Smart Medical IoT Security Vulnerabilities: Real-Time MITM Attack Analysis, Lightweight Encryption Implementation, and Practitioner Perceptions in Underdeveloped Nigerian Healthcare Systems

• URL: http://arxiv.org/abs/2510.09629v1
• Date: Fri, 26 Sep 2025 15:45:16 GMT
• Title: Smart Medical IoT Security Vulnerabilities: Real-Time MITM Attack Analysis, Lightweight Encryption Implementation, and Practitioner Perceptions in Underdeveloped Nigerian Healthcare Systems
• Authors: Aminu Muhammad Auwal,
• Abstract summary: unsecured wireless communication in medical IoT (mIoT) devices exposes patient data to cyber threats.<n>This study investigates such vulnerabilities through a real-time Man in the Middle (MITM) attack simulation and evaluates lightweight AES-128 encryption on low-cost devices.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The growing use of Internet of Things (IoT) technologies in Nigerian healthcare offers potential improvements in remote monitoring and data-driven care, but unsecured wireless communication in medical IoT (mIoT) devices exposes patient data to cyber threats. This study investigates such vulnerabilities through a real-time Man in the Middle (MITM) attack simulation and evaluates lightweight AES-128 encryption on low-cost devices. A prototype mIoT device was built with a NodeMCU ESP8266 and sensors for heart rate and temperature. In controlled lab conditions simulating local healthcare networks, unencrypted data transmissions were intercepted and altered using common tools (Bettercap, Wireshark). After AES-128 encryption was applied, all transmissions became unreadable and tamper attempts failed, demonstrating its effectiveness. Performance costs were modest, latency rose from 80 ms to 125 ms (56.25 percent increase) and CPU use from 30 percent to 45 percent, but system stability remained intact. Device cost stayed under 18,000 NGN (about 12 USD), making it feasible for Nigeria's resource constrained facilities. A survey of healthcare professionals showed moderate awareness of IoT-related risks but strong support for encryption and staff training. Barriers included limited budgets and technical complexity. The study concludes that lightweight AES-128 encryption provides practical, low-cost protection against common attack vectors while maintaining operational efficiency. Feedback from professionals highlights the urgency of improving security awareness and establishing guidelines for clinical deployment.

