Skip to main content
SpringerLink
Log in
Book cover

International Conference on Communications and Networking in China

ChinaCom 2019: Communications and Networking pp 509–524Cite as

DICOM-Fuzzer: Research on DICOM Vulnerability Mining Based on Fuzzing Technology

  • Conference paper
  • First Online:

Abstract

In recent years, the medical equipment and related information systems show the characteristics of mobility, networking, intelligence. At the same time, security incidents caused by medical equipment emerge in an endless stream, which brings a huge threat to the information security of users and causes serious harm. Most medical devices use open source protocol library, which brings great security risks to the digitalization and informatization of medical devices. Therefore, in the face of growing security threats and challenges, it is urgent to study the security of medical equipment. In this paper, the vulnerability mining of DICOM was studied, the most commonly used communication standard for high-performance medical devices, and a vulnerability mining model based on Fuzzing technology was proposed. This model constructed a vulnerability mining environment by simulating PACS system, and implemented a prototype system DICOM-Fuzzer. The system includes initialization, test case generation and other modules, which can complete large-scale automatic testing and exception monitoring. Then, three different versions of the open source library were selected to test the 1000 test cases generated respectively. It was found that when the received file data was greater than 7080 lines, the overflow would occur, resulting in the denial of service of the system. Finally, the security suggestions and repair measures were put forward, and the future research was described.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Duggal, A.: Hl7 2.x security. In: The 8th Annual HITB Security Conference (2017)

    Google Scholar 

  2. Blazona, B., Koncar, M.: Hl7 and DICOM based integration of radiology departments with healthcare enterprise information systems. Int. J. Med. Inform. 76, S425–S432 (2007)

    Article  Google Scholar 

  3. Chen, Y., Wang, Z.: Progress in fuzzy testing. Comput. Appl. Softw. 28(7), 291–293 (2011)

    Google Scholar 

  4. Dolin, R.H., et al.: Hl7 clinical document architecture, release 2. J. Am. Med. Inform. Assoc. 13(1), 30–39 (2006)

    Article  Google Scholar 

  5. Farhadi, A., Ahmadi, M.: The information security needs in radiological information systems–an insight on state hospitals of Iran, 2012. J. Digit. Imaging 26(6), 1040–1044 (2013)

    Article  Google Scholar 

  6. Gutiérrez-Martínez, J., Núñez-Gaona, M.A., Aguirre-Meneses, H.: Business model for the security of a large-scale PACS, compliance with ISO/27002: 2013 standard. J. Digit. Imaging 28(4), 481–491 (2015)

    Article  Google Scholar 

  7. Hasman, A., et al.: Hl7 RIM: an incoherent standard. In: Ubiquity: Technologies for Better Health in Aging Societies, Proceedings of Mie 2006, vol. 124, p. 133 (2006)

    Google Scholar 

  8. Liu, Q., Zhang, Y.: TFTP vulnerability mining technology based on fuzzing. Comput. Eng. 33(20), 142–144 (2007)

    Google Scholar 

  9. Luo, Y.: Design and implementation of network security vulnerability scanning system. Ph.D. thesis, National University of Defense Science and Technology, ChangSha (2007)

    Google Scholar 

  10. Elrod, T., Morris, S.: I’m not a doctor but i play one on your network (2011)

    Google Scholar 

  11. Nagy, P., Bowers, G., Reiner, B.I., Siegel, E.L.: Defining the pacs profession: an initial survey of skills, training, and capabilities for PACS administrators. J. Digit. Imaging 18(4), 252–259 (2005)

    Article  Google Scholar 

  12. Pianykh, O.S.: Digital Imaging and Communications in Medicine (DICOM): A Practical Introduction and Survival Guide. Springer, Heidelberg (2009)

    Google Scholar 

  13. US Food and Drug Administration: Content of premarket submissions for management of cybersecurity in medical devices: draft guidance for industry and food and drug administration staff (2013). Accessed 1 May 2014

    Google Scholar 

  14. Vossberg, M., Tolxdorff, T., Krefting, D.: DICOM image communication in globus-based medical grids. IEEE Trans. Inf. Technol. Biomed. 12(2), 145–153 (2008)

    Article  Google Scholar 

  15. Wiese, M., Beck, K., Tschöpel, E., Reindl, P., Carl, P.: PACS-picture archiving and communication system. Der Urologe B 39(3), 237–244 (1999)

    Article  Google Scholar 

  16. Xu, Y.: Research and implementation of fuzzing test technology for streaming media protocol. Ph.D. thesis, Beijing University of Posts and Telecommunications (2009)

    Google Scholar 

  17. Zhang, B., Zhang, Y., Xu, Y.: Exploring network protocol vulnerabilities based on fuzzy testing. J. Tsinghua Univ.: Nat. Sci. Ed. S2, 2113–2118 (2009)

    Google Scholar 

  18. Zhang, G., Shi, X., Li, R., Ren, J.: Fuzzy test optimization scheme for NFC protocol. Hebei Ind. Sci. Technol. 34(3), 155–161 (2017)

    Google Scholar 

  19. Zhang, X., He, Y.: Overview of software testing methods. Sci-tech horizon (4), 35–37 (2012)

    Google Scholar 

  20. Zhang, Y., Wang, Z., Liu, Q., Lou, J., Yao, D.: Research progress and development trend of near-field communication technology security. J. Comput. Sci. 39(6), 1190–1207 (2016)

    Google Scholar 

  21. Zhuang, T.: The Application of Computer in Biomedicine. Science Press, Beijing (2000)

    Google Scholar 

  22. Zou, Q., et al.: From automation to intelligence: advances in software vulnerability mining technology (2018)

    Google Scholar 

Download references

Acknowledgments

This research was financially supported by the National Key Research and Development Plan (2018YFB1004101), Key Lab of Information Network Security, Ministry of Public Security (C19614), Special fund on education and teaching reform of Besti (jy201805), the Fundamental Research Funds for the Central Universities (328201804, 328201910), key laboratory of network assessment technology of Institute of Information Engineering, Chinese Academy of Sciences.

Author information

Authors and Affiliations

  1. Beijing Electronic Science and Technology Institute, Beijing, China

    Zhiqiang Wang, Quanqi Li, Qian Liu, Biao Liu & Jianyi Zhang

  2. State Information Center, Beijing, China

    Zhiqiang Wang

  3. Key Lab of Information Network Security, Ministry of Public Security, Shanghai, China

    Zhiqiang Wang & Tao Yang

  4. Key Laboratory of Network Assessment Technology, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Qixu Liu

Authors
  1. Zhiqiang Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Quanqi Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Qian Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Biao Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jianyi Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Tao Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Qixu Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Biao Liu or Jianyi Zhang .

Editor information

Editors and Affiliations

  1. Shanghai University, Shanghai, China

    Honghao Gao

  2. School of Computer Software, Tianjin University, Tianjin, China

    Zhiyong Feng

  3. Hangzhou Dianzi University, Hangzhou, China

    Jun Yu

  4. Tongji University, Shanghai Shi, China

    Jun Wu

Rights and permissions

Reprints and permissions

Copyright information

© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, Z. et al. (2020). DICOM-Fuzzer: Research on DICOM Vulnerability Mining Based on Fuzzing Technology. In: Gao, H., Feng, Z., Yu, J., Wu, J. (eds) Communications and Networking. ChinaCom 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 312. Springer, Cham. https://doi.org/10.1007/978-3-030-41114-5_38

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-41114-5_38

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-41113-8

  • Online ISBN: 978-3-030-41114-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation