Related papers: Things that Matter -- Identifying Interactions and IoT Device Types in Encrypted Matter Traffic

Things that Matter -- Identifying Interactions and IoT Device Types in Encrypted Matter Traffic

URL: http://arxiv.org/abs/2602.01932v1
Date: Mon, 02 Feb 2026 10:34:06 GMT
Title: Things that Matter -- Identifying Interactions and IoT Device Types in Encrypted Matter Traffic
Authors: Kristopher Alex Schlett, Bela Genge, Savio Sciancalepore,
Abstract summary: We analyze the robustness of the Matter IoT standard to encrypted traffic analysis performed by a passive eavesdropper.<n>We identify patterns in metadata of the encrypted Matter traffic that allow inferring the specific interactions occurring between end devices and controllers.<n>These patterns can be used to create fingerprints that allow a passive attacker to infer the type of devices used in the network.
Score: 0.9176056742068813
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Matter is the most recent application-layer standard for the Internet of Things (IoT). As one of its major selling points, Matter's design imposes particular attention to security and privacy: it provides validated secure session establishment protocols, and it uses robust security algorithms to secure communications between IoT devices and Matter controllers. However, to our knowledge, there is no systematic analysis investigating the extent to which a passive attacker, in possession of lower layer keys or exploiting security misconfiguration at those layers, could infer information by passively analyzing encrypted Matter traffic. In this paper, we fill this gap by analyzing the robustness of the Matter IoT standard to encrypted traffic analysis performed by a passive eavesdropper. By using various datasets collected from real-world testbeds and simulated setups, we identify patterns in metadata of the encrypted Matter traffic that allow inferring the specific interactions occurring between end devices and controllers. Moreover, we associate patterns in sequences of interactions to specific types of IoT devices. These patterns can be used to create fingerprints that allow a passive attacker to infer the type of devices used in the network, constituting a serious breach of users privacy. Our results reveal that we can identify specific Matter interactions that occur in encrypted traffic with over $95\%$ accuracy also in the presence of packet losses and delays. Moreover, we can identify Matter device types with a minimum accuracy of $88\%$. The CSA acknowledged our findings, and expressed the willingness to address such vulnerabilities in the next releases of the standard.

