Rethinking Wireless Communication Security in Semantic Internet of Things

The PLS is built upon the information theory, which aims to protect wireless communications against eavesdropping by exploring and utilizing the inherent features of the physical medium [3]. Unlike the encrypt method, PLS is independent of device computing capability, which not only enables it to achieve effective security but also gives it a natural advantage in saving resources. Moreover, such a technique is able to adjust transmission strategies according to the physical layer characteristics to adapt to the wireless channel changes. According to the working principles of PLS methods, the security performance indicators mainly include secrecy outage probability (SOP), the probability of non-zero secrecy capacity (PNZ), and the average secrecy capacity (ASC) [7].

• •

  Average Secrecy Capacity: The secrecy capacity can be obtained by calculating the difference between the main channel capacity and wiretap channel capacity. For a given constraint of perfect secrecy, the average secrecy capacity provides a criterion for capacity limit from a mathematical point of view. For instance, if the legitimate user is able to obtain the perfect channel state information (CSI) of the eavesdropper’s channel, then the coding scheme can be flexibly adjusted to adapt to different fading coefficients. In principle, therefore, one can realize any average secure communication rate, which is below the average secrecy capacity of the channel.

• •

  Secrecy Outage Probability: The SOP is defined as the probability that the instantaneous secrecy capacity falls less than the target secrecy rate [7]. The SOP first provides the conditions that the wireless channel needs to meet to support the specified secure rate. Second, it gives a security measure for cases where legitimate users have no CSI about the eavesdropper. Therefore, as long as the secrecy capacity is larger than the target secrecy rate, the eavesdropper’s channel is worse than legitimate users’ estimation and the secrecy of the network is ensured.

• •

  Probability of Non-Zero Secrecy Capacity: If the main channel capacity is larger than that of the eavesdropper’s channel, the eavesdroppers are unable to successfully decode the transmitted information. Here, the occurrence probability of such an event is defined as the PNZ. On this basis, according to the definition, the PNZ equals the probability that the instantaneously received signal-to-noise ratio (SNR) of the legitimate user is greater than that of the eavesdropper.

In a conventional IoT, an eavesdropper is considered to be successful in eavesdropping if it can obtain the source message sent by the transmitter. However, in the SIoT, semantic information is transmitted in the wireless channel and decoding is required to obtain the original source message, as shown in Fig. 2 (Part A). Therefore, even if the eavesdropper intercepts the semantic information sent by the transmitter, it may still not obtain the required information, as shown in Fig. 2 (Part B). According to the characteristics of semantic communication, we discuss the possible scenarios in which the eavesdropper succeeds in eavesdropping on information but fails in decoding it as follows:

1. a)

   Semantic decoding failure caused by background knowledge difference between the eavesdropper and the legitimate receiver. In the SIoT, legitimate communication participants will share the background knowledge for semantic encoding and decoding. The eavesdropper might not have the same background knowledge to decode the intercepted semantic information. For example, the semantic information “Mouse” could be decoded as an animal or a computer device, in which the eavesdropper may not be able to decode this meaning correctly. Moreover, the dataset used for semantic encoder and decoder training can be also regarded as the shared background knowledge that is unavailable to the eavesdropper.

2. b)

   The eavesdropper’s task objectives are different from those of the legitimate receiver, resulting in the eavesdropper’s inability to obtain the desired information. For example, the transmitter is a camera in the SIoT that captures street view photos. With the help of semantic communication technology, the camera acts as a transmitter to send these photos to a legitimate receiver for storage. The owner of the legitimate receiver is a vehicle company interested in the number and type of cars on the street, while an eavesdropper wants to steal pedestrians’ information on the road from images. However, the transmitter, through the semantic encoder, transmits only the semantic information that satisfies the task of the legitimate receiver, e.g., image segmentation of vehicles. Therefore, even if the eavesdropper has perfect access to the images transmitted in the wireless environment, its task requirement is not met.

3. c)

   Semantic decoding failure caused by the encryption mechanism of the semantic encoding model itself. Due to the fact that the semantic communication technique requires only partial data to be transmitted and the decoding of semantic information relies on the receiver’s decoder design, it has also been regarded as a potential method for secure communications, the eavesdroppers are unable to decode successfully. The reason is that the eavesdropper might not have the semantic decoder that is jointly trained with the semantic encoder to recover the original source message.

Based on the above discussion, one can conclude that the metrics reflecting the security performance of the SIoT are not only SOP at the communication level but also the semantic decoding error probability (SDEP) at the semantic level. Here SDEP describes the probability that the eavesdropper can successfully decode the information that it needs from the intercepted semantic information. For example, in a semantic communications system with visual question answering (VQA) task [8], SDEP can be the probability that the eavesdropper uses the eavesdropped semantic information model to obtain the correct answers to its own questions. To measure the security performance in a comprehensive manner, we propose a new security performance metric for physical later security technique in the SIoT, which is named semantic SOP.

