Skip to main content
. 2020 Aug 26;20(17):4828. doi: 10.3390/s20174828

Table 5.

IoMT protocols security features, vulnerabilities, attacks and possible controls.

Protocol Security Features Vulnerabilities Attacks Controls
IrDA(Infrared) No embedded security controls. Detect reflected infrared-light and filtering out the surrounding ambient noise. Eavesdrop attack. Physical security controls.
RFID Embedded data are unprotected and read only. Active (continuously transmitting) and passive (electromagnetic field) RFID systems suffer from weaknesses. Side channel attack. Authentication-hash based protocols, encryption functions.
NFC SSE, SCH, 3 modes of operation: Read/Write, Peer-to-Peer and Card Emulation Mode. Data exchange in close proximity, PICC emulations in protocol challenge-response requests. Near proximity, MITM, DoS, Modification attacks. Architecture and the distance limitations, secure channel with a standard key agreement protocol.
Bluetooth/BLE Secure simple pairing (SSP), Connectivity issues over obstacles Encryption of the payload and not of all the entire packet, matching the connection’s frequency hops and then capturing data in that frequency range, address verification, PINs. Sniffinig, DoS, MITM, Brute-Force, device duplication attacks. AES-CCM, 4-byte MIC module, AES-128
ZWave AES encryption with three shared keys. Does not enforce a standard key exchange protocol, Z-Wave devices implicitly trust the source and destination fields of794the MPDU frame.a malicious node can assigned by the controller. Key Reset, impersonation, node spoofing, BlackHole attacks. AES-128 with three shared keys.
UWB LRP/HRP secure ranging schemes, size of the UWB symbol. Long symbols length, wrong access control configuration or power failure. ED/LC, Same-Nonce attack. Localization and distancing protocols secure the range between nodes.
WiFi WPA2, SSID hiding, MAC filtering and static IP addressing, Connectivity issues over obstacles Lack of granular device authentication, weakness against denial of service, limited protection of service integrity. DoS, Replay, Channel collision, Spoofing attacks. WPA, WPA2 capability, 128-bit WEP authentication.
ZigBee 128-bit AES with pre-share keys, frame-protection mechanisms, essential key(encryption in network layer), global link key and unique link key(App layer), Connectivity issues over obstacles Utilizing insecure key transportation for pre-shared keys, ACKs have no integrity checks, insufficient registration of network keys, the lack of verification in PAN IDs. Installing default link keys or sending security headers in clear text on auxiliary frames, looding that causes DoS, euses of Initiation Vectors which may lead to key compromise, energy-consuming attacks. AES for symmetric key, AES-CTR, AES-CBC-MAC, AES-CCM, Use the Non Volatile Memory of the node to store the nonce states, Key management algorithm.
WIA-PA Join-key shared between device and security manager. Lack of public key encryption algorithm, no intrusion prevention, no broadcast key, The first request is not encrypted. Sybil, DoS, wormhole, Jaming , traffic analysis attack. AFS, AFH, TH, MIC.
ISA100.11a Linchpin, AES-128, time limitations Requires some special conditions to be implemented in a secure path. Sniffing, Spoofing, Replay attacks and Data falsification. AES-128 on TL header.
6LoWPAN AES cipher suit, ESP, IKEv2, DTLS, Connectivity issues over obstacles IP network, radio signal of implementations, Unchanged nodes address, fragmentation mechanism. Use of malicious intermediary network nodes, Signal jamming, traffic analysis, attackers selectively prevent correct packet reassembly. DTLS, HIP, IKE, cryptographic techniques.
LoRa WAN 128-bit application session key (AppSKey), AES. Resetting frame counters without re-keying, caching and replay of ACK packets, transmit falsified gateway beacons to repeatedly wake up sensors, utilize a dictionary of pastmessage. Replay attacks, recovery of passwords, malicious message modification, battery exhaustion and DoS. AES-CMAC, AAES-CTR, MIC.
HL7 No built-in security. Message sources are often not validated by default, ize of HL7 messages is often not validated. Spoofing or integrity attacks, Flooding attacks. SSL, VPN.
HTTP Basic-Digest authentication. Data transfer is not encrypted, Get request. Evasedropping- theft- breach and manipulation, flooding attacks SSL/TLS(HTTPS)
COAP NoSec- SharedKey -MultiKey- Certificate mode. Proxies having to decide if DTLS implementation will be multi-cast or uni-cast message. Parsing, Cache, amplification, spoofing. Cross-protocol attacks. DTLS, Strong authentication technique.
MQTT Four-way handshake mechanism. No embedded data encryption mechanism, IP broker (sometimes is unsecure). Traffic analysis, Port Obscurity, Botnet Over MQTT. SSL/TLS