Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Network Traffic Analysis of Medical Devices

Nowfel Mashnoor, Batyr Charyyev

TL;DR

The study addresses the challenge of understanding network security and management for IoT medical devices by comprehensively characterizing WiFi and BLE traffic across 8 devices and 51 functionalities. It employs a dual-data collection approach (510 WiFi measurements and 100 BLE measurements) to analyze flow duration, volume, protocols, traffic direction, DNS queries, and destinations, plus BLE-specific features such as PDU types and header fields. Key findings include device- and function-level traffic signatures, prevalent cloud destinations, privacy concerns from cross-border contacts, and discriminative header-based features suitable for fingerprinting and intrusion detection. The results advance the ability to design targeted networking tools for medical devices and inform privacy-preserving deployment strategies, with the data and repository made publicly available for replication and extension.

Abstract

The availability of medical devices such as glucose levels and blood pressure measuring devices is continuously increasing. These devices have gained user interest as they are easy to use. However, medical devices introduce extra complexity to the network by being numerous, heterogeneous, and more vulnerable to cyber-attacks. For better network management and overall network security, it is important to understand the network traffic characteristics of the devices. Thus, in this paper, we analyze in detail the traffic characteristics of 8 medical devices both at the device level and at the level of individual functionality of each device. We collect and share both network and Bluetooth traffic from a total of 51 functionalities of the devices. Our analysis includes different metrics such as protocols, amount of incoming/outgoing traffic, DNS queries, and analysis of traffic destinations. We observed that devices have unique network and Bluetooth traffic characteristics, that might be useful in developing networking tools for medical devices.

Network Traffic Analysis of Medical Devices

TL;DR

The study addresses the challenge of understanding network security and management for IoT medical devices by comprehensively characterizing WiFi and BLE traffic across 8 devices and 51 functionalities. It employs a dual-data collection approach (510 WiFi measurements and 100 BLE measurements) to analyze flow duration, volume, protocols, traffic direction, DNS queries, and destinations, plus BLE-specific features such as PDU types and header fields. Key findings include device- and function-level traffic signatures, prevalent cloud destinations, privacy concerns from cross-border contacts, and discriminative header-based features suitable for fingerprinting and intrusion detection. The results advance the ability to design targeted networking tools for medical devices and inform privacy-preserving deployment strategies, with the data and repository made publicly available for replication and extension.

Abstract

The availability of medical devices such as glucose levels and blood pressure measuring devices is continuously increasing. These devices have gained user interest as they are easy to use. However, medical devices introduce extra complexity to the network by being numerous, heterogeneous, and more vulnerable to cyber-attacks. For better network management and overall network security, it is important to understand the network traffic characteristics of the devices. Thus, in this paper, we analyze in detail the traffic characteristics of 8 medical devices both at the device level and at the level of individual functionality of each device. We collect and share both network and Bluetooth traffic from a total of 51 functionalities of the devices. Our analysis includes different metrics such as protocols, amount of incoming/outgoing traffic, DNS queries, and analysis of traffic destinations. We observed that devices have unique network and Bluetooth traffic characteristics, that might be useful in developing networking tools for medical devices.
Paper Structure (12 sections, 6 figures, 3 tables)

This paper contains 12 sections, 6 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Related Works
  3. Methodology
  4. WiFi Data
  5. Bluetooth Data
  6. Evaluation Results
  7. Flow duration and volume
  8. Protocols and port numbers
  9. Traffic direction
  10. DNS queries and traffic destinations
  11. Bluetooth communication
  12. Conclusion

Figures (6)

  • Figure 1: Average duration, volume, and packet count of traffic flows for devices, measurements include all functionalities.
  • Figure 2: Average duration and packet count for each individual functionality of the device.
  • Figure 3: Percentage of inbound and outbound network traffic for each device (a) and for each function of BabyMonitor(b) and WithingBPM(c).
  • Figure 4: Protocol percentages for application and transport layer.
  • Figure 5: Average DNS query count and unique DNS count for each device and functionality.
  • ...and 1 more figures