Embed Size (px)
Citation preview
11
The e-Logistics of Securing The e-Logistics of Securing Distributed Medical DataDistributed Medical Data
Andrew M. SnyderAndrew M. Snyder
Alfred C. WeaverAlfred C. Weaver
22
Medical Data Portal Web Services
AuthorizationService
AuthenticationService
Electronic Patient Record
2
3
9
10
11
12
RuleEngines
1
46
7
5
8
Medical Data AccessMedical Data Access
33
IssueIssueHIPAA requires that electronic medical data HIPAA requires that electronic medical data by encrypted when stored or transmittedby encrypted when stored or transmitted
This is not an issue for a single x-rayThis is not an issue for a single x-ray
But U. Virginia radiology does 380,000 But U. Virginia radiology does 380,000 examinations per year and generates 9 TB of examinations per year and generates 9 TB of data annuallydata annually
What is the workflow impact of encrypting What is the workflow impact of encrypting and decrypting data (especially images) and decrypting data (especially images) every time they are touched?every time they are touched?
44
Encryption IssuesEncryption Issues
Symmetric keySymmetric key– DES, 3DES, AES, othersDES, 3DES, AES, others
Public keyPublic key– RSARSA
Key lengthKey length
Key managementKey management
Managed vs. unmanaged codeManaged vs. unmanaged code
Workflow impactWorkflow impact
55
Managed vs. Unmanaged CodeManaged vs. Unmanaged Code
Unmanaged codeUnmanaged codenative codenative code
optimized for a device/platformoptimized for a device/platform
advantage: fastadvantage: fast
Managed codeManaged codeexecuted inside a containerexecuted inside a container
translated at runtimetranslated at runtime
provides memory managementprovides memory management
provides garbage collectionprovides garbage collection
advantages: safe, secure, portableadvantages: safe, secure, portable
66
Rationale for New MeasurementsRationale for New Measurements
No published body of performance No published body of performance measurements for .NET cryptographic servicesmeasurements for .NET cryptographic services
No published understanding of the costs of No published understanding of the costs of managed code (e.g., C#, Java)managed code (e.g., C#, Java)
No insight into how HIPAA's encryption No insight into how HIPAA's encryption requirement will impact an academic radiology requirement will impact an academic radiology departmentdepartment
77
Performance MeasurementsPerformance Measurements
TestbedTestbed– ComputerComputer
Visual Studio .NET 2003Visual Studio .NET 2003
3 GHz Pentium 43 GHz Pentium 4
Windows XPWindows XP
– Files (1 B, 1 MB, 3 MB, 68 MB)Files (1 B, 1 MB, 3 MB, 68 MB)– Algorithms and keysAlgorithms and keys
DES: 64 bitsDES: 64 bits
3DES: 128 and 192 bits3DES: 128 and 192 bits
AES: 128, 192, and 256 bitsAES: 128, 192, and 256 bits
RSA: 512 and 1024 bitsRSA: 512 and 1024 bits
88
Performance MeasurementsPerformance MeasurementsRSA vs. Other Algorithms
Using Polynomial Fitted Lines (n=2)3 GHz Pentium 4
0
20
40
60
80
100
120
0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5
File Size (106 Bytes)
Tim
e (
s)
DES, 3DES and AES
RSA - 512 bit Encryption
RSA - 512 bit Decryption
RSA - 1024 bit Encryption
RSA - 1024 bit Decryption
99
Performance MeasurementsPerformance MeasurementsEncryption and Decryption AveragesUsing Polynomial Fitted Lines (n=2)
3 GHz Pentium 4
0
2
4
6
8
10
12
14
0 10 20 30 40 50 60 70
File Size (106 Bytes)
Tim
e (
s)
DES - 56 bit3DES - 112 bit3DES - 168 bitAES - 128 bitAES - 192 bitAES - 256 bit
1010
Performance MeasurementsPerformance Measurements
