOM) file format and communications standard. Part 15
services [1]. These services are primarily unavailable of the DICOM standard specifies Secure Transport
because of insufficient infrastructure, unstable political Connection Profiles which includes two profiles which use
environment and a considerable burden of disease. On the certificates to establish a secure transport session, but details
other hand, the increasing volume of diagnostic images in about how the secured connection is established and
developed regions presents a different challenge. It is authenticated is left open to the application entity [7]. There
estimated that in 2014 healthcare providers in the US will are few publications which discuss how to establish a secure
perform over one billion diagnostic imaging procedures and connection within a PACS environment let alone a PACS
generate approximately 100 Petabytes of data [2]. The deployed to a public cloud. An authentication procedure in
amount of digital data being collected is leading to traditional healthcare systems is less of a concern given that
scalability and management issues for many healthcare most communications are on a private network behind a
providers. firewall and contained within the healthcare facility. Many
Cloud computing provides an environment where services implementations have a PACS router if communication
can be rapidly scaled up or down while costs incur only on a outside of the protected network is needed. As we extend
‘pay per use’ basis without upfront capital costs. Real the system to utilize public cloud computing resources,
monetary saving can come from utilizing cloud computing establishing an authentication policy for secured
for both small and large organizations [3], [4]. Other communications is a necessity.
benefits include more robust cost-effective business Cloud computing is still a developing industry where
continuity planning such as disaster recovery [2], and benefits and concerns are still being explored. Rosenthal et
allowing more focus to be put on providing healthcare al [5] evaluates how cloud computing could be used for the
services than managing infrastructure [4]. healthcare industry. Some benefits discussed are reduced
These benefits do not come without risks. Maintaining management decisions concerning infrastructure, scalability,
the security and integrity of the data with a cloud increased resiliency and cost reductions. Even within a
environment becomes a major concern [5]. Legal policies cloud environment, security management is still principally
concerning cloud computing are still being explored and the responsibility of organization and is not outsourced to
the cloud provider. Some additional considerations for
organizations when moving to the cloud include the
T. Rostrom is with Brigham Young University, Provo, UT 84602, USA. jurisdiction the cloud application will be under, additional
(e-mail: trostrom@byu.edu).
C. Teng is with Brigham Young University, Provo, UT 84602, USA. risk of hackers and protecting data from the cloud provider
(phone: 801-422-1297; e-mail: ccteng@byu.edu). and other tenants using cloud.

978-1-4244-4122-8/11/$26.00 ©2011 IEEE 8219

 Buyya et al [8] analyzes the trends of cloud
computing and how they might be used by
industry. Also included is an analysis of cloud
computing infrastructure and some of the
leading commercial cloud providers including
Amazon EC2 [9], Google AppEngine [10], and
Windows Azure [11].
The European Network and Information
Security Agency (ENISA) [12] have published
an extensive security analysis for the cloud and
provided recommendations to manage and
mitigate cloud specific risk. Many benefits to
information security within a cloud
environment were discussed including security
on a large scale, rapid, smart scaling of
resources and how service level agreements
(SLA) force better risk management. Some
risks inherent to cloud environments include
vender lock-in, possible loss of governance and
cloud service termination.
These evaluations, and many others, provide Fig. 1. Transport Layer Security authentication procedure
insights into the benefits and concerns
regarding security within cloud services. With cloud certificate is created, it contains a private and public key for
computing being a relatively new industry, there is still identification and encryption. These keys work in an
much that needs to be discussed concerning how the services asynchronous nature where data encrypted by one key can
should be used and security measures put in place. only be decrypted by the other. Only the owner of the
Implementation of these security measures for medical certificate has possession of the private key. The public key
imaging systems has not yet been widely discussed. is to be given freely to those who try to authenticate and
This research was to investigate the feasibility of secured securely communicate with the owner. Likewise, there are
DICOM communications with a cloud-based PACS two versions of each certificate: private and public. The
implementation. To create a prototype for this project, we private certificate holds both the private and public keys and
are leveraging an existing Windows Azure based DICOM is only given to the owner. The public certificate only holds
server [13] and a mobile DICOM client for portable the public key and is given as part of the identification
Ultrasound imaging [14]. Both of the projects implemented process of the owner. In this way, data encrypted by the
the standard DICOM networking protocol without the public key can only be decrypted by the private key and vice
secured transport specification [7]. versa. This is used for both encryption and as proof of
identity during the authentication procedure.
III. SYSTEM OVERVIEW
A. Certificate Creation and Distribution
Typical PACS has no mechanism for client authentication
A trusted certificate authority (CA) will create a
by username and password. Therefore, the client needs to
validate the identity of the server and vice versa by using certificate for both the cloud application and the client. This
security certificates or other similar methods. DICOM CA may be a public authentication service like Verisign
specifies the requirement of secured data transmission in its (www.verisign.com) or an enterprise CA that is controlled
Part 15 specification [7]. However, it does not specify a by the cloud-based PACS service. The cloud server will
mechanism for authentication except stating that it is up to hold both the server private certificate (SPrC) and the client
the application entity which should follow the transport layer public certificate (CPuC). Likewise, the client will hold the
security (TLS) or integrated secure communication layer client private certificate (CPrC) and the cloud server public
(ISCL) standards. After a secured connection is established certificate (SPuC). These certificates will be used to provide
through either of these protocols, data will then be encryption and identification during the authentication
transferred according to the negotiated encryption method. process.
The standard used for this project is the Basic TLS Secure For this prototype system, we used the Windows Internet
Transport Connection Profile specified in Part 15 of the Information Services Manager to generate the certificates.
DICOM standard [7]. With this profile, the TLS two-way These are self-signed certificates meaning that the CA is also
client-server authentication via certificate exchanges [15] the owner of the certificate. Certificates issued by public
will be used. A unique certificate must be created and authentication services or an enterprise CA will also work in
distributed to both the server and the client. When a this prototype.

