About | Contact Us | Register | Login
ProceedingsSeriesJournalsSearchEAI
Communications and Networking. 14th EAI International Conference, ChinaCom 2019, Shanghai, China, November 29 – December 1, 2019, Proceedings, Part I

Research Article

DICOM-Fuzzer: Research on DICOM Vulnerability Mining Based on Fuzzing Technology

Download(Requires a free EAI acccount)
5 downloads
Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.1007/978-3-030-41114-5_38,
        author={Zhiqiang Wang and Quanqi Li and Qian Liu and Biao Liu and Jianyi Zhang and Tao Yang and Qixu Liu},
        title={DICOM-Fuzzer: Research on DICOM Vulnerability Mining Based on Fuzzing Technology},
        proceedings={Communications and Networking. 14th EAI International Conference, ChinaCom 2019, Shanghai, China, November 29 -- December 1, 2019, Proceedings, Part I},
        proceedings_a={CHINACOM},
        year={2020},
        month={2},
        keywords={DICOM Fuzzing PACS DCMTK},
        doi={10.1007/978-3-030-41114-5_38}
    }
    
  • Zhiqiang Wang
    Quanqi Li
    Qian Liu
    Biao Liu
    Jianyi Zhang
    Tao Yang
    Qixu Liu
    Year: 2020
    DICOM-Fuzzer: Research on DICOM Vulnerability Mining Based on Fuzzing Technology
    CHINACOM
    Springer
    DOI: 10.1007/978-3-030-41114-5_38
Zhiqiang Wang, Quanqi Li, Qian Liu, Biao Liu,*, Jianyi Zhang, Tao Yang1, Qixu Liu2
  • 1: Key Lab of Information Network Security
  • 2: Key Laboratory of Network Assessment Technology, Institute of Information Engineering
*Contact email: liubiao@besti.edu.cn

Abstract

In recent years, the medical equipment and related information systems show the characteristics of mobility, networking, intelligence. At the same time, security incidents caused by medical equipment emerge in an endless stream, which brings a huge threat to the information security of users and causes serious harm. Most medical devices use open source protocol library, which brings great security risks to the digitalization and informatization of medical devices. Therefore, in the face of growing security threats and challenges, it is urgent to study the security of medical equipment. In this paper, the vulnerability mining of DICOM was studied, the most commonly used communication standard for high-performance medical devices, and a vulnerability mining model based on Fuzzing technology was proposed. This model constructed a vulnerability mining environment by simulating PACS system, and implemented a prototype system DICOM-Fuzzer. The system includes initialization, test case generation and other modules, which can complete large-scale automatic testing and exception monitoring. Then, three different versions of the open source library were selected to test the 1000 test cases generated respectively. It was found that when the received file data was greater than 7080 lines, the overflow would occur, resulting in the denial of service of the system. Finally, the security suggestions and repair measures were put forward, and the future research was described.

Keywords
DICOM Fuzzing PACS DCMTK
Published
2020-02-27
Appears in
SpringerLink
http://dx.doi.org/10.1007/978-3-030-41114-5_38
Copyright © 2019–2025 ICST
EBSCOProQuestDBLPDOAJPortico
EAI Logo

About EAI

  • Who We Are
  • Leadership
  • Research Areas
  • Partners
  • Media Center

Community

  • Membership
  • Conference
  • Recognition
  • Sponsor Us

Publish with EAI

  • Publishing
  • Journals
  • Proceedings
  • Books
  • EUDL