1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.
-
Upload
vivian-williams -
Category
Documents
-
view
212 -
download
0
Transcript of 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.
![Page 1: 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697c01f1a28abf838cd18e1/html5/thumbnails/1.jpg)
11
The e-Logistics of Securing The e-Logistics of Securing Distributed Medical DataDistributed Medical Data
Andrew M. SnyderAndrew M. Snyder
Alfred C. WeaverAlfred C. Weaver
![Page 2: 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697c01f1a28abf838cd18e1/html5/thumbnails/2.jpg)
22
Medical Data Portal Web Services
AuthorizationService
AuthenticationService
Electronic Patient Record
2
3
9
10
11
12
RuleEngines
1
46
7
5
8
Medical Data AccessMedical Data Access
![Page 3: 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697c01f1a28abf838cd18e1/html5/thumbnails/3.jpg)
33
IssueIssueHIPAA requires that electronic medical data HIPAA requires that electronic medical data by encrypted when stored or transmittedby encrypted when stored or transmitted
This is not an issue for a single x-rayThis is not an issue for a single x-ray
But U. Virginia radiology does 380,000 But U. Virginia radiology does 380,000 examinations per year and generates 9 TB of examinations per year and generates 9 TB of data annuallydata annually
What is the workflow impact of encrypting What is the workflow impact of encrypting and decrypting data (especially images) and decrypting data (especially images) every time they are touched?every time they are touched?
![Page 4: 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697c01f1a28abf838cd18e1/html5/thumbnails/4.jpg)
44
Encryption IssuesEncryption Issues
Symmetric keySymmetric key– DES, 3DES, AES, othersDES, 3DES, AES, others
Public keyPublic key– RSARSA
Key lengthKey length
Key managementKey management
Managed vs. unmanaged codeManaged vs. unmanaged code
Workflow impactWorkflow impact
![Page 5: 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697c01f1a28abf838cd18e1/html5/thumbnails/5.jpg)
55
Managed vs. Unmanaged CodeManaged vs. Unmanaged Code
Unmanaged codeUnmanaged codenative codenative code
optimized for a device/platformoptimized for a device/platform
advantage: fastadvantage: fast
Managed codeManaged codeexecuted inside a containerexecuted inside a container
translated at runtimetranslated at runtime
provides memory managementprovides memory management
provides garbage collectionprovides garbage collection
advantages: safe, secure, portableadvantages: safe, secure, portable
![Page 6: 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697c01f1a28abf838cd18e1/html5/thumbnails/6.jpg)
66
Rationale for New MeasurementsRationale for New Measurements
No published body of performance No published body of performance measurements for .NET cryptographic servicesmeasurements for .NET cryptographic services
No published understanding of the costs of No published understanding of the costs of managed code (e.g., C#, Java)managed code (e.g., C#, Java)
No insight into how HIPAA's encryption No insight into how HIPAA's encryption requirement will impact an academic radiology requirement will impact an academic radiology departmentdepartment
![Page 7: 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697c01f1a28abf838cd18e1/html5/thumbnails/7.jpg)
77
Performance MeasurementsPerformance Measurements
TestbedTestbed– ComputerComputer
Visual Studio .NET 2003Visual Studio .NET 2003
3 GHz Pentium 43 GHz Pentium 4
Windows XPWindows XP
– Files (1 B, 1 MB, 3 MB, 68 MB)Files (1 B, 1 MB, 3 MB, 68 MB)– Algorithms and keysAlgorithms and keys
DES: 64 bitsDES: 64 bits
3DES: 128 and 192 bits3DES: 128 and 192 bits
AES: 128, 192, and 256 bitsAES: 128, 192, and 256 bits
RSA: 512 and 1024 bitsRSA: 512 and 1024 bits
![Page 8: 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697c01f1a28abf838cd18e1/html5/thumbnails/8.jpg)
88
Performance MeasurementsPerformance MeasurementsRSA vs. Other Algorithms
Using Polynomial Fitted Lines (n=2)3 GHz Pentium 4
0
20
40
60
80
100
120
0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5
File Size (106 Bytes)
Tim
e (
s)
DES, 3DES and AES
RSA - 512 bit Encryption
RSA - 512 bit Decryption
RSA - 1024 bit Encryption
RSA - 1024 bit Decryption
![Page 9: 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697c01f1a28abf838cd18e1/html5/thumbnails/9.jpg)
99
Performance MeasurementsPerformance MeasurementsEncryption and Decryption AveragesUsing Polynomial Fitted Lines (n=2)
