Contact information
| Name | Juan Diego Llano Miraval |
Contact
Publications
Llano-Miraval, Juan Diego; Campo, Celeste; García-Rubio, Carlos; Moure-Garrido, Marta
AI Versus IoT Security: Fingerprinting and Defenses Against TLS Handshake-Based IoT Device Classification Journal Article
In: IEEE Access, vol. 13, pp. 165607 - 165622, 2025, ISSN: 2169-3536.
@article{juandiego001,
title = {AI Versus IoT Security: Fingerprinting and Defenses Against TLS Handshake-Based IoT Device Classification},
author = {Juan Diego Llano-Miraval and Celeste Campo and Carlos García-Rubio and Marta Moure-Garrido},
url = {https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=11168239},
doi = {https://doi.org/10.1109/ACCESS.2025.3611160},
issn = {2169-3536},
year = {2025},
date = {2025-09-17},
urldate = {2025-09-17},
journal = {IEEE Access},
volume = {13},
pages = {165607 - 165622},
abstract = {The number of Internet of Things (IoT) devices in smart homes is steadily increasing, enhancing convenience but also raising security concerns. While secure communication protocols like Transport Layer Security (TLS) are commonly used, attackers can still exploit metadata to profile users and identify vulnerabilities. This research focuses on analyzing the TLS handshake, where encryption parameters are established. Although newer versions of TLS aim to encrypt the Server Name Indication (SNI), we observed that some devices in real-world environments still transmit SNI in plaintext, potentially exposing device identities. Given this practical variability in SNI transmission among diverse IoT devices, we conducted two parallel studies, one including the SNI and one without it, while avoiding Media Access Control (MAC) and Internet Protocol (IP) addresses due to their inherent variability and privacy implications. We used TLS handshake parameters as input for machine learning algorithms to fingerprint IoT devices, classify them by type, and identify manufacturers. Six machine learning models were evaluated: Support Vector Machine (SVM), a multi-layer perceptron (MLP), Random Forest (RF), Convolutional Neural Network (CNN), XGBoost, and CNN+RF. The results showed that CNN+RF achieved the highest accuracy, reaching 99% for device type classification. However, our proposed countermeasure, which enhances TLS handshake privacy by obfuscating specific parameters, significantly reduced fingerprinting accuracy to a maximum of 80% when SNI was excluded. These findings highlight the potential risks of TLS metadata exposure and demonstrate the effectiveness of privacy-enhancing countermeasures in mitigating IoT device fingerprinting attacks.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The number of Internet of Things (IoT) devices in smart homes is steadily increasing, enhancing convenience but also raising security concerns. While secure communication protocols like Transport Layer Security (TLS) are commonly used, attackers can still exploit metadata to profile users and identify vulnerabilities. This research focuses on analyzing the TLS handshake, where encryption parameters are established. Although newer versions of TLS aim to encrypt the Server Name Indication (SNI), we observed that some devices in real-world environments still transmit SNI in plaintext, potentially exposing device identities. Given this practical variability in SNI transmission among diverse IoT devices, we conducted two parallel studies, one including the SNI and one without it, while avoiding Media Access Control (MAC) and Internet Protocol (IP) addresses due to their inherent variability and privacy implications. We used TLS handshake parameters as input for machine learning algorithms to fingerprint IoT devices, classify them by type, and identify manufacturers. Six machine learning models were evaluated: Support Vector Machine (SVM), a multi-layer perceptron (MLP), Random Forest (RF), Convolutional Neural Network (CNN), XGBoost, and CNN+RF. The results showed that CNN+RF achieved the highest accuracy, reaching 99% for device type classification. However, our proposed countermeasure, which enhances TLS handshake privacy by obfuscating specific parameters, significantly reduced fingerprinting accuracy to a maximum of 80% when SNI was excluded. These findings highlight the potential risks of TLS metadata exposure and demonstrate the effectiveness of privacy-enhancing countermeasures in mitigating IoT device fingerprinting attacks.