Note that when the task or interest of the eavesdropper is unknown to the system designer, semantic SOP cannot be calculated accurately by the SIoT designer. However, our proposed semantic SOP can still be used for theoretical upper bound performance analysis, to verify the robustness of the proposed system design. Another feasible research direction is to use statistical methods to estimate the semantic information that eavesdroppers may wish to obtain. Thus, the system designer can estimate SDEP to aid in secure SIoT design, with the help of our proposed semantic SOP metric.

Figure 3 shows the SOP and the semantic SOP versus the signal-to-noise ratio of the transmitter-receiver link with different values of SDEP. We can observe that the probability that the eavesdropper fails to decode the semantic information reduces the semantic SOP. Specifically, when an eavesdropper in the semantic IoT has a $30\%$ probability of not being able to decode successfully semantic information, i.e., SDEP = $30\%$, the transmitter can use an SNR roughly 1 $\mathrm{dB}$ lower to achieve the same SSOP as the SOP in a conventional IoT. Moreover, if a better pair of semantic encoder and decoder can be designed to increase further the error probability of the eavesdropper in decoding the semantic information, e.g., SDEP = $70\%$, we can observe that the transmitter can use an SNR 5.5 $\mathrm{dB}$ lower to achieve the same SSOP as the SOP in a conventional IoT.

An important inspiration for secure SIoT research is to perform cross-layer co-design. Although semantic communications can enhance the system security and reduce the transmit power required to achieve a certain SSOP, the encoding and decoding of semantic information consume computational resources of the network. Therefore, the tradeoff between SIoT performance and security should be considered. By jointly designing the transmit and jamming power allocation schemes in the physical layer and the semantic encoding/decoding scheme in the semantic layer, a more secure and more efficient IoT can be achieved.

So far, the PLS has been applied at large to boost wireless transmission security. Despite its effectiveness, PLS still has certain limitations in other aspects. By analyzing the wireless signal, for instance, the user’s location may be exposed, which poses threat to user privacy. Such problems cannot be solved by PLS techniques, triggering the proposal of covert communications. Also known as low probability of detection communications, covert communications aim to deliver information to a legitimate user without being caught by the warden, who attempt to detect such transmission [9]. The covert communications can include two major aspects. The first one mainly focuses on analyzing and exploiting the uncertainty of the average power of malicious wardens. Another one is to send the signal covered by high-power signals, so as to improve covertness. It is not difficult to see that covert communication never relies on the adversary’s competence, indicating that transmission security can be perfectly guaranteed even if the attacker has a strong processing capability. According to the above discussion, the covert rate and DEP, which are detailed as follows, are used to characterize the performance of covert communications.

• •

  Detection Error Probability: The warden needs to make a binary choice between silent and transmitting via hypothesis testing. Therefore, the detection error probability (DEP) is defined as the likelihood of the warden making a wrong decision, which contains two cases. The first one is that the warden chooses non-null-decision (transmitting) while the null hypothesis (silent) is true, which is called false alarm. Another one is that warden sides with a null hypothesis when the non-null hypothesis is true, which is known as miss detection. The value of DEP is the sum of the probabilities of making the above two wrong decisions.

• •

  Covert Rate: Besides DEP, covert rate, which describes the data transmission rate when the DEP of the warden is close to one, is also vital. The covert rate of any user can be calculated based on the well-known Shannon–Hartley theorem [10].

In a covert communication system, the objective of the warden is to detect whether the transmission is taking place or not, without caring what data is being transmitted. Therefore, encoding the source message to be transmitted into semantic information will not improve the DEP of the warden. If the warden successfully detects that wireless communication is taking place, it can analyze and obtain the transmitter’s information such as the location, and then apply interference to block the semantic communications. To make the DEP converge to 1 arbitrarily, the solutions are to design a reasonable transmitting power allocation scheme and/or to use a friendly jammer or a reconfigurable intelligent surface, as in the conventional IoT. The covert rate in the semantic IoT is the same as that in the conventional IoT.

