Abstract: The expense of storing and maintaining the huge medical image data in traditional PACS（Picture Archiving and Communication System） gets costly, and image data transmitted through DICOM protocol can be easily attacked by hacker, resulting in some security issues such as data being illegally usurped and patient privacy being leaked. A cloud-based PACS model is proposed to meet the requirements of data storage, maintenance and transmission security combined with the strength of cloud computing technique. Unified identity authentication framework is designed based on two kinds of hybrid authentication modes which are the USB Key identity strong authentication scheme and the SSL identity common authentication scheme. Security analysis shows that the proposed unified identity authentication framework not only can ensure data privacy, authenticity and integrity but also can resist man-in-the-middle attack, replay attack and dictionary attack. It is proven that unified identity authentication framework has the ability to secure DICOM protocol communication of cloud-based PACS.

Key words: cloud-based Picture Archiving and Communication System（PACS）, Digital Imaging Communication in Medicine（DICOM） protocol security, USB Key identity authentication, SSL identity authentication

摘要： 传统的PACS系统存储和维护海量医疗影像数据成本高昂，且经由DICOM协议传输的影像数据容易遭到黑客攻击，造成数据被非法篡取、病人隐私泄露等数据安全性问题。提出一种PACS云服务模型以满足数据存储、维护、安全传输等需求。设计的统一身份认证框架采用基于USB Key强身份认证方案和基于SSL通用身份认证方案两种混合验证模式，经过安全性分析表明，此框架能够保证数据的秘密性、认证性和完整性，并能抵御常见的中间人攻击、重放攻击和字典攻击，有效确保云PACS系统中DICOM协议安全通信。

关键词: 云影像归档和通信系统（PACS）, DICOM协议安全, USB Key身份认证, SSL身份认证