Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

WiFinger: Fingerprinting Noisy IoT Event Traffic Using Packet-level Sequence Matching

Ronghua Li, Shinan Liu, Haibo Hu, Qingqing Ye, Nick Feamster

TL;DR

WiFinger addresses the privacy risk posed by encrypted IoT traffic by reframing Wi‑Fi event fingerprinting as a robust packet-level subsequence matching problem. It introduces NT-LCS-based matching with anchor references and segmentation (AFMLCS) and a three-stage fingerprint extraction process, enabling accurate tracking under noisy wireless conditions with limited training data. Empirical results show WiFinger delivering high recall and precision, significantly outperforming state-of-the-art ML-based and packet-level approaches in multi-event tracking, while maintaining efficiency. The work highlights practical defense trade-offs and broad applicability to other wireless sensing contexts, underscoring the need for careful countermeasures in IoT deployments.

Abstract

IoT environments such as smart homes are susceptible to privacy inference attacks, where attackers can analyze patterns of encrypted network traffic to infer the state of devices and even the activities of people. While most existing attacks exploit ML techniques for discovering such traffic patterns, they underperform on wireless traffic, especially Wi-Fi, due to its heavy noisiness and the packet loss of wireless sniffing. In addition, these approaches commonly target distinguishing chunked IoT event traffic samples, and they fail at effectively tracking multiple events simultaneously. In this work, we propose WiFinger, a fine-grained multi-IoT event fingerprinting approach against noisy traffic. WiFinger turns the traffic pattern classification task into a subsequence matching problem and introduces novel techniques to account for the high time complexity while maintaining high accuracy. In addition, its reliance on training sample volumes reduces efforts for any future fingerprint updates. Experiments demonstrate that WiFinger outperforms existing approaches under practical threat models, with an average recall of 89% (v.s. 49% and 46% respectively) and almost zero false positives for various IoT events.

WiFinger: Fingerprinting Noisy IoT Event Traffic Using Packet-level Sequence Matching

TL;DR

WiFinger addresses the privacy risk posed by encrypted IoT traffic by reframing Wi‑Fi event fingerprinting as a robust packet-level subsequence matching problem. It introduces NT-LCS-based matching with anchor references and segmentation (AFMLCS) and a three-stage fingerprint extraction process, enabling accurate tracking under noisy wireless conditions with limited training data. Empirical results show WiFinger delivering high recall and precision, significantly outperforming state-of-the-art ML-based and packet-level approaches in multi-event tracking, while maintaining efficiency. The work highlights practical defense trade-offs and broad applicability to other wireless sensing contexts, underscoring the need for careful countermeasures in IoT deployments.

Abstract

IoT environments such as smart homes are susceptible to privacy inference attacks, where attackers can analyze patterns of encrypted network traffic to infer the state of devices and even the activities of people. While most existing attacks exploit ML techniques for discovering such traffic patterns, they underperform on wireless traffic, especially Wi-Fi, due to its heavy noisiness and the packet loss of wireless sniffing. In addition, these approaches commonly target distinguishing chunked IoT event traffic samples, and they fail at effectively tracking multiple events simultaneously. In this work, we propose WiFinger, a fine-grained multi-IoT event fingerprinting approach against noisy traffic. WiFinger turns the traffic pattern classification task into a subsequence matching problem and introduces novel techniques to account for the high time complexity while maintaining high accuracy. In addition, its reliance on training sample volumes reduces efforts for any future fingerprint updates. Experiments demonstrate that WiFinger outperforms existing approaches under practical threat models, with an average recall of 89% (v.s. 49% and 46% respectively) and almost zero false positives for various IoT events.

Paper Structure

This paper contains 38 sections, 6 equations, 19 figures, 7 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Work & Motivation
  3. Wi-Fi Event Traffic: A Motivating Example
  4. Flow-level Analysis
  5. Packet-level Analysis
  6. Verbose Information Analysis
  7. Problem Statement
  8. Problem Statement
  9. Security & Privacy Impact
  10. Threat Model
  11. Connection Configurations & Event Triggering
  12. WiFinger: System Design
  13. Intuition on Packet-level Fingerprinting
  14. Fingerprint Matching
  15. Advanced Fingerprint Matching
  16. ...and 23 more sections

Figures (19)

  • Figure 1: An example of ideal Wi-Fi IoT event traffic v.s. real-world collected traffic. Green arrows represent fingerprint packets, and red arrows represent unrelated packets. While the ideal event fingerprints are clean, real-world event traffic may be incomplete or mixed with noise packets.
  • Figure 2: peekaboo performance with various sliding window and devices/events using chunked training/testing samples.
  • Figure 3: peekaboo performance of binary classification v.s. multi-event classification using chunked training/testing samples.
  • Figure 4: F1-Score performances of chunked sample-based detection v.s. continuous tracking. Detailed introductions of "tracking" is in Section \ref{['sec:experiment']}.
  • Figure 5: Packet-level matching approaches cannot handle packet losses during sniffing.
  • ...and 14 more figures

Theorems & Definitions (1)

  • Definition 1: NT-LCS