skip to main content
10.1145/3465481.3470072acmotherconferencesArticle/Chapter ViewAbstractPublication PagesaresConference Proceedingsconference-collections
research-article

Risks and Opportunities for Information Hiding in DICOM Standard

Published: 17 August 2021 Publication History

Abstract

The increasing application of ICT technologies to medicine opens new usage patterns. Among the various standards, the Digital Imaging and COmmunication in Medicine (DICOM) has been gaining momentum, mainly due to its complete coverage of the diagnostic pipeline, including key applications such as CT, MRI and ultrasound scanners. However, owing to its complex and multifaceted nature, DICOM is prone to many risks especially due to the vast and complex attack surface characterizing the composite interplay of services, formats and technologies at the basis of the standard. Luckily, DICOM exhibits some room for improving its security. Specifically, information hiding and steganography can be used in a twofold manner. On one hand, they can help to watermark diagnostic images to improve their resistance against tampering and alterations. On the other hand, the digital infrastructure at the basis of DICOM can lead to data leaks or malicious manipulations via artificial intelligence techniques. Therefore, in this work we introduce risks and opportunities when applying information-hiding-based techniques to the DICOM standard. Our investigation highlights some opportunities as well as introduces possibilities of exploiting DICOM images to set up covert channels, i.e., hidden communication paths that can be used to exfiltrate data or launch attacks. To prove the effectiveness of our vision, this paper also showcases the performance evaluation of a covert channel built by applying text steganography principles on realistic DICOM images.

References

[1]
[1] M. M. Abd-Eldayem: ” A proposed security technique based on watermarking and encryption for digital imaging and communications in medicine,” Egyptian Informatics Journal 14, pp. 1-13, 2013.
[2]
[2] R. Bala Krishnan, N. Rajesh Kumar, N.R. Raajan, et al.: “ An Approach for Attaining Content Confidentiality on Medical Images Through Image Encryption with Steganography,” Wireless Personal Communications, 2021.
[3]
[3] C. Beek: “McAfee Researchers Find Poor Security Exposes Medical Data to Cybercriminals,” McAfee blogs. https://securingtomorrow.mcafee.com/otherblogs/mcafee-labs/mcafee-researchers-findpoor-security-exposes-medical-data-tocybercriminals/, 2021. (Accessed on 17/02/2021).
[4]
[4] F. Cao, H.K. Huang, X.Q. Zhou: “Medical image security in a HIPAA mandated PACS environment,” Computerized Medical Imaging and Graphics 27, pp 185-196, 2003.
[5]
[5] L. Caviglione, M. Choras, I. Corona, A. Janicki, W. Mazurczyk, M. Pawlicki, K. Wasielewska, “Tight Arms Race: Overview of Current Malware Threats and Trends in Their Detection”, IEEE Access, Vol. 9, pp. 5371-5396, December 2020.
[6]
[6] A. Duggal: “Is There a Doctor in The House? Hacking Medical Devices and Healthcare Infrastructure,” HITBSecConf 2017.
[7]
[7] G. Hatzivasilis, O. Soultatos, S. Ioannidis, C. Verikoukis, G. Demetriou and C. Tsatsoulis, “Review of Security and Privacy for the Internet of Medical Things”, Proc. of the 15th International Conference on Distributed Computing in Sensor Systems, pp. 457-464, 2019.
[8]
[8] P. L. K. Mantos, I. Maglogiannis: “Sensitive Patient Data Hiding using a ROI Reversible Steganography Scheme for DICOM Images,” J Med Syst, pp. 40-156, DOI 10.1007/s10916-016-0514-5, 2016.
[9]
[9] W. Mazurczyk, L. Caviglione, “Steganography in Modern Smartphones and Mitigation Techniques,” IEEE Communications Surveys & Tutorials, Vol. 17, No. 1, pp. 334-357, First Quarter 2015.
[10]
[10] Y. Mirsky, T. Mahler, I. Shelef, Y. Elovici: “CT-GAN: Malicious Tampering of 3D Medical Imagery using Deep Learning,” in Proceedings of the 28th USENIX Conference on Security Symposium, pp. 461-478, 2019.
[11]
[11] M. P. Ortiz (d00rt): “Attacking Digital Imaging and Communication in Medicine (DICOM) file format standard,”. https://github.com/d00rt/pedicom/doc.
[12]
[12] O. S. Pianykh: “Digital Imaging and Communications in Medicine (DICOM): A Practical Introduction and Survival Guide,” 2nd Edition, Springer-Verlag Berlin Heidelberg 2012.
[13]
[13] R. Rodriguez-Colin, F.-U. Claudia, G. de J. Trinidad-Blas: “Data Hiding Scheme for Medical Images,”in International Conference on Electronics, Communications, and Computers, pp 32, IEEE, 2007.
[14]
[14] C. K. Tan, J. C. Ng, X. Xu, C. L. Poh, Y. L. Guan, K. Sheah: “Security Protection of DICOM Medical Images Using Dual-Layer Reversible Watermarking with Tamper Detection Capability,” Journal of Digital Imaging 24 (3), pp 528-540. 2011.
[15]
[15] A. Razaque, F. Amsaad, M. J. Khan, S. Hariri, S. Chen, C. Siting, X. Ji, “Survey: Cybersecurity Vulnerabilities, Attacks and Solutions in the Medical Domain,´´ IEEE Access, Vol. 7, pp. 168774-168797, 2019.
[16]
[16] A. P. Reeves, A. M. Biancardi, D. Yankelevitz, S. Fotin, B. M. Keller, A. Jirapatnakul, J. Lee. ”A Public Image Database to Support Research in Computer Aided Diagnosis,” In 31st Annual International Conference of the IEEE Engineering in Medicine and Biology Society, pp. 3715-3718, Sept. 2009
[17]
[17] W. Mazurczyk, P. Szary, S. Wendzel, L. Caviglione, “Towards Reversible Storage Network Covert Channels,” in Proc. of the 14th International Conference on Availability, Reliability and Security, pp. 1-8, August 2019.

