In federated learning (FL), encrypted wireless traffic may inadvertently leak client-side model architecture information (e.g., CNN/RNN), posing a novel side-channel privacy threat—hitherto unexplored systematically. This paper introduces the first fingerprinting attack targeting FL model architectures solely from encrypted Wi-Fi traffic. Our method extracts flow-level and packet-level statistical features—including packet lengths, inter-arrival times, and temporal patterns—and classifies them using hybrid LSTM/Transformer models, enabling remote, decryption-free, and contactless architecture inference. The approach demonstrates robustness across heterogeneous devices, diverse model types, and non-IID data distributions in realistic FL settings. Experiments show F1-scores exceeding 98% in closed-world and 91% in open-world scenarios. It accurately identifies both pre-trained and custom CNN/RNN architectures, confirming that model-structural information is inherently exposed—even under encryption—during FL communication.

Federated Learning (FL) enables collaborative model training across distributed devices while safeguarding data and user privacy. However, FL remains susceptible to privacy threats that can compromise data via direct means. That said, indirectly compromising the confidentiality of the FL model architecture (e.g., a convolutional neural network (CNN) or a recurrent neural network (RNN)) on a client device by an outsider remains unexplored. If leaked, this information can enable next-level attacks tailored to the architecture. This paper proposes a novel side-channel fingerprinting attack, leveraging flow-level and packet-level statistics of encrypted wireless traffic from an FL client to infer its deep learning model architecture. We name it FLARE, a fingerprinting framework based on FL Architecture REconnaissance. Evaluation across various CNN and RNN variants-including pre-trained and custom models trained over IEEE 802.11 Wi-Fi-shows that FLARE achieves over 98% F1-score in closed-world and up to 91% in open-world scenarios. These results reveal that CNN and RNN models leak distinguishable traffic patterns, enabling architecture fingerprinting even under realistic FL settings with hardware, software, and data heterogeneity. To our knowledge, this is the first work to fingerprint FL model architectures by sniffing encrypted wireless traffic, exposing a critical side-channel vulnerability in current FL systems.