8220
 Fig. 2. Certificates imported into the Windows Azure certificate manager

added to the cloud service through the Azure web interface,

B. Authentication
as shown in Figure 2. This online Azure certificate manager
Figure 1 shows the high-level TLS two-way allows x.509 certificates [17] to be uploaded to be used by
authentication procedure. The simplified process is as the cloud applications. Using Visual Studio with the Azure
follows, SDK, certificates available in the Azure certificate manager
1) Creation & distribution of certificates by the trusted CA
can be linked to specific applications. These certificates can
to setup both cloud application and client.
be used for proof of identity or validation of client
2) The client requests for a connection from the server.
certificates.
3) The server responds with its public certificate, SPuC.
For the cloud DICOM server, a single certificate, SPrC, is
The client checks if the SPuC identifies the trusted
used for a cloud deployment to provide proof of the server’s
cloud server.
identity to the client. Also, all the client public certificates,
4) If the SPuC passes the test, the client responds with its
CPuC, are installed to the certificate manager. When a
public certificate, CPuC. The server verifies that the
client requests a connection to the cloud server, the server
CPuC is from a trusted client according to the validation
responds by passing its public certificate, SPuC, to the
procedure.
client. The client then uses the previously installed, SPuC,
5) If the CPuC passes the test, a symmetric key is used to
to validate the certificate it received from the cloud server.
encrypt the remainder of the communication session.
After the client has validated the identity of the cloud
server, the client presents its public certificate, CPuC, for
C. Cloud Implementation proof of identity to the cloud server. The server checks the
While the transport layer security protocol is standardized, CPuC against the list of trusted client certificates received
operating systems (OS) have varying degree of built-in from the CA. This procedure assures that only authorized
support regarding tools to manage the security certificates clients can connect to the cloud server.
and application programming interface (API) to access them. D. Client Implementation
OpenSSL library [16] was created to provide a cross-
The DICOM client used was created for the Microsoft
platform unified tools and API to manage and access
Windows OS written with the .NET framework. Figure 3
certificates, but it is still difficult to use and more
shows the Windows Certificate Manager which controls all
importantly lacks sophisticated management tools with
personal and trusted CA certificates. The CPrC and SPuC
graphical user interface (GUI). Microsoft Windows OS has a
certificates are installed to this manager. When the client
built-in certificate management system with a GUI
receives the SPuC from the cloud application, the client
application which makes it easier to manage certificates. The
validates the certificate against the trusted SPuC received
.NET library also provides an easy to use API to access
from the CA. After a successful validation, the client sends
certificates to establish secured transport connections.
its public certificate, CPuC, to the server for identification.
Microsoft’s Windows Azure has built-in .NET support
similar to the desktop OS, which makes it easy to access the
certificates through the high level API. Certificates are

