The rapid expansion of internet of things (IoT) devices have created a pervasive ecosystem where encrypted wireless communications serve as the primary privacy and security protection mechanism. While encryption effectively protects message content, packet metadata and statistics inadvertently expose device identities and user contexts. Various studies have exploited raw packet statistics and their visual representations for device fingerprinting and identification. However, these approaches remain confined to the spatial domain with limited feature representation. Therefore, this paper presents CONTEX-T, a novel framework that exploits contextual privacy vulnerabilities using spectral representation of encrypted wireless traffic for IoT device characterization. The experiments show that spectral analysis provides new and rich feature representation for covert reconnaissance attacks, revealing a complex and expanding threat landscape that would require robust countermeasures for IoT security management. CONTEXT-T first transforms raw packet length sequences into time-frequency spectral representations and then utilizes transformer-based spectral analysis for the device identification. We systematically evaluated multiple spectral representation techniques and transformer-based models across encrypted traffic samples from various IoT devices. CONTEXT-T effectively exploited privacy vulnerabilities and achieved device classification accuracy exceeding 99% across all devices while remaining completely passive and undetectable.

翻译：物联网（IoT）设备的快速扩张形成了一个普遍存在的生态系统，其中加密无线通信作为主要的隐私和安全保护机制。虽然加密能有效保护消息内容，但数据包元数据和统计信息无意中暴露了设备身份和用户上下文。已有多种研究利用原始数据包统计量及其可视化表示进行设备指纹识别与身份鉴别。然而，这些方法仍局限于空间域，其特征表示能力有限。为此，本文提出CONTEX-T——一种利用加密无线流量的频谱表示进行物联网设备特征刻画的新型框架，旨在挖掘上下文隐私漏洞。实验表明，频谱分析为隐蔽侦察攻击提供了新颖且丰富的特征表示，揭示了一个复杂且不断扩大的威胁态势，这要求物联网安全管理采取强有力的应对措施。CONTEX-T首先将原始数据包长度序列转换为时频谱表示，随后利用基于Transformer的频谱分析进行设备识别。我们系统评估了多种频谱表示技术和基于Transformer的模型，测试数据涵盖来自各类物联网设备的加密流量样本。CONTEX-T有效利用了隐私漏洞，在所有设备上实现了超过99%的设备分类准确率，同时保持完全被动且不可检测。