Abstract
In recent years, the medical equipment and related information systems show the characteristics of mobility, networking, intelligence. At the same time, security incidents caused by medical equipment emerge in an endless stream, which brings a huge threat to the information security of users and causes serious harm. Most medical devices use open source protocol library, which brings great security risks to the digitalization and informatization of medical devices. Therefore, in the face of growing security threats and challenges, it is urgent to study the security of medical equipment. In this paper, the vulnerability mining of DICOM was studied, the most commonly used communication standard for high-performance medical devices, and a vulnerability mining model based on Fuzzing technology was proposed. This model constructed a vulnerability mining environment by simulating PACS system, and implemented a prototype system DICOM-Fuzzer. The system includes initialization, test case generation and other modules, which can complete large-scale automatic testing and exception monitoring. Then, three different versions of the open source library were selected to test the 1000 test cases generated respectively. It was found that when the received file data was greater than 7080 lines, the overflow would occur, resulting in the denial of service of the system. Finally, the security suggestions and repair measures were put forward, and the future research was described.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Duggal, A.: Hl7 2.x security. In: The 8th Annual HITB Security Conference (2017)
Blazona, B., Koncar, M.: Hl7 and DICOM based integration of radiology departments with healthcare enterprise information systems. Int. J. Med. Inform. 76, S425–S432 (2007)
Chen, Y., Wang, Z.: Progress in fuzzy testing. Comput. Appl. Softw. 28(7), 291–293 (2011)
Dolin, R.H., et al.: Hl7 clinical document architecture, release 2. J. Am. Med. Inform. Assoc. 13(1), 30–39 (2006)
Farhadi, A., Ahmadi, M.: The information security needs in radiological information systems–an insight on state hospitals of Iran, 2012. J. Digit. Imaging 26(6), 1040–1044 (2013)
Gutiérrez-MartÃnez, J., Núñez-Gaona, M.A., Aguirre-Meneses, H.: Business model for the security of a large-scale PACS, compliance with ISO/27002: 2013 standard. J. Digit. Imaging 28(4), 481–491 (2015)
Hasman, A., et al.: Hl7 RIM: an incoherent standard. In: Ubiquity: Technologies for Better Health in Aging Societies, Proceedings of Mie 2006, vol. 124, p. 133 (2006)
Liu, Q., Zhang, Y.: TFTP vulnerability mining technology based on fuzzing. Comput. Eng. 33(20), 142–144 (2007)
Luo, Y.: Design and implementation of network security vulnerability scanning system. Ph.D. thesis, National University of Defense Science and Technology, ChangSha (2007)
Elrod, T., Morris, S.: I’m not a doctor but i play one on your network (2011)
Nagy, P., Bowers, G., Reiner, B.I., Siegel, E.L.: Defining the pacs profession: an initial survey of skills, training, and capabilities for PACS administrators. J. Digit. Imaging 18(4), 252–259 (2005)
Pianykh, O.S.: Digital Imaging and Communications in Medicine (DICOM): A Practical Introduction and Survival Guide. Springer, Heidelberg (2009)
US Food and Drug Administration: Content of premarket submissions for management of cybersecurity in medical devices: draft guidance for industry and food and drug administration staff (2013). Accessed 1 May 2014
Vossberg, M., Tolxdorff, T., Krefting, D.: DICOM image communication in globus-based medical grids. IEEE Trans. Inf. Technol. Biomed. 12(2), 145–153 (2008)
Wiese, M., Beck, K., Tschöpel, E., Reindl, P., Carl, P.: PACS-picture archiving and communication system. Der Urologe B 39(3), 237–244 (1999)
Xu, Y.: Research and implementation of fuzzing test technology for streaming media protocol. Ph.D. thesis, Beijing University of Posts and Telecommunications (2009)
Zhang, B., Zhang, Y., Xu, Y.: Exploring network protocol vulnerabilities based on fuzzy testing. J. Tsinghua Univ.: Nat. Sci. Ed. S2, 2113–2118 (2009)
Zhang, G., Shi, X., Li, R., Ren, J.: Fuzzy test optimization scheme for NFC protocol. Hebei Ind. Sci. Technol. 34(3), 155–161 (2017)
Zhang, X., He, Y.: Overview of software testing methods. Sci-tech horizon (4), 35–37 (2012)
Zhang, Y., Wang, Z., Liu, Q., Lou, J., Yao, D.: Research progress and development trend of near-field communication technology security. J. Comput. Sci. 39(6), 1190–1207 (2016)
Zhuang, T.: The Application of Computer in Biomedicine. Science Press, Beijing (2000)
Zou, Q., et al.: From automation to intelligence: advances in software vulnerability mining technology (2018)
Acknowledgments
This research was financially supported by the National Key Research and Development Plan (2018YFB1004101), Key Lab of Information Network Security, Ministry of Public Security (C19614), Special fund on education and teaching reform of Besti (jy201805), the Fundamental Research Funds for the Central Universities (328201804, 328201910), key laboratory of network assessment technology of Institute of Information Engineering, Chinese Academy of Sciences.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Wang, Z. et al. (2020). DICOM-Fuzzer: Research on DICOM Vulnerability Mining Based on Fuzzing Technology. In: Gao, H., Feng, Z., Yu, J., Wu, J. (eds) Communications and Networking. ChinaCom 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 312. Springer, Cham. https://doi.org/10.1007/978-3-030-41114-5_38
Download citation
DOI: https://doi.org/10.1007/978-3-030-41114-5_38
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-41113-8
Online ISBN: 978-3-030-41114-5
eBook Packages: Computer ScienceComputer Science (R0)