Rethinking Wireless Communication Security in Semantic Internet of Things

Hongyang Du, Jiacheng Wang, Dusit Niyato, , Jiawen Kang, Zehui Xiong, Mohsen Guizani, , and Dong In Kim H. Du, J. Wang and D. Niyato are with the School of Computer Science and Engineering, Nanyang Technological University, Singapore (e-mail:,, Kang is with the School of Automation, Guangdong University of Technology, China. (e-mail: Xiong is with the Pillar of Information Systems Technology and Design, Singapore University of Technology and Design, Singapore (e-mail: Guizani is with Machine Learning Department, Mohamed Bin Zayed University of Artificial Intelligence, Abu Dhabi, UAE (e-mail: I. Kim is with the Department of Electrical and Computer Engineering, Sungkyunkwan University, South Korea (e-mail:

Semantic communication is an important participant in the next generation of wireless communications. Enabled by this novel paradigm, the conventional Internet-of-Things (IoT) is evolving toward the semantic IoT (SIoT) to achieve significant system performance improvements. However, traditional wireless communication security techniques for bit transmission cannot be applied directly to the SIoT that focuses on semantic information transmission. One key reason is the lack of new security performance indicators. Thus, we have to rethink the wireless communication security in the SIoT. As such, in the paper, we analyze and compare classical security techniques, i.e., physical layer security, covert communications, and encryption, from the perspective of semantic information security. We highlight the differences among these security techniques when applied to the SIoT. Novel performance indicators such as semantic secrecy outage probability (for physical layer security techniques) and detection failure probability (for covert communication techniques) are proposed. Considering that semantic communications can raise new security issues, we then review attack and defense methods at the semantic level. Finally, we present several promising directions for future secure SIoT research.

Index Terms:
Semantic communications, internet-of-things, semantic noise, physical layer security, covert communications

I Introduction

The advancement of semantic communications technique has brought about significant changes to nearly all aspects of wireless communication networks. As a new communication paradigm, semantic communications no longer focus on the accurate transmission of bits, but on the transmission of task-related semantic information [1]. As semantic models become lightweight, deploying semantic encoders and decoders in network edge devices is also practical. Thus, the conventional Internet-of-Things (IoT) is evolving toward the semantic IoT (SIoT), enabling more efficient and energy-saving information interaction [2].

Data security is an enduring topic in wireless communication networks. When network devices transmit sensitive data, there is a high risk of eavesdropping or jamming/interference attacks by malicious third parties. A straightforward approach is to encrypt the data by using complex algorithms. Although various encryption algorithms have been proposed, the effectiveness of encryption and the complexity of computation are positively correlated. To improve the security of communication networks, high complexity in encryption put much pressure on network edge devices with insufficient computing power. Fortunately, besides traditional encryption methods, the physical layer security (PLS) technique is considered to be an essential driver enhancing 6G security [3]. Without requiring actual key distribution, PLS can achieve high-quality network security performance with low computational complexity. A common disadvantage of encryption and PLS is that they can only guarantee that the information will not be decrypted. However, a malicious third party can still use the detected wireless signals to locate the transmitter in the network and thus perform jamming. To solve this problem, the covert communications technique is proposed as a more demanding PLS technique. In order not to be detected by malicious nodes in the act of transmitting data, transmitters can hide the transmitting activities by designing a suitable power allocation scheme or by using friendly jammers. A comparison of the aforementioned wireless communication security techniques is presented in Fig. 1.

Refer to caption
Figure 1: Comparison of physical layer security, covert communications, and encryption techniques, and our proposed new performance indicators for the SIoT.

However, current research on PLS, covert communications, and encryption is mainly carried out in the conventional IoT without considering the new features of SIoT. Moreover, the study of the security of semantic communications techniques is still in its infancy [4, 5, 6]. The application of classical wireless communication security techniques in SIoT has not been clearly discussed. Specifically, the following questions have not been answered:

  1. Q1)

    How do wireless communication security techniques differ in the SIoT compared to those in the conventional IoT?

  2. Q2)

    What are the security performance indicators in SIoT?

  3. Q3)

    What new security issues does semantic communication technology bring while improving the efficiency of the network?

As such, we revisit classical communication security techniques from the perspective of semantic networks, and discuss the novel attack and defense methods brought about by the semantic communications techniques. Our contributions are summarized as follows:

  1. 1.

    We revisit three security techniques, i.e., PLS, covert communications, and encryption. For each technique, we discuss its new features in SIoT (For Q1).

  2. 2.

    To quantify the new characteristics brought by the SIoT to PLS and covert communications, we propose two new performance indicators, i.e., semantic secrecy outage probability (semantic SOP) and detection failure probability (DFP), respectively (For Q2).

  3. 3.

    We discuss the semantic attack schemes caused by semantic communications technique, which can be divided into targeted and untargeted semantic attacks (For Q3). Furthermore, we propose training-based and training-free defense schemes.

II Revisiting Conventional Security Techniques

In this section, we revisit wireless communication security techniques, including PLS, covert communications, and encryption techniques. We present the definitions, features, and common security performance indicators. We then discuss the differences between these techniques when applied in the SIoT and in the conventional IoT, and propose novel performance indicators.