However, because the warden can perform multiple detections during the data transmission process, a failure of one detection does not mean that the warden cannot discover the transmitting activity. Although the DEP can be arbitrarily close to 1 with covert communication techniques, the DEP is typically set as 90% to 95% in practical communication systems [11]. Even if we consider that the DEP is $99\%$, the probability that a warden who can detect the wireless environment $5$ times per second finds a transmitting activity that lasts $10$ seconds is $1-{99\%}^{50}=39.5\%$. We can conclude that, when transmitting the same amount of data, e.g., 1 article of 1000 words, with the same warden DEP, the probability of the wireless transmission being successfully detected by the warden is lower in the SIoT than that in the conventional IoT. The reason is that in the SIoT, the transmitter can encode articles into semantic information without affecting task completion, e.g., knowledge graphs, which have fewer bits than the original article. Therefore, with the same covert rate, transmitters in the SIoT can complete information transmission faster, as shown in Fig. 4. Because there is an upper limit to the frequency of the warden’s detection of the wireless environment, the shorter the transmission time is, the lower the probability that the transmitting activity will be detected.

However, there is no suitable performance indicator to describe the difference in covert communication security performance that is caused by the data amount difference. This research gap exists because all source messages are encoded in the conventional IoT and there are no differences in the amount of data. To fill this gap, we propose a new performance indicator for covert communications, i.e., detection failure probability (DFP), as follows:

Figure 5 illustrates the detection failure probability versus the ratio of the data volume of semantic information to that of the source message. We can observe that although the warden’s DEP is the same in both the SIoT and conventional IoT, i.e., 90% as is set in much of the literature [11], a great gap exists in the achievable DFP. For example, if the semantic encoder can reduce the number of bits of the source message by half to obtain the semantic information, the DFP can be improved by $69\%$.

An interesting insight is that there is a tradeoff between the semantic encoder computing resource and the physical layer transmit power resource. However, unlike the tradeoff we discussed in Section II-A2, for the semantic encoder in the covert communication-aided SIoT, what matters is how much the encoder reduces the number of semantic information bits. For the semantic encoder in the PLS-aided SIoT, what matters is how low the probability is that the semantic information is decoded successfully by an illegal eavesdropper.

Encryption is one of the most classical techniques to ensure secure transmission, which operates in the upper layers of the communication system. For encryption techniques, there are comprehensive metrics for performance evaluation, including but not limited to crack time, the throughput of encryption/decryption, and power consumption. The crack time and the computational resources to be used by the eavesdropper are positively related to the key size.

In the SIoT, encryption techniques can be seen as a “second layer” of protection for the transmitted data. The reason is that the input of the encryption algorithm can be semantic information obtained through semantic coding, and semantic information itself has encryption properties. Even if the eavesdropper succeeds in breaking the encryption, it may not succeed in decoding the semantic information to obtain the source message, as we discuss in Section II-A2.

A general design is to integrate cryptography as an option with semantic communication systems [4]. In SIoT, if the transmitter and receiver want to hide the information from a potential eavesdropper, the goal is to minimize the error between the transmitter and receiver while maximizing the error between the transmitter and eavesdropper. Following this idea, an encrypted semantic communication system is designed in [4]. However, the authors in [4] only considered symmetric encryption, and related work is still in the vacant stage. More cryptography-assisted semantic communication systems can be designed to further improve the security of SIoT.

By considering that a large part of the semantic communication encoders and decoders are functioned by deep learning methods, a feasible solution to reduce semantic noise is to improve the robustness of semantic models during the training process. Specifically, there have been some training-based methods, e.g., defensive distillation [13], weight perturbation [14], and adversarial training [15].

Although there have been several approaches to improve model robustness using adversarial samples in the fields of natural language and image processing [15], semantic noise-resistant models in wireless communication have not been sufficiently studied. Fortunately, researchers can draw inspiration from existing adversarial training methods and consider the impact of wireless channels and transmission overhead in the SIoT. Most recently, to reduce the impact of semantic noise on the system, a masked vector quantized-variational autoencoder (VQ-VAE) is developed as the architecture of the robust semantic communication system [5]. To improve the system robustness, a feature importance module is proposed to suppress noise-related and task-independent features. It is shown that the proposed masked VQ-VAE requires $0.36\%$ transmitted symbols of the conventional “joint photographic experts group (JPEG) + low-density parity-check coding” method [5], while effectively improving the system robustness by reducing the impacts of semantic noise.

Research on training-free defense methods remains to be developed. There may be different defense methods for data with different modalities. Taking image data as an example, a possible defense solution is to use the visual invariance of the semantic tampered images for correct semantic extraction. As shown in Fig. 6, although the semantic similarity between the two images is high for a semantic encoder, the human eye can easily see the difference between them. The reason is that only some pixels in the attack image have been adjusted. Inspired by this, we try to blur both images by using Gaussian method, and find that the semantic similarity between them can be reduced from $0.987$ to $0.78$, without retraining the semantic model. More pre-processing solutions could be investigated to defend against this kind of semantic attack as a future research direction.