3 GHz Pentium 4
0
2
4
6
8
10
12
14
0 10 20 30 40 50 60 70
File Size (106 Bytes)
Tim
e (
s)
DES - 56 bit3DES - 112 bit3DES - 168 bitAES - 128 bitAES - 192 bitAES - 256 bit
![Page 10: 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697c01f1a28abf838cd18e1/html5/thumbnails/10.jpg)
1010
Performance MeasurementsPerformance Measurements
Throughputs – 3 GHzThroughputs – 3 GHz– SymmetricSymmetric
Percent ofAlgorithm MB/s Fastest AlgorithmDES 64-bit 8.10 100.00%AES 128-bit 7.08 87.40%3DES 128-bit 6.90 85.15%3DES 192-bit 6.80 84.01%AES 192-bit 6.52 80.54%AES 256-bit 6.10 75.28%
– Public KeyPublic Key
Percent of Percent ofEncryption MB/s Fastest Algorithm Decryption MB/s Fastest AlgorithmRSA 512-bit 0.90 11.11% RSA 512-bit 0.11 1.36%RSA 1024-bit 0.62 10.17% RSA 1024-bit 0.04 0.49%
![Page 11: 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697c01f1a28abf838cd18e1/html5/thumbnails/11.jpg)
1111
Performance MeasurementsPerformance Measurements
AnalysisAnalysis– Curious how much of the performance was Curious how much of the performance was
due to the encryption vs. how much was due due to the encryption vs. how much was due to system overhead (e.g., file system)to system overhead (e.g., file system)
Repeated study on a slower machineRepeated study on a slower machine– 600 MHz Pentium 3600 MHz Pentium 3– Windows XPWindows XP
![Page 12: 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697c01f1a28abf838cd18e1/html5/thumbnails/12.jpg)
1212
Performance MeasurementsPerformance MeasurementsEncryption and Decryption AveragesUsing Polynomial Fitted Lines (n=2)
600 MHz Pentium 3
0
10
20
30
40
50
60
0 10 20 30 40 50 60 70
File Size (106 Bytes)
Tim
e (
s)
DES - 56 bit3DES - 112 bit3DES - 168 bitAES - 128 bitAES - 192 bitAES - 256 bit
![Page 13: 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697c01f1a28abf838cd18e1/html5/thumbnails/13.jpg)
1313
Performance MeasurementsPerformance Measurements
Throughputs – 600 MHzThroughputs – 600 MHz– SymmetricSymmetric
Percent ofAlgorithm MB/s Fastest AlgorithmDES 64-bit 2.45 100.00%AES 128-bit 1.71 69.90%3DES 192-bit 1.67 68.21%3DES 128-bit 1.67 68.04%AES 192-bit 1.52 62.06%AES 256-bit 1.39 56.74%
– Public KeyPublic Key
Percent of Percent ofEncryption MB/s Fastest Algorithm Decryption MB/s Fastest AlgorithmRSA 512-bit 0.28 11.42% RSA 512-bit 0.03 1.22%RSA 1024-bit 0.21 8.57% RSA 1024-bit 0.01 0.41%
![Page 14: 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697c01f1a28abf838cd18e1/html5/thumbnails/14.jpg)
1414
RecommendationsRecommendations
Use managed code (C#)Use managed code (C#)Use AES with 256-bit keysUse AES with 256-bit keys
RationaleRationale– code safetycode safety– modularity of encryption servicemodularity of encryption service– suitability as a web service in .NETsuitability as a web service in .NET– AES-256 performance was within 20% of DESAES-256 performance was within 20% of DES– exponentially more secure than any other algorithmexponentially more secure than any other algorithm– protection against the unknown (e.g., progress in protection against the unknown (e.g., progress in
quantum computing)quantum computing)
![Page 15: 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697c01f1a28abf838cd18e1/html5/thumbnails/15.jpg)
1515
Workflow ModelWorkflow Model
Department of Radiology ModelDepartment of Radiology Model
Data
Data
Reports
DICOMWorklist
HL7HL7
PatientsHospital
RegistrationSystem
ExamScheduleSystem
ImageModality
RISHIS
DICOMGateway
ReportingSystem
Workstation
PACSArchive
RelationalDatabase
HL7 HL7
HL7HL7
HL7Reports
DICOM
DICOM
![Page 16: 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697c01f1a28abf838cd18e1/html5/thumbnails/16.jpg)
1616
Workflow ModelWorkflow Model
Involved StepsInvolved Steps
Steps Description A Patient Registration by hospital registration system B Notify HIS of patient and data using Health Level 7 (HL7) C Schedule exam and notify RIS D Patient data to RIS and to PACS archive E DICOM worklist to image modality F Conduct patient exam G Patient image data to gateway using DICOM H Relational data to gateway (required prior images) I DICOM image data from gateway to PACS archive J DICOM image data to workstation from PACS archive K Patient report generated in reporting system L Patient report send to RIS from reporting system M Patient report sent from RIS to HIS
![Page 17: 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697c01f1a28abf838cd18e1/html5/thumbnails/17.jpg)
1717
Workflow ModelWorkflow Model
ResourcesResources
