DIMScern : A Framework for Discerning DIMSE Services on Remote Medical Devices

In the medical domain, computer systems in digital healthcare have increased connectivity continuously and the Message Service Element (DIMSE) protocol has a critical role in exchanging biomedical imaging data among different digital healthcare systems. As the data communication technology is used to handle sensitive information such as patient information (e.g., patient's name, date of birth, and address) and medical images (e.g., ultrasound, X-ray, and MRI), it has emerged as a major target for security attacks. In this work, we study security concerns on the message exchange method used in the protocol. It is important to know which services are available on a given healthcare IT system to an adversary and we observe that the protocol can be implemented in various ways across products, with each supporting different services as well. We present , a framework for discerning services on remote medical devices. To show the effectiveness of , we evaluate our framework on multiple implementations, including commercial products and libraries, and identify the supported services of them. We demonstrate that successfully identifies medical services that are supported differently across 22 healthcare IT systems in a remote environment.