H.1.5.1 Threat Assessment

The threat and value for the LDAP based configuration mechanisms fall into categories:

  1. AE-uniqueness mechanism

  2. Finding (and updating) Network AE descriptions

  3. Finding (and updating) device descriptions

These each pose different vulnerabilities to attack. These are:

  1. Active Attacks

  2. The AE-title uniqueness mechanism could be attacked by creating vast numbers of spurious AE-titles. This could be a Denial of Service (DoS) attack on the LDAP server. It has a low probability of interfering with DICOM operations.

  3. The Network AE information could be maliciously updated. This would interfere with DICOM operations by interfering with finding the proper server. It could direct connections to malicious nodes, although the use of TLS authentication for DICOM connections would detect such misdirection. When TLS authentication is in place this becomes a DoS attack.

  4. The device descriptions could be maliciously modified. This would interfere with proper device operation.

  5. Passive Attacks

  6. There is no apparent value to an attacker in obtaining the current list of AE-titles. This does not indicate where these AE-titles are deployed or on what equipment.

  7. The Network AE information and device descriptions might be of value in determining the location of vulnerable systems. If it is known that a particular model of equipment from a particular vendor is vulnerable to a specific attack, then the Network AE Information can be used to find that equipment.