Abstract
This chapter introduces a framework for secure access to biomedical images. Biomedical images are acquired using a vast array of imaging techniques depending upon the specific application. A magnetic resonance spatial domain image is acquired by taking inverse weighted Fourier transform of raw frequency domain data generated by the modality. After correction, these images are stored in a standard format. The access to these stored images is typically subjected to authorization. Medical information in biomedical images needs to be protected in both stored form and in transmission. Encryption technologies are used to secure information whereas compression technologies are used to reduce the information without affecting the contents. In this chapter, a cryptocompression system is proposed which integrates both encryption and compression to fulfill the requirements of electronic protected health information records.
TopIntroduction
Biomedical images are generally imagined images that are acquired by the application of physical principles. These images are often valuable and typically require implementation of information security measures for authorized access. This chapter introduces a framework for secure access to biomedical images.
Images are acquired, stored, transferred from one place to another, and processed. Information and communication technologies play an important role to accomplish these tasks. Commercial systems use intensive computing resources to apply complex image processing and analysis algorithms in order to produce desired results. These results are useful for further examination by medical experts or computer-based expert systems.
Biomedical images are acquired using a vast array of imaging techniques depending upon the specific application. A magnetic resonance spatial domain image is acquired by taking inverse weighted Fourier transform of raw frequency domain data generated by the modality. After correction, these images are stored in a standard format. Access to these stored images is typically subjected to authorization.
Information security measures are helpful in order to provide a controlled access to biomedical images. These security measures ensure protection of useful information in images from unauthorized access, manipulation, and deletion. These aspects of information security are referred to as information confidentiality, integrity, and availability – the CIA triad model. The model provides useful insights on how information needs to be protected in the presence of a wide variety of threats.
Encryption and compression standards are useful when images are archived and retrieved over a network medium. Compression is used optionally to lower the impact of encryption overhead. In this chapter, components and function of a proposed cryptocompression system with advanced encryption standard and joint photographic experts group 2000 standard for biomedical image processing are described. The structure and objectives of this chapter are as follows:
- •
Provide an overview of fundamental security concepts, CIA triad model, framework, and related standards helpful to provide secure access to biomedical images.
- •
Briefly review information security research that enabled the protection of digital images in general and biomedical images in particular.
- •
Explain proposed framework components and function.
- •
Outline challenges and future research trends.
Table 1. | Acronym | Term |
| AE | Application Entity |
| AES | Advanced Encryption Algorithm |
| AWS | Amazon Web Services |
| ePHI | Electronic Protected Health Information |
| CIA | Confidentiality, Integrity, and Availability |
| CSA | Compressed and Secure Archive |
| CT | Computed Tomography |
| DES | Data Encryption Standard |
| DHCP | Dynamic Host Configuration Protocol |
| DICOM | Digital Imaging and Communications in Medicine |
| EHR | Electronic Health Record |
| FSAMI | Framework for Secure Access to Medical Images |
| INFOSEC | Information Security |
| HIPAA | Health Insurance Portability and Accountability Act |
| HIS | Hospital Information System |
| HL7 | Health Level Seven |
| ISCL | Integrated Secure Communication Layer |
| JPEG | Joint Photographic Experts Group |
| LDAP | Lightweight Directory Access Protocol |
| MRI | Magnetic Resonance Imaging |
| NEMA | National Electrical Manufacturers Association |
| NIST | National Institute of Standards and Technology |
| PHI | Protected Health Information |
| PGM | Portable Gray Map |
| RIS | Radiology Information System |
| TLS | Transport Layer Security |
| WAF | Web Application Firewall |
Key Terms in this Chapter
Cryptosystem: A system which converts plain text to cipher text or cipher text to plain text by the application of encryption or decryption algorithm. The key generation for encryption and decryption algorithms is also part of a cryptosystem.
Denial of Service (DoS) Attack: A situation in which service is not available to an authorized user. A typical case of in which a malicious software code makes services inaccessible by overloading computing and network resources.
Cryptography: Cryptography refers to key-controlled transformations of information that is either impossible or computationally infeasible to decipher.
Digital Imaging and Communications in Medicine: Digital imaging and communications in medicine (DICOM) is the standard for the communication and management of medical images and related data.
Picture Archiving and Communication System: Picture archiving and communication system (PACS) includes digital imaging modalities to lower patient exposure to radiations, speed-up healthcare delivery, and reduction in overall medical operation costs.
Application Entity: Application entity is a functional unit in DICOM. The imaging modality, server, or workstation in the PACS have unique application entities.
Distributed DoS Attack: A distributed denial-of-service attack is a botnet attack in which multiple locations are used to attack on a service.
Information Security: Information security (INFOSEC) refers to the protection of information and information systems against unauthorized access and modification of information in storage, processing, or in transit.
National Institute of Standards and Technology: The National Institute of Standards and Technology (NIST) was founded in 1901 and is now part of the U.S. Department of Commerce.
Cryptocompression System: A system which implements both encryption and compression technologies to generate cryptocompressed text from plain text.