Eavesdropping-Driven Profiling Attacks on Encrypted WiFi Networks: Unveiling Vulnerabilities in IoT Device Security

Author

Ibrahim A. Alwhbi, Unversity of Central FloridaFollow

Keywords

IoT Device Fingerprinting, Time-Series Analysis, Privacy Issues, Packet Length Analysis, Network Eavesdropping, Access Point Monitoring

Abstract

Abstract—This dissertation investigates the privacy implications of WiFi communication in Internet-of-Things (IoT) environments, focusing on the threat posed by out-of-network observers. Recent research has shown that in-network observers can glean information about IoT devices, user identities, and activities. However, the potential for information inference by out-of-network observers, who do not have WiFi network access, has not been thoroughly examined. The first study provides a detailed summary dataset, utilizing Random Forest for data summary classification. This study highlights the significant privacy threat to WiFi networks and IoT applications from out-of-network observers. Building on this investigation, the second study extends the research by utilizing a new set of time series monitored WiFi data frames and advanced machine learning algorithms, specifically xGboost, for Time Series classification. This extension achieved high accuracy of up to 94\% in identifying IoT devices and their working status, demonstrating faster IoT device profiling while maintaining classification accuracy. Furthermore, the study underscores the ease with which outside intruders can harm IoT devices without joining a WiFi network, launching attacks quickly and leaving no detectable footprints. Additionally, the dissertation presents a comprehensive survey of recent advancements in machine-learning-driven encrypted traffic analysis and classification. Given the challenges posed by encryption for traditional packet and traffic inspection, understanding and classifying encrypted traffic are crucial. The survey provides insights into utilizing machine learning for encrypted network traffic analysis and classification, reviewing state-of-the-art techniques and methodologies. This survey serves as a valuable resource for network administrators, cybersecurity professionals, and policy enforcement entities, offering insights into current practices and future directions in encrypted traffic analysis and classification.

Completion Date

2024

Semester

Summer

Committee Chair

Changchun Zou

Degree

Doctor of Philosophy (Ph.D.)

College

College of Engineering and Computer Science

Department

Computer Science

Format

application/pdf

Identifier

DP0028590

URL

https://purls.library.ucf.edu/go/DP0028590

Language

English

Rights

In copyright

Release Date

August 2024

Length of Campus-only Access

None

Access Status

Doctoral Dissertation (Open Access)

Campus Location

Orlando (Main) Campus

STARS Citation

Alwhbi, Ibrahim A., "Eavesdropping-Driven Profiling Attacks on Encrypted WiFi Networks: Unveiling Vulnerabilities in IoT Device Security" (2024). Graduate Thesis and Dissertation 2023-2024. 387.
https://stars.library.ucf.edu/etd2023/387

Accessibility Status

Meets minimum standards for ETDs/HUTs