Risks and Opportunities for Information Hiding in DICOM Standard

The increasing application of ICT technologies to medicine opens new usage patterns. Among the various standards, the Digital Imaging and COmmunication in Medicine (DICOM) has been gaining momentum, mainly due to its complete coverage of the diagnostic pipeline, including key applications such as CT, MRI and ultrasound scanners. However, owing to its complex and multifaceted nature, DICOM is prone to many risks especially due to the vast and complex attack surface characterizing the composite interplay of services, formats and technologies at the basis of the standard. Luckily, DICOM exhibits some room for improving its security. Specifically, information hiding and steganography can be used in a twofold manner. On one hand, they can help to watermark diagnostic images to improve their resistance against tampering and alterations. On the other hand, the digital infrastructure at the basis of DICOM can lead to data leaks or malicious manipula- tions via artificial intelligence techniques. Therefore, in this work we introduce risks and opportunities when applying information- hiding-based techniques to the DICOM standard. Our investigation highlights some opportunities as well as introduces possibilities of exploiting DICOM images to set up covert channels, i.e., hidden communication paths that can be used to exfiltrate data or launch attacks. To prove the effectiveness of our vision, this paper also showcases the performance evaluation of a covert channel built by applying text steganography principles on realistic DICOM images.