poster

Medical Protocol Security: DICOM Vulnerability Mining Based on Fuzzing Technology

Authors:

Qixu LiuAuthors Info & Claims

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Pages 2549 - 2551

https://doi.org/10.1145/3319535.3363253

Published: 06 November 2019 Publication History

Get Access

Abstract

DICOM is an international standard for medical images and related information, and is a medical image format that can be used for data exchange. The agreement is widely used in medical fields such as radiology and cardiovascular imaging. However, since DICOM libraries have less security considerations in protocol implementation, they have a large number of security risks. Aiming at the security issue of DICOM libraries, the paper conducts research on vulnerability mining technology for DICOM open source libraries, proposes a vulnerability mining framework based on Fuzzing technology, and implements a prototype system named DICOM-Fuzzer, which includes initialization, test case generation, automatic test, exception monitoring and other modules. Finally, the open source library DCMTK was selected for testing, and it was found that data overflow would occur when the content of the received file was greater than 7080 lines. Found that there is a vulnerability that causes the PACS system to refuse service. In conclusion, the DICOM protocol does have risks, and its information security needs to be further improved.

References

[1]

Duggal A. 2017. HL7 2.X Security. In The 8th Annual HITB Security Conference.

Google Scholar

[2]

Mike Aizatsky, Kostya Serebryany, Oliver Chang, Abhishek Arya, and Meredith Whittaker. 2016. Announcing oss-fuzz: Continuous fuzzing for open source software. Google Testing Blog (2016).

Google Scholar

[3]

Chen Chen, Baojiang Cui, Jinxin Ma, Runpu Wu, Jianchao Guo, and Wenqian Liu. 2018. A systematic review of fuzzing techniques. Computers & Security, Vol. 75 (2018), 118--137.

Crossref

Google Scholar

[4]

Akram Farhadi and Maryam Ahmadi. 2013. The Information Security Needs in Radiological Information Systems-an Insight on State Hospitals of Iran, 2012. Journal of digital imaging, Vol. 26, 6 (2013), 1040--1044.

Crossref

Google Scholar

[5]

Shuitao Gan, Chao Zhang, Xiaojun Qin, Xuwen Tu, Kang Li, Zhongyu Pei, and Zuoning Chen. 2018. Collafl: Path sensitive fuzzing. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 679--696.

Crossref

Google Scholar

[6]

Eichelberg M Onken M. 2011. Digital Imaging and Communications in Medicine .Digital Imaging and Communications in Medicine (DICOM).

Google Scholar

[7]

Food US and Administration Drug. 2013. Content of premarket submissions for management of cybersecurity in medical devices: draft guidance for industry and food and drug administration staff. Retrieved May, Vol. 1 (2013), 2014.

Google Scholar

Cited By

View all

Affia AFinch HJung WSamori IPotter LPalmer X(2023)IoT Health Devices: Exploring Security Risks in the Connected LandscapeIoT10.3390/iot40200094:2(150-182)Online publication date: 25-May-2023
https://doi.org/10.3390/iot4020009
Karagiannis SMagkos ENtantogian CCabecinha RFotis T(2023)Cybersecurity and Medical Imaging: A Simulation-Based Approach to DICOM CommunicationApplied Sciences10.3390/app13181007213:18(10072)Online publication date: 6-Sep-2023
https://doi.org/10.3390/app131810072
Saatjohann CIsing FGierlings MNoss DSchimmler SKlemm AGrundmann LFrosch TSchinzel S(2022)Sicherheit medizintechnischer Protokolle im KrankenhausDatenschutz und Datensicherheit - DuD10.1007/s11623-022-1603-x46:5(276-283)Online publication date: 11-May-2022
https://doi.org/10.1007/s11623-022-1603-x
Show More Cited By

Index Terms

Medical Protocol Security: DICOM Vulnerability Mining Based on Fuzzing Technology
1. Networks
  1. Network protocols
    1. Protocol correctness
      1. Protocol testing and verification

Recommendations

Do we need a holistic approach for the design of secure IoT systems?
CF'17: Proceedings of the Computing Frontiers Conference

In this paper, four cryptography and security experts point out to future research directions in internet-of-things (IoT) security. Coming from different research domains, the experts address a broad range of issues related to IoT security. In ...
Overview of Internet of Medical Things Security Based on Blockchain Access Control

The Internet of Things provides convenience to health systems, especially for remote monitoring of patient physical indicators. While providing convenience, there may be more security vulnerabilities in protecting patient and doctor information and ...
Denial of service attacks, defences and research challenges

This paper presents a review of current denial of service (DoS) attack and defence concepts, from a theoretical ad practical point of view. Seriousness of DoS attacks is tangible and they present one of the most significant threats to assurance of ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

November 2019

2755 pages

ISBN:9781450367479

DOI:10.1145/3319535

General Chairs:
Lorenzo Cavallaro
King's College London, UK
,
Johannes Kinder
Bundeswehr University Munich, Germany
,
Program Chairs:
XiaoFeng Wang
Indiana University, USA
,
Jonathan Katz
George Mason University, USA

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 November 2019

Check for updates

Author Tags

Qualifiers

Poster

Funding Sources

key laboratory of network assessment technology of Institute of Information Engineering, Chinese Academy of Sciences
the Fundamental Research Funds for the Central Universities
Special fund on education and teaching reform of Besti
the National Key Research and Development Plan
Key Lab of Information Network Security, Ministry of Public Security

Conference

CCS '19

Sponsor:

SIGSAC

CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security

November 11 - 15, 2019

London, United Kingdom

Acceptance Rates

CCS '19 Paper Acceptance Rate 149 of 934 submissions, 16%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
423
Total Downloads

Downloads (Last 12 months)35
Downloads (Last 6 weeks)2

Reflects downloads up to 13 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Affia AFinch HJung WSamori IPotter LPalmer X(2023)IoT Health Devices: Exploring Security Risks in the Connected LandscapeIoT10.3390/iot40200094:2(150-182)Online publication date: 25-May-2023
https://doi.org/10.3390/iot4020009
Karagiannis SMagkos ENtantogian CCabecinha RFotis T(2023)Cybersecurity and Medical Imaging: A Simulation-Based Approach to DICOM CommunicationApplied Sciences10.3390/app13181007213:18(10072)Online publication date: 6-Sep-2023
https://doi.org/10.3390/app131810072
Saatjohann CIsing FGierlings MNoss DSchimmler SKlemm AGrundmann LFrosch TSchinzel S(2022)Sicherheit medizintechnischer Protokolle im KrankenhausDatenschutz und Datensicherheit - DuD10.1007/s11623-022-1603-x46:5(276-283)Online publication date: 11-May-2022
https://doi.org/10.1007/s11623-022-1603-x
Natella RPham VCadar CZhang X(2021)ProFuzzBench: a benchmark for stateful protocol fuzzingProceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3460319.3469077(662-665)Online publication date: 11-Jul-2021
https://dl.acm.org/doi/10.1145/3460319.3469077
Wang ZMa PZou XZhang JYang T(2020)Security of Medical Cyber-physical Systems: An Empirical Study on Imaging DevicesIEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)10.1109/INFOCOMWKSHPS50562.2020.9162769(997-1002)Online publication date: Jul-2020
https://doi.org/10.1109/INFOCOMWKSHPS50562.2020.9162769

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Do we need a holistic approach for the design of secure IoT systems?

Overview of Internet of Medical Things Security Based on Blockchain Access Control

Denial of service attacks, defences and research challenges