Resource Description R1 Hospital Registration System R2 HIS (Hospital Information System) R3 RIS (Radiology Information System) R4 Examination Schedule System R5 HL7 Communications for Text Data R6 DICOM Communications for Image Data R7 Image Modality Unit R8 DICOM Gateway R9 Relational Database R10 PACS Archive R11 Workstation R12 Reporting System R13 Encryption/Decryption Application
![Page 18: 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697c01f1a28abf838cd18e1/html5/thumbnails/18.jpg)
1818
Workflow ModelWorkflow Model
Bottleneck Table – From Resource Allocation TableBottleneck Table – From Resource Allocation Table
Bottleneck Equation B1 1 / (T1 + T2) B2 1 / (T2 + T4 + T13) B3 1 / (T3 + T4 + T5 + T12 + T13) B4 1 / (T3) B5 1 / (T2 + T3 + T4 + T12 + T13) B6 1 / (T5 + T7 + T8 + T9 + T10) B7 1 / (T5 + T6 + T7) B8 1 / (T7 + T8 + T9) B9 1 / (T8) B10 1 / (T4 + T9 + T10) B11 1 / (T10) B12 1 / (T11 + T12) B13 1 / (T4 + T7 + T8 + T9 + T10)
![Page 19: 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697c01f1a28abf838cd18e1/html5/thumbnails/19.jpg)
1919
Workflow ModelWorkflow Model
Bottleneck CalculationBottleneck Calculation– was Bwas B77, the Image Modality Unit, the Image Modality Unit
Bottleneck Equation Without Encryption With Encryption B1 1 / (T1 + T2) 3.98 3.98 B2 1 / (T2 + T4 + T13) 79.92 78.26 B3 1 / (T3 + T4 + T5 + T12 + T13) 32.73 32.43 B4 1 / (T3) 120.00 120.00 B5 1 / (T2 + T3 + T4 + T12 + T13) 34.29 33.96 B6 1 / (T5 + T7 + T8 + T9 + T10) 5.37 3.96 B7 1 / (T5 + T6 + T7) 2.59 2.48 B8 1 / (T7 + T8 + T9) 6.67 5.00 B9 1 / (T8) 20.00 15.00 B10 1 / (T4 + T9 + T10) 11.61 8.35 B11 1 / (T10) 30.00 20.00 B12 1 / (T11 + T12) 24.00 24.00 B13 1 / (T4 + T7 + T8 + T9 + T10) N/A 3.95
Throughput Throughput Patients/HrPatients/Hr
![Page 20: 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697c01f1a28abf838cd18e1/html5/thumbnails/20.jpg)
2020
Workflow ModelWorkflow Model
Throughput ResultsThroughput Results– Sequential Patient ModelSequential Patient Model
7% Performance Degradation7% Performance Degradation
– Highly Concurrent Patient ModelHighly Concurrent Patient Model5% Performance Degradation5% Performance Degradation
Reassuring to determine that HIPAA's impact is Reassuring to determine that HIPAA's impact is modestmodestPossible to recover throughput through other Possible to recover throughput through other optimizations in patient flowoptimizations in patient flow
![Page 21: 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697c01f1a28abf838cd18e1/html5/thumbnails/21.jpg)
2121
Workflow ModelWorkflow Model
BoundsBounds– Infinite ResourcesInfinite Resources
N / (TN / (Tee + T + Tss))
– Bottleneck LimitBottleneck Limit1 / T1 / Tbb
– Upper BoundUpper BoundN / (TN / (Tee + T + Tss + (N – 1) * T + (N – 1) * Tbb))
– Lower BoundLower Bound1 / (T1 / (Tee + T + Tss))
TTee = Time Spent Encrypting = Time Spent Encrypting
TTss = Total System Time – T = Total System Time – Tee
TTbb = Time Spent on = Time Spent on
Bottleneck StepBottleneck Step
![Page 22: 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697c01f1a28abf838cd18e1/html5/thumbnails/22.jpg)
2222
Workflow ModelWorkflow ModelSystem with EncryptionSystem with Encryption
![Page 23: 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697c01f1a28abf838cd18e1/html5/thumbnails/23.jpg)
2323
SummarySummaryImpact of HIPAA's encryption requirements were Impact of HIPAA's encryption requirements were initially unknowninitially unknown
Suitability of web services approach untestedSuitability of web services approach untested
Public key algorithm (RSA) unsuitablePublic key algorithm (RSA) unsuitable
Three symmetric key algorithms (DES, 3DES, AES) Three symmetric key algorithms (DES, 3DES, AES) were all suitablewere all suitable
AES-256 encrypts a 500-slice MR file of 68 MB in 12 AES-256 encrypts a 500-slice MR file of 68 MB in 12 seconds on a 3 GHz Pentium 4seconds on a 3 GHz Pentium 4
Workflow model using AES-256 predicts a patient Workflow model using AES-256 predicts a patient throughput reduction of 5-7%throughput reduction of 5-7%
Now have an understanding of workflow and where Now have an understanding of workflow and where to optimizeto optimize
![Page 24: 1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697c01f1a28abf838cd18e1/html5/thumbnails/24.jpg)
2424
AcknowledgementsAcknowledgements
Funding for this work is provided by:Funding for this work is provided by:
David Ladd and Tom HealyUniversity Research Program
Microsoft ResearchMicrosoft Corporation