II-A Physical Layer Security

II-A1 Definition

The PLS is built upon the information theory, which aims to protect wireless communications against eavesdropping by exploring and utilizing the inherent features of the physical medium [3]. Unlike the encrypt method, PLS is independent of device computing capability, which not only enables it to achieve effective security but also gives it a natural advantage in saving resources. Moreover, such a technique is able to adjust transmission strategies according to the physical layer characteristics to adapt to the wireless channel changes. According to the working principles of PLS methods, the security performance indicators mainly include secrecy outage probability (SOP), the probability of non-zero secrecy capacity (PNZ), and the average secrecy capacity (ASC) [7].

  • Average Secrecy Capacity: The secrecy capacity can be obtained by calculating the difference between the main channel capacity and wiretap channel capacity. For a given constraint of perfect secrecy, the average secrecy capacity provides a criterion for capacity limit from a mathematical point of view. For instance, if the legitimate user is able to obtain the perfect channel state information (CSI) of the eavesdropper’s channel, then the coding scheme can be flexibly adjusted to adapt to different fading coefficients. In principle, therefore, one can realize any average secure communication rate, which is below the average secrecy capacity of the channel.

  • Secrecy Outage Probability: The SOP is defined as the probability that the instantaneous secrecy capacity falls less than the target secrecy rate [7]. The SOP first provides the conditions that the wireless channel needs to meet to support the specified secure rate. Second, it gives a security measure for cases where legitimate users have no CSI about the eavesdropper. Therefore, as long as the secrecy capacity is larger than the target secrecy rate, the eavesdropper’s channel is worse than legitimate users’ estimation and the secrecy of the network is ensured.

  • Probability of Non-Zero Secrecy Capacity: If the main channel capacity is larger than that of the eavesdropper’s channel, the eavesdroppers are unable to successfully decode the transmitted information. Here, the occurrence probability of such an event is defined as the PNZ. On this basis, according to the definition, the PNZ equals the probability that the instantaneously received signal-to-noise ratio (SNR) of the legitimate user is greater than that of the eavesdropper.

II-A2 Physical Layer Security in SIoT Network

Refer to caption
Figure 2: Rethinking physical layer security technique in the semantic Internet of Things. A novel security performance indicator, i.e., semantic secrecy outage probability, is proposed.

In a conventional IoT, an eavesdropper is considered to be successful in eavesdropping if it can obtain the source message sent by the transmitter. However, in the SIoT, semantic information is transmitted in the wireless channel and decoding is required to obtain the original source message, as shown in Fig. 2 (Part A). Therefore, even if the eavesdropper intercepts the semantic information sent by the transmitter, it may still not obtain the required information, as shown in Fig. 2 (Part B). According to the characteristics of semantic communication, we discuss the possible scenarios in which the eavesdropper succeeds in eavesdropping on information but fails in decoding it as follows:

  1. a)

    Semantic decoding failure caused by background knowledge difference between the eavesdropper and the legitimate receiver. In the SIoT, legitimate communication participants will share the background knowledge for semantic encoding and decoding. The eavesdropper might not have the same background knowledge to decode the intercepted semantic information. For example, the semantic information “Mouse” could be decoded as an animal or a computer device, in which the eavesdropper may not be able to decode this meaning correctly. Moreover, the dataset used for semantic encoder and decoder training can be also regarded as the shared background knowledge that is unavailable to the eavesdropper.

  2. b)

    The eavesdropper’s task objectives are different from those of the legitimate receiver, resulting in the eavesdropper’s inability to obtain the desired information. For example, the transmitter is a camera in the SIoT that captures street view photos. With the help of semantic communication technology, the camera acts as a transmitter to send these photos to a legitimate receiver for storage. The owner of the legitimate receiver is a vehicle company interested in the number and type of cars on the street, while an eavesdropper wants to steal pedestrians’ information on the road from images. However, the transmitter, through the semantic encoder, transmits only the semantic information that satisfies the task of the legitimate receiver, e.g., image segmentation of vehicles. Therefore, even if the eavesdropper has perfect access to the images transmitted in the wireless environment, its task requirement is not met.

  3. c)

    Semantic decoding failure caused by the encryption mechanism of the semantic encoding model itself. Due to the fact that the semantic communication technique requires only partial data to be transmitted and the decoding of semantic information relies on the receiver’s decoder design, it has also been regarded as a potential method for secure communications, the eavesdroppers are unable to decode successfully. The reason is that the eavesdropper might not have the semantic decoder that is jointly trained with the semantic encoder to recover the original source message.

Based on the above discussion, one can conclude that the metrics reflecting the security performance of the SIoT are not only SOP at the communication level but also the semantic decoding error probability (SDEP) at the semantic level. Here SDEP describes the probability that the eavesdropper can successfully decode the information that it needs from the intercepted semantic information. For example, in a semantic communications system with visual question answering (VQA) task [8], SDEP can be the probability that the eavesdropper uses the eavesdropped semantic information model to obtain the correct answers to its own questions. To measure the security performance in a comprehensive manner, we propose a new security performance metric for physical later security technique in the SIoT, which is named semantic SOP.