Related papers

• Data Poisoning Vulnerabilities Across Healthcare AI Architectures: A Security Threat Analysis [39.89241412792336]
  We analyzed eight attack scenarios in four categories: architectural attacks on convolutional neural networks, large language models, and reinforcement learning agents.<n>Our findings indicate that attackers with access to only 100-500 samples can compromise healthcare AI regardless of dataset size.<n>We recommend multilayer defenses including required adversarial testing, ensemble-based detection, privacy-preserving security mechanisms, and international coordination on AI security standards.
  arXiv  Detail & Related papers  (2025-11-14T07:16:16Z)
• SLIE: A Secure and Lightweight Cryptosystem for Data Sharing in IoT Healthcare Services [0.0]
  This paper proposes SLIE (Secure and Lightweight Identity Encryption), a novel cryptosystem based on Wildcard Key Derivation Identity-Based Encryption (WKD-IBE)<n>SLIE ensures scalable trust and secure omnidirectional communication through end-to-end encryption, hierarchical access control, and a lightweight key management system designed for resource-constrained devices.<n> Evaluations show that SLIE significantly outperforms RSA, with encryption and decryption times of 0.936ms and 0.217ms for 1KB of data, an 84.54% improvement in encryption speed, and a 99.70% improvement in decryption speed.
  arXiv  Detail & Related papers  (2025-10-16T14:10:48Z)
• Performance and Storage Analysis of CRYSTALS Kyber as a Post Quantum Replacement for RSA and ECC [45.88028371034407]
  CRYSTALS-Kyber is a post-quantum cryptographic solution standardized by NIST in 2022.<n>This study evaluates Kyber's practical viability through performance testing across various implementation schemes.
  arXiv  Detail & Related papers  (2025-08-03T09:53:45Z)
• CANDoSA: A Hardware Performance Counter-Based Intrusion Detection System for DoS Attacks on Automotive CAN bus [45.24207460381396]
  This paper presents a novel Intrusion Detection System (IDS) designed for the Controller Area Network (CAN) environment.<n>A RISC-V-based CAN receiver is simulated using the gem5 simulator, processing CAN frame payloads with AES-128 encryption as FreeRTOS tasks.<n>Results indicate that this approach could significantly improve CAN security and address emerging challenges in automotive cybersecurity.
  arXiv  Detail & Related papers  (2025-07-19T20:09:52Z)
• Cyber Attacks Detection, Prevention, and Source Localization in Digital Substation Communication using Hybrid Statistical-Deep Learning [39.58317527488534]
  This paper proposes a novel method using hybrid statistical-deep learning for the detection, prevention, and source localization of IEC 61850 SV injection attacks.<n>It effectively discards malicious SV frames with minimal processing overhead and latency, maintains robustness against communication network latency variation and time-synchronization issues.<n>Results demonstrate the method's suitability for practical deployment in IEC 61850-compliant digital substations.
  arXiv  Detail & Related papers  (2025-07-01T07:38:22Z)
• CryptoDNA: A Machine Learning Paradigm for DDoS Detection in Healthcare IoT, Inspired by crypto jacking prevention Models [0.0]
  The rapid integration of the Internet of Things (IoT) and Internet of Medical (IoM) devices in the healthcare industry has markedly improved patient care and hospital operations.<n>DDoS attacks present significant dangers, jeopardizing operational stability and patient safety.<n>This study introduces CryptoDNA, an innovative machine learning detection framework influenced by cryptojacking detection methods.
  arXiv  Detail & Related papers  (2025-01-30T18:22:16Z)
• A Review on the Security Vulnerabilities of the IoMT against Malware Attacks and DDoS [0.0]
  The Internet of Medical Things (IoMT) has transformed the healthcare industry by connecting medical devices in monitoring treatment outcomes of patients.<n>This literature review examines the vulnerabilities of IoMT devices, focusing on critical threats and exploring mitigation strategies.
  arXiv  Detail & Related papers  (2025-01-13T21:29:06Z)
• Quantum Threat in Healthcare IoT: Challenges and Mitigation Strategies [2.1842941116221826]
  The Internet of Things (IoT) has transformed healthcare, facilitating remote patient monitoring, enhanced medication adherence, and chronic disease management.<n>This chapter examines the quantum threat to healthcare IoT security, highlighting the potential impacts of compromised encryption.<n>It introduces post-quantum cryptography (PQC) and quantum-resistant techniques like quantum key distribution (QKD)
  arXiv  Detail & Related papers  (2024-12-08T11:48:14Z)
• A Security Assessment tool for Quantum Threat Analysis [34.94301200620856]
  The rapid advancement of quantum computing poses a significant threat to many current security algorithms used for secure communication, digital authentication, and information encryption. A sufficiently powerful quantum computer could potentially exploit vulnerabilities in these algorithms, rendering data in insecure transit. This work developed a quantum assessment tool for organizations, providing tailored recommendations for transitioning their security protocols into a post-quantum world.
  arXiv  Detail & Related papers  (2024-07-18T13:58:34Z)
• A Novel Zero-Trust Machine Learning Green Architecture for Healthcare IoT Cybersecurity: Review, Analysis, and Implementation [0.0]
  The integration of Internet of Things (IoT) devices in healthcare applications has revolutionized patient care, monitoring, and data management. However, the rapid involvement of these devices brings information security concerns that pose critical threats to patient privacy and the integrity of healthcare data. This paper introduces a novel machine learning (ML) based architecture explicitly designed to address and mitigate security vulnerabilities in IoT devices within healthcare applications.
  arXiv  Detail & Related papers  (2024-01-14T21:01:21Z)
• DynamiQS: Quantum Secure Authentication for Dynamic Charging of Electric Vehicles [61.394095512765304]
  Dynamic Wireless Power Transfer (DWPT) is a novel technology that allows charging an electric vehicle while driving. Recent advancements in quantum computing jeopardize classical public key cryptography. We propose DynamiQS, the first post-quantum secure authentication protocol for dynamic wireless charging.
  arXiv  Detail & Related papers  (2023-12-20T09:40:45Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.