Matter is the most recent application-layer standard for the Internet of Things (IoT). As one of its major selling points, Matter's design imposes particular attention to security and privacy: it provides validated secure session establishment protocols, and it uses robust security algorithms to secure communications between IoT devices and Matter controllers. However, to our knowledge, there is no systematic analysis investigating the extent to which a passive attacker, in possession of lower layer keys or exploiting security misconfiguration at those layers, could infer information by passively analyzing encrypted Matter traffic. In this paper, we fill this gap by analyzing the robustness of the Matter IoT standard to encrypted traffic analysis performed by a passive eavesdropper. By using various datasets collected from real-world testbeds and simulated setups, we identify patterns in metadata of the encrypted Matter traffic that allow inferring the specific interactions occurring between end devices and controllers. Moreover, we associate patterns in sequences of interactions to specific types of IoT devices. These patterns can be used to create fingerprints that allow a passive attacker to infer the type of devices used in the network, constituting a serious breach of users privacy. Our results reveal that we can identify specific Matter interactions that occur in encrypted traffic with over $95\%$ accuracy also in the presence of packet losses and delays. Moreover, we can identify Matter device types with a minimum accuracy of $88\%$. The CSA acknowledged our findings, and expressed the willingness to address such vulnerabilities in the next releases of the standard.

翻译：Matter是物联网（IoT）最新应用层标准。其设计的一大核心卖点是特别注重安全与隐私：它提供经验证的安全会话建立协议，并使用鲁棒的安全算法来保护物联网设备与Matter控制器之间的通信安全。然而，据我们所知，目前尚无系统研究探讨被动攻击者在掌握底层密钥或利用该层安全配置错误的情况下，能否通过被动分析加密的Matter流量来推断信息。本文通过分析Matter物联网标准对被动窃听者进行加密流量分析的鲁棒性，填补了这一空白。利用从真实测试平台和模拟设置中收集的多组数据集，我们识别出加密Matter流量元数据中的模式，这些模式允许推断终端设备与控制器之间发生的具体交互。此外，我们将交互序列中的模式与特定类型的物联网设备相关联。这些模式可用于创建指纹，使被动攻击者能够推断网络中使用的设备类型，构成对用户隐私的严重侵犯。我们的结果表明，即使在存在丢包和延迟的情况下，我们也能以超过$95\%$的准确率识别加密流量中发生的具体Matter交互。此外，我们能够以最低$88\%$的准确率识别Matter设备类型。连接标准联盟（CSA）已确认我们的发现，并表示愿意在标准的后续版本中解决此类漏洞。