8221
 Fig. 3. Windows Certificate Manager containing the client’s private certificate

including scalability, pay per use and reduction of

IV. RESULTS infrastructure management. This can benefit large and small
This prototype implemented a secure connection between a healthcare providers throughout the world to provide better
cloud-based DICOM server and client. The Windows Azure diagnostics imaging services, reduce costs and focus more
and .NET platforms provided all the necessary tools for the on providing healthcare services than infrastructure
authentication and encryption functionality. As discussed in management.
previous section, Azure’s certificate management service
works with .NET to execute these processes. Server REFERENCES
certificates can be added or removed while the cloud [1] WHO report, “Essential diagnostic imaging,” World Health
application is running, and they can be shared among Organization, http://www.who.int/eht/en/DiagnosticImagin.pdf
multiple instances of the applications. [2] “Prepare for disaster & tackle terabytes when evaluating medical
image archiving,” Frost & Sullivan, http://www.frost.com, 2008.
The secured DICOM transport was examined with the [3] M. Armbrust, .A. Fox, R. Griffith, A. Joseph, R. Katz, A. Konwinski
Wireshark network packet analyzer et al, “Above the clouds: a Berkeley view of cloud computing,” EECS
(http://www.wireshark.org). The authentication process can Department, University of California, Berkeley Technical Report,
prevent typical spoofing attack. The communication session Feb. 2009.
[4] A. Rosenthal, P. Mork, M. H. Li, J. Stanford, D. Koester, P. Reynolds,
was confirmed to be encrypted and safe from man-in-the- “Cloud computing: a new business paradigm for biomedical
middle attack. We also tested the difference in transmission information sharing,” Journal of Biomedical Informatics, vol. 43, pp.
speed between using secure communications and not. The 342-353.
tests were performed by uploading a DICOM image to the [5] J. Harauz, L. M. Kaufman, B. Potter, “Data security in the world of
cloud computing,” IEEE Security & Privacy, July 2009.
cloud server using the C-STORE message and measuring the [6] P. T. Jaeger, T. Lin and J. M. Grimes, “Cloud computing and
time it took to complete the protocol. We found that it took information policy: computing in a policy cloud”. Journal of
an average of 7 seconds when the communication was not Information Technology & Politics, vol 5(3), pp. 269-283, 2008.
secured and 9 seconds when it was secured. This shows the [7] Digital Imaging and Communications in Medicine (DICOM), National
Electronical Manufacturers Association, Rosslyn, VA.
expected increase in time resulted from the overhead of [8] R. Buyya, C. S. Yeo, S. Venugopal, J. Broberg, I. Brandic, “Cloud
securing the communication. computing and emerging IT platforms: vision, hype, and reality for
delivering computing as the 5th utility,” Future Generation Computer
V. FUTURE WORK AND CONCLUSIONS Systems, vol. 25, pp. 599-616.
[9] Amazon elastic compute cloud (EC2). http://www.amazon.com/ec2/
The implementation of this prototype demonstrates that a [10] Google app engine. http://appengine.google.com
medical imaging server placed on public cloud services can [11] Microsoft window azure. http://www.microsoft.com/windowsazure/
[12] “Cloud computing: benefits, risks and recommendations for
authenticate and secure the communications with its clients information security,” ENISA, Nov. 2009.
as required by HIPAA rules. This prototype is a proof of [13] C. C. Teng, J. Mitchell, C. Walker, A. Swan, C. Davila, D. Howard,
concept and therefore needs some work to become a more T. Needham, “A medical image archive solution in the cloud,”
Software Engineering and Service Sciences IEEE International
practical implementation. Work needs to be done to create a Conference, 2010.
certificate management policy which will allow for a more [14] C. C. Teng, C. Green, R. Johnson, P. Jones, C. Treasure, “Mobile
scalable and flexible solution. This policy needs to include ultrasound with DICOM and cloud connectivity,” IEEE 2010
Congress on Services (SERVICES 2011), in press.
certificate creation, distribution, authentication and account [15] T. Dierks, E. Rescorla, “RFC 5246 – the transport layer security
for groups or organizations of clients. (TLS) protocol version 1.2,” IETF, Network Working Group, Aug.
Moving medical imaging servers to the cloud enables 2008.
[16] OpenSSL cryptography and SSL/TLS toolkit. http://www.openssl.org.
healthcare providers to extend their reach with mobile [17] R. Housley, W. Ford, W. Polk, D. Solo, “RFC for x.509 – internet
clients that can function anywhere the internet can be x.509 public key infrastructure: certificate and crl profile,” IETF,
accessed. It also provides the benefits of cloud computing Network Working Group, Jan. 1999.

8222