Throughputs – 3 GHzThroughputs – 3 GHz– SymmetricSymmetric
Percent ofAlgorithm MB/s Fastest AlgorithmDES 64-bit 8.10 100.00%AES 128-bit 7.08 87.40%3DES 128-bit 6.90 85.15%3DES 192-bit 6.80 84.01%AES 192-bit 6.52 80.54%AES 256-bit 6.10 75.28%
– Public KeyPublic Key
Percent of Percent ofEncryption MB/s Fastest Algorithm Decryption MB/s Fastest AlgorithmRSA 512-bit 0.90 11.11% RSA 512-bit 0.11 1.36%RSA 1024-bit 0.62 10.17% RSA 1024-bit 0.04 0.49%
1111
Performance MeasurementsPerformance Measurements
AnalysisAnalysis– Curious how much of the performance was Curious how much of the performance was
due to the encryption vs. how much was due due to the encryption vs. how much was due to system overhead (e.g., file system)to system overhead (e.g., file system)
Repeated study on a slower machineRepeated study on a slower machine– 600 MHz Pentium 3600 MHz Pentium 3– Windows XPWindows XP
1212
Performance MeasurementsPerformance MeasurementsEncryption and Decryption AveragesUsing Polynomial Fitted Lines (n=2)
600 MHz Pentium 3
0
10
20
30
40
50
60
0 10 20 30 40 50 60 70
File Size (106 Bytes)
Tim
e (
s)
DES - 56 bit3DES - 112 bit3DES - 168 bitAES - 128 bitAES - 192 bitAES - 256 bit
1313
Performance MeasurementsPerformance Measurements
Throughputs – 600 MHzThroughputs – 600 MHz– SymmetricSymmetric
Percent ofAlgorithm MB/s Fastest AlgorithmDES 64-bit 2.45 100.00%AES 128-bit 1.71 69.90%3DES 192-bit 1.67 68.21%3DES 128-bit 1.67 68.04%AES 192-bit 1.52 62.06%AES 256-bit 1.39 56.74%
– Public KeyPublic Key
Percent of Percent ofEncryption MB/s Fastest Algorithm Decryption MB/s Fastest AlgorithmRSA 512-bit 0.28 11.42% RSA 512-bit 0.03 1.22%RSA 1024-bit 0.21 8.57% RSA 1024-bit 0.01 0.41%
1414
RecommendationsRecommendations
Use managed code (C#)Use managed code (C#)Use AES with 256-bit keysUse AES with 256-bit keys
RationaleRationale– code safetycode safety– modularity of encryption servicemodularity of encryption service– suitability as a web service in .NETsuitability as a web service in .NET– AES-256 performance was within 20% of DESAES-256 performance was within 20% of DES– exponentially more secure than any other algorithmexponentially more secure than any other algorithm– protection against the unknown (e.g., progress in protection against the unknown (e.g., progress in
quantum computing)quantum computing)
1515
Workflow ModelWorkflow Model
Department of Radiology ModelDepartment of Radiology Model
Data
Data
Reports
DICOMWorklist
HL7HL7
PatientsHospital
RegistrationSystem
ExamScheduleSystem
ImageModality
RISHIS
DICOMGateway
ReportingSystem
Workstation
PACSArchive
RelationalDatabase
HL7 HL7
HL7HL7
HL7Reports
DICOM
DICOM
1616
Workflow ModelWorkflow Model
Involved StepsInvolved Steps
Steps Description A Patient Registration by hospital registration system B Notify HIS of patient and data using Health Level 7 (HL7) C Schedule exam and notify RIS D Patient data to RIS and to PACS archive E DICOM worklist to image modality F Conduct patient exam G Patient image data to gateway using DICOM H Relational data to gateway (required prior images) I DICOM image data from gateway to PACS archive J DICOM image data to workstation from PACS archive K Patient report generated in reporting system L Patient report send to RIS from reporting system M Patient report sent from RIS to HIS
1717
Workflow ModelWorkflow Model
ResourcesResources
