Abstract
The DICOM (Digital Imaging and COmmunication in Medicine) standard provides a framework for a diagnostically-accurate representation, processing, transfer, storage and display of medical imaging data. Information hiding in DICOM is currently limited to the application of digital media steganography and watermarking techniques on the media parts of DICOM files, as well as text steganographic techniques for embedding information in metadata of DICOM files. To improve the overall security of the DICOM standard, we investigate its susceptibility to network steganographic techniques. To this aim, we develop several network covert channels that can be created by using a specific transport mechanism – the DICOM Message Service and Upper Layer Service. The bandwidth, undetectability and robustness of the proposed covert channels are evaluated, and potential countermeasures are suggested. Moreover, a detection mechanism leveraging entropy-based metrics is introduced and its performance has been assessed.
Highlights
In DICOM, a service type is associated with the data (IODs) that it processes, and this is known as Service-Object Pairs (SOPs)
C-ECHO service is a part of the Verification SOP Class, which is a part of the Verification Service Class
If video is involved in the DICOM service or if the number of DIMSE services per scan/exam is greater than 1 (e.g., C-MOVE-RQ generate one or more consecutive C services are used for storage (C-STORE)-RQ), the bandwidth will be greater than the estimation given previously, for the factor that is limited by the number of transmitted DIMSE messages per an hour
Summary
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. The various IS exchange information by using the HL7 standard (https://www.hl7.org, accessed on 5 December 2021) In this scenario, an important part is the Picture Archiving and Communication Systems or the PACS infrastructure responsible of integrating the modalities. The main contributions of this work can be summarized as follows: It shows the existence of ten new covert channels using the DICOM standard It categorizes the determined covert channels using the latest version of the hiding patterns taxonomy [10]; It showcases an entropy-based detection methodology for real scenarios and known covert channels; It performs and experimental campaign to show how irregularities in Message ID can reveal when covert traffic is present.
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call