Cited By

View all
  • (2024)DIMScern: A Framework for Discerning DIMSE Services on Remote Medical DevicesSensors10.3390/s2423747024:23(7470)Online publication date: 22-Nov-2024
  • (2024)DNA-Based Secure Image Transmission Framework Using Encryption and LSB SteganographyRevolutionizing Healthcare: AI Integration with IoT for Enhanced Patient Outcomes10.1007/978-3-031-65022-2_18(315-327)Online publication date: 24-Sep-2024
  • (2022)Information Hiding in the DICOM Message Service and Upper Layer Service with Entropy-Based DetectionEntropy10.3390/e2402017624:2(176)Online publication date: 25-Jan-2022
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security
August 2021
1447 pages
ISBN:9781450390514
DOI:10.1145/3465481
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 August 2021

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Clinical Imaging
  2. Computed Tomography
  3. Digital Imaging
  4. Information Hiding.
  5. IoT
  6. Magnetic Resonance Imaging
  7. PACS
  8. Text Steganography
  9. Ultrasound
  10. eHealth

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

ARES 2021

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)49
  • Downloads (Last 6 weeks)6
Reflects downloads up to 19 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)DIMScern: A Framework for Discerning DIMSE Services on Remote Medical DevicesSensors10.3390/s2423747024:23(7470)Online publication date: 22-Nov-2024
  • (2024)DNA-Based Secure Image Transmission Framework Using Encryption and LSB SteganographyRevolutionizing Healthcare: AI Integration with IoT for Enhanced Patient Outcomes10.1007/978-3-031-65022-2_18(315-327)Online publication date: 24-Sep-2024
  • (2022)Information Hiding in the DICOM Message Service and Upper Layer Service with Entropy-Based DetectionEntropy10.3390/e2402017624:2(176)Online publication date: 25-Jan-2022
  • (2022)Performance Impact of Header-Based Network Steganographic CountermeasuresIEEE Access10.1109/ACCESS.2022.320255610(92446-92453)Online publication date: 2022

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media