Resource Description R1 Hospital Registration System R2 HIS (Hospital Information System) R3 RIS (Radiology Information System) R4 Examination Schedule System R5 HL7 Communications for Text Data R6 DICOM Communications for Image Data R7 Image Modality Unit R8 DICOM Gateway R9 Relational Database R10 PACS Archive R11 Workstation R12 Reporting System R13 Encryption/Decryption Application
1818
Workflow ModelWorkflow Model
Bottleneck Table – From Resource Allocation TableBottleneck Table – From Resource Allocation Table
Bottleneck Equation B1 1 / (T1 + T2) B2 1 / (T2 + T4 + T13) B3 1 / (T3 + T4 + T5 + T12 + T13) B4 1 / (T3) B5 1 / (T2 + T3 + T4 + T12 + T13) B6 1 / (T5 + T7 + T8 + T9 + T10) B7 1 / (T5 + T6 + T7) B8 1 / (T7 + T8 + T9) B9 1 / (T8) B10 1 / (T4 + T9 + T10) B11 1 / (T10) B12 1 / (T11 + T12) B13 1 / (T4 + T7 + T8 + T9 + T10)
1919
Workflow ModelWorkflow Model
Bottleneck CalculationBottleneck Calculation– was Bwas B77, the Image Modality Unit, the Image Modality Unit
Bottleneck Equation Without Encryption With Encryption B1 1 / (T1 + T2) 3.98 3.98 B2 1 / (T2 + T4 + T13) 79.92 78.26 B3 1 / (T3 + T4 + T5 + T12 + T13) 32.73 32.43 B4 1 / (T3) 120.00 120.00 B5 1 / (T2 + T3 + T4 + T12 + T13) 34.29 33.96 B6 1 / (T5 + T7 + T8 + T9 + T10) 5.37 3.96 B7 1 / (T5 + T6 + T7) 2.59 2.48 B8 1 / (T7 + T8 + T9) 6.67 5.00 B9 1 / (T8) 20.00 15.00 B10 1 / (T4 + T9 + T10) 11.61 8.35 B11 1 / (T10) 30.00 20.00 B12 1 / (T11 + T12) 24.00 24.00 B13 1 / (T4 + T7 + T8 + T9 + T10) N/A 3.95
Throughput Throughput Patients/HrPatients/Hr
2020
Workflow ModelWorkflow Model
Throughput ResultsThroughput Results– Sequential Patient ModelSequential Patient Model
7% Performance Degradation7% Performance Degradation
– Highly Concurrent Patient ModelHighly Concurrent Patient Model5% Performance Degradation5% Performance Degradation
Reassuring to determine that HIPAA's impact is Reassuring to determine that HIPAA's impact is modestmodestPossible to recover throughput through other Possible to recover throughput through other optimizations in patient flowoptimizations in patient flow
2121
Workflow ModelWorkflow Model
BoundsBounds– Infinite ResourcesInfinite Resources
N / (TN / (Tee + T + Tss))
– Bottleneck LimitBottleneck Limit1 / T1 / Tbb
– Upper BoundUpper BoundN / (TN / (Tee + T + Tss + (N – 1) * T + (N – 1) * Tbb))
– Lower BoundLower Bound1 / (T1 / (Tee + T + Tss))
TTee = Time Spent Encrypting = Time Spent Encrypting
TTss = Total System Time – T = Total System Time – Tee
TTbb = Time Spent on = Time Spent on
Bottleneck StepBottleneck Step
2222
Workflow ModelWorkflow ModelSystem with EncryptionSystem with Encryption
2323
SummarySummaryImpact of HIPAA's encryption requirements were Impact of HIPAA's encryption requirements were initially unknowninitially unknown
Suitability of web services approach untestedSuitability of web services approach untested
Public key algorithm (RSA) unsuitablePublic key algorithm (RSA) unsuitable
Three symmetric key algorithms (DES, 3DES, AES) Three symmetric key algorithms (DES, 3DES, AES) were all suitablewere all suitable
AES-256 encrypts a 500-slice MR file of 68 MB in 12 AES-256 encrypts a 500-slice MR file of 68 MB in 12 seconds on a 3 GHz Pentium 4seconds on a 3 GHz Pentium 4
Workflow model using AES-256 predicts a patient Workflow model using AES-256 predicts a patient throughput reduction of 5-7%throughput reduction of 5-7%
Now have an understanding of workflow and where Now have an understanding of workflow and where to optimizeto optimize
2424
AcknowledgementsAcknowledgements
Funding for this work is provided by:Funding for this work is provided by:
David Ladd and Tom HealyUniversity Research Program
Microsoft ResearchMicrosoft Corporation
