GDPR edge security in IoMT requires shifting control to the network edge. The SEG approach demonstrates how to combine privacy-by-design and low latency without sacrificing efficiency.
Remote monitoring systems for elderly patients (IoMT) face three simultaneous constraints. The data is classified as “sensitive” under GDPR and requires strict protection. Sensor-level devices are limited in energy and computational power, which excludes heavy cryptography. Additionally, the user—an elderly person—should not be involved in security setup. In practice, this leads to fragmentation: security is implemented partially, pseudonymization is done in the cloud, and usability is ignored. At this point, the system begins to degrade: latency increases, risks of data leakage in transit arise, and the attack surface expands.
The solution lies in SEG (Secure Edge Gateway)—to move critical security mechanisms to the edge level and make them part of the architecture rather than an overlay. The key decision is to perform pseudonymization before the data exits the local network. This changes the threat model: identifying data does not leave the local perimeter. The trade-off here is clear: part of the load is shifted to the gateway with limited resources. To maintain balance, lightweight yet sufficient mechanisms are used—HMAC-SHA256 for pseudonymization and AES-128 instead of AES-256 to reduce energy consumption. This is a pragmatic choice: security is preserved while computational costs remain within the capabilities of ESP32.
The architecture is built around three zones. In the patient zone, sensors do not have direct internet access and transmit data using simple protocols. In the perimeter zone, the ESP32-WROOM-32 operates, where all security controls are concentrated. Here, MAC whitelisting occurs, followed by HMAC-SHA256 generating a deterministic HashID that replaces the patient identifier before any transmission. After this, the payload is encrypted using AES-128-CBC, and transport is secured with TLS 1.3 over MQTT. Only access and analytics with RBAC and 2FA remain in the cloud.
A separate architectural invariant is zero-interaction usability. The user performs neither authentication nor configuration. This is not a UX solution but a security control. By removing the human from the loop, the system eliminates an entire class of attacks: phishing, credential theft, and misconfiguration. This is a rare case where usability directly reduces the attack surface.
From a threat modeling perspective, SEG is validated through STRIDE across all six categories. Each threat is tied to a specific control. Spoofing is mitigated by the MAC whitelist. Tampering is addressed through a combination of HMAC and encryption. Information disclosure is minimized through data separation and pseudonymization at the edge. DoS is partially limited by rate limiting at the gateway. Importantly, protection against large-scale DDoS remains the responsibility of upstream infrastructure. This is an honest architectural compromise, not an attempt to “secure everything on the device.”
Results show that moving logic to the edge provides not only security but also operational gains. Edge processing ensures latency below 50 ms, while cloud-only approaches range from 200 to 700 ms. For scenarios involving emergency events, this is critical. MQTT reduces energy consumption by 6-8% compared to HTTP due to persistent connections and compact headers. It is important to note that these figures are drawn from published studies, not direct measurements within this implementation.
A key observation is the absence of conflict between security and performance. In SEG, these goals reinforce each other. Pseudonymization at the edge reduces the volume of sensitive data in the network. MQTT lowers overhead. Local processing reduces latency. As a result, the system becomes both faster and more secure.
There are limitations to the approach. Validation has been conducted through software simulation, without physical measurement of energy consumption and latency on real devices. Synthetic data is used. MAC whitelisting does not protect against physical compromise of devices. These areas require further exploration, including hardware testing and device attestation mechanisms.
In the industrial context, this appears as an evolutionary shift in architecture towards edge-native security. Such approaches are increasingly discussed in IoMT and embedded systems. SEG captures an important pattern: privacy-by-design is becoming not just a legal requirement but an architectural driver that directly impacts latency, throughput, and system resilience.
Information source
arXiv is the largest open preprint repository (since 1991, under the auspices of Cornell), where researchers quickly post working versions of papers; the materials are publicly accessible but do not undergo full peer review, so results should be considered preliminary and, where possible, checked against updated versions or peer‑reviewed journals. arxiv.org