Related papers

CONTEX-T: Contextual Privacy Exploitation via Transformer Spectral Analysis for IoT Device Fingerprinting [0.8164433158925591]
The rapid expansion of internet of things (IoT) devices have created a pervasive ecosystem where encrypted wireless communications serve as the primary privacy and security protection mechanism.<n>While encryption effectively protects message content, packet metadata and statistics inadvertently expose device identities and user contexts.<n>This paper presents CONTEX-T, a novel framework that exploits contextual privacy vulnerabilities using spectral representation of encrypted wireless traffic for IoT device characterization.
arXiv Detail & Related papers (2026-01-22T18:03:34Z)
Smart Surveillance: Identifying IoT Device Behaviours using ML-Powered Traffic Analysis [3.6442413702696506]
This study investigates the use of machine learning (ML) techniques to classify IoT device types and their actions.<n>We constructed a testbed comprising an NPAT-enabled router and a diverse set of IoT devices, including smart cameras, controller hubs, home appliances, power controllers, and streaming devices.
arXiv Detail & Related papers (2025-12-06T14:01:56Z)
CANDoSA: A Hardware Performance Counter-Based Intrusion Detection System for DoS Attacks on Automotive CAN bus [45.24207460381396]
This paper presents a novel Intrusion Detection System (IDS) designed for the Controller Area Network (CAN) environment.<n>A RISC-V-based CAN receiver is simulated using the gem5 simulator, processing CAN frame payloads with AES-128 encryption as FreeRTOS tasks.<n>Results indicate that this approach could significantly improve CAN security and address emerging challenges in automotive cybersecurity.
arXiv Detail & Related papers (2025-07-19T20:09:52Z)
CANTXSec: A Deterministic Intrusion Detection and Prevention System for CAN Bus Monitoring ECU Activations [53.036288487863786]
We propose CANTXSec, the first deterministic Intrusion Detection and Prevention system based on physical ECU activations.<n>It detects and prevents classical attacks in the CAN bus, while detecting advanced attacks that have been less investigated in the literature.<n>We prove the effectiveness of our solution on a physical testbed, where we achieve 100% detection accuracy in both classes of attacks while preventing 100% of FIAs.
arXiv Detail & Related papers (2025-05-14T13:37:07Z)
Intelligent Detection of Non-Essential IoT Traffic on the Home Gateway [45.70482328441101]
This work presents ML-IoTrim, a system for detecting and mitigating non-essential IoT traffic by analyzing network behavior at the edge.<n>We test our framework in a consumer smart home setup with IoT devices from five categories, demonstrating that the model can accurately identify and block non-essential traffic.<n>This research advances privacy-aware traffic control in smart homes, paving the way for future developments in IoT device privacy.
arXiv Detail & Related papers (2025-04-22T09:40:05Z)
MIETT: Multi-Instance Encrypted Traffic Transformer for Encrypted Traffic Classification [59.96233305733875]
Classifying traffic is essential for detecting security threats and optimizing network management.<n>We propose a Multi-Instance Encrypted Traffic Transformer (MIETT) to capture both token-level and packet-level relationships.<n>MIETT achieves results across five datasets, demonstrating its effectiveness in classifying encrypted traffic and understanding complex network behaviors.
arXiv Detail & Related papers (2024-12-19T12:52:53Z)
Domain-Agnostic Hardware Fingerprinting-Based Device Identifier for Zero-Trust IoT Security [7.8344795632171325]
Next-generation networks aim for comprehensive connectivity, interconnecting humans, machines, devices, and systems seamlessly. To address this challenge, the Zero Trust (ZT) paradigm emerges as a key method for safeguarding network integrity and data confidentiality. This work introduces EPS-CNN, a novel deep-learning-based wireless device identification framework.
arXiv Detail & Related papers (2024-02-08T00:23:42Z)
IoT Device Identification Based on Network Communication Analysis Using Deep Learning [43.0717346071013]
The risk of attacks on an organization's network has increased due to the growing use of less secure IoT devices. To tackle this threat and protect their networks, organizations generally implement security policies in which only white listed IoT devices are allowed on the network. In this research, deep learning is applied to network communication for the automated identification of IoT devices permitted on the network.
arXiv Detail & Related papers (2023-03-02T13:44:58Z)
Task-Oriented Communications for NextG: End-to-End Deep Learning and AI Security Aspects [78.84264189471936]
NextG communication systems are beginning to explore shifting this design paradigm to reliably executing a given task such as in task-oriented communications. Wireless signal classification is considered as the task for the NextG Radio Access Network (RAN), where edge devices collect wireless signals for spectrum awareness and communicate with the NextG base station (gNodeB) that needs to identify the signal label. Task-oriented communications is considered by jointly training the transmitter, receiver and classifier functionalities as an encoder-decoder pair for the edge device and the gNodeB.
arXiv Detail & Related papers (2022-12-19T17:54:36Z)
HBFL: A Hierarchical Blockchain-based Federated Learning Framework for a Collaborative IoT Intrusion Detection [0.0]
We propose a hierarchical blockchain-based federated learning framework to enable secure and privacy-preserved collaborative IoT intrusion detection. The proposed ML-based intrusion detection framework follows a hierarchical federated learning architecture to ensure the privacy of the learning process and organisational data. The outcome is a securely designed ML-based intrusion detection system capable of detecting a wide range of malicious activities while preserving data privacy.
arXiv Detail & Related papers (2022-04-08T19:06:16Z)
IoT Device Identification Using Deep Learning [43.0717346071013]
The growing use of IoT devices in organizations has increased the number of attack vectors available to attackers. The widely adopted bring your own device (BYOD) policy which allows an employee to bring any IoT device into the workplace and attach it to an organization's network also increases the risk of attacks. In this study, we applied deep learning on network traffic to automatically identify IoT devices connected to the network.
arXiv Detail & Related papers (2020-02-25T12:24:49Z)

This list is automatically generated from the titles and abstracts of the papers in this site.