DICOM PS3.15 2017d - Security and System Management Profiles

B.2 ISCL Secure Transport Connection Profile

An implementation that supports the ISCL Transport Connection Profile shall utilize the framework and negotiation mechanism specified by the Integrated Secure Communication Layer, V1.00. An Application Entity shall use ISCL to select the mechanisms specified in Table B.2-1. An Application Entity shall as a minimum use an Entity Authentication mechanism and Data Integrity checks. An Application Entity may optionally use a privacy mechanism.

Table B.2-1. Minimum Mechanisms for ISCL Features

Supported ISCL Feature

Minimum Mechanism

Entity Authentication

Three pass (four-way) authentication(ISO/IEC 9798-2)

Data Integrity

Either MD-5 encrypted with DES,or DES-MAC (ISO 8730)

Privacy

DES (see Note)


Note

The use of DES for privacy is optional for Online Electronic Storage.

For the Data Integrity check, an implementation may either encrypt the random number before applying MD-5, or encrypt the output of MD-5. The order is specified in the protocol. A receiver shall be able to perform the integrity check on messages regardless of the order.

IP ports on which an implementation accepts ISCL connections, or the mechanism by which this port number is selected or configured, shall be specified in the Conformance Statement. This port shall be different from ports used for other types of transport connections (secure or unsecure).

Note

It is strongly recommended that systems supporting the ISCL Secure Transport Connection Profile use as their port the registered port number "2761 dicom-iscl" for the DICOM Upper Layer Protocol on ISCL.

The Conformance Statement shall also indicate what mechanisms the implementation supports for Key Management.

The profile does not specify how an ISCL Secure Transport Connection is established. This issue is left up to the Application Entity, which presumably is following some site specified security policy. Once the Application Entity has established a Secure Transport Connection, then an Upper Layer Association can use that secure channel.

Note

There may be an interaction between PDU size and ISCL record size that impacts efficiency of transport.

When an integrity check fails, the connection shall be dropped, per the ISCL protocol, causing both the sender and the receiver to issue an A-P-ABORT indication to the upper layers with an implementation-specific provider reason. The provider reason used shall be documented in the conformance statement.

Note

An integrity check failure indicates that the security of the channel may have been compromised.

DICOM PS3.15 2017d - Security and System Management Profiles