Remark 1.

As shown in Fig. 2 (Part C), semantic SOP describes the probability that the eavesdropper in the SIoT successfully eavesdrops on the semantic information sent by the transmitter and successfully performs the semantic decoding. Therefore, semantic SOP is defined as the product of SOP and one minus SDEP.

Note that when the task or interest of the eavesdropper is unknown to the system designer, semantic SOP cannot be calculated accurately by the SIoT designer. However, our proposed semantic SOP can still be used for theoretical upper bound performance analysis, to verify the robustness of the proposed system design. Another feasible research direction is to use statistical methods to estimate the semantic information that eavesdroppers may wish to obtain. Thus, the system designer can estimate SDEP to aid in secure SIoT design, with the help of our proposed semantic SOP metric.

Refer to caption
Figure 3: The SOP and the semantic SOP versus the signal-to-noise ratio of the transmitter-receiver link with different values of SDEP. The distance between the transmitter and the receiver is 15 m, the distance between the transmitter and the eavesdropper is 18 m, the signal-to-noise ratio of the transmitter-eavesdropper link is 0 dB, the target secrecy rate threshold is 1, the number of antennas for the transmitter, receiver, and eavesdropper are all 3, and the path loss exponent is 2.

Figure 3 shows the SOP and the semantic SOP versus the signal-to-noise ratio of the transmitter-receiver link with different values of SDEP. We can observe that the probability that the eavesdropper fails to decode the semantic information reduces the semantic SOP. Specifically, when an eavesdropper in the semantic IoT has a 30% probability of not being able to decode successfully semantic information, i.e., SDEP = 30%, the transmitter can use an SNR roughly 1 dB lower to achieve the same SSOP as the SOP in a conventional IoT. Moreover, if a better pair of semantic encoder and decoder can be designed to increase further the error probability of the eavesdropper in decoding the semantic information, e.g., SDEP = 70%, we can observe that the transmitter can use an SNR 5.5 dB lower to achieve the same SSOP as the SOP in a conventional IoT.

An important inspiration for secure SIoT research is to perform cross-layer co-design. Although semantic communications can enhance the system security and reduce the transmit power required to achieve a certain SSOP, the encoding and decoding of semantic information consume computational resources of the network. Therefore, the tradeoff between SIoT performance and security should be considered. By jointly designing the transmit and jamming power allocation schemes in the physical layer and the semantic encoding/decoding scheme in the semantic layer, a more secure and more efficient IoT can be achieved.

II-B Covert Communications

II-B1 Definition

So far, the PLS has been applied at large to boost wireless transmission security. Despite its effectiveness, PLS still has certain limitations in other aspects. By analyzing the wireless signal, for instance, the user’s location may be exposed, which poses threat to user privacy. Such problems cannot be solved by PLS techniques, triggering the proposal of covert communications. Also known as low probability of detection communications, covert communications aim to deliver information to a legitimate user without being caught by the warden, who attempt to detect such transmission [9]. The covert communications can include two major aspects. The first one mainly focuses on analyzing and exploiting the uncertainty of the average power of malicious wardens. Another one is to send the signal covered by high-power signals, so as to improve covertness. It is not difficult to see that covert communication never relies on the adversary’s competence, indicating that transmission security can be perfectly guaranteed even if the attacker has a strong processing capability. According to the above discussion, the covert rate and DEP, which are detailed as follows, are used to characterize the performance of covert communications.

  • Detection Error Probability: The warden needs to make a binary choice between silent and transmitting via hypothesis testing. Therefore, the detection error probability (DEP) is defined as the likelihood of the warden making a wrong decision, which contains two cases. The first one is that the warden chooses non-null-decision (transmitting) while the null hypothesis (silent) is true, which is called false alarm. Another one is that warden sides with a null hypothesis when the non-null hypothesis is true, which is known as miss detection. The value of DEP is the sum of the probabilities of making the above two wrong decisions.

  • Covert Rate: Besides DEP, covert rate, which describes the data transmission rate when the DEP of the warden is close to one, is also vital. The covert rate of any user can be calculated based on the well-known Shannon–Hartley theorem [10].

II-B2 Covert Communications in SIoT Network

Refer to caption
Figure 4: Rethinking covert communications technique in the semantic Internet of Things. A novel security performance indicator, i.e., detection failure probability, is proposed.

In a covert communication system, the objective of the warden is to detect whether the transmission is taking place or not, without caring what data is being transmitted. Therefore, encoding the source message to be transmitted into semantic information will not improve the DEP of the warden. If the warden successfully detects that wireless communication is taking place, it can analyze and obtain the transmitter’s information such as the location, and then apply interference to block the semantic communications. To make the DEP converge to 1 arbitrarily, the solutions are to design a reasonable transmitting power allocation scheme and/or to use a friendly jammer or a reconfigurable intelligent surface, as in the conventional IoT. The covert rate in the semantic IoT is the same as that in the conventional IoT.

However, because the warden can perform multiple detections during the data transmission process, a failure of one detection does not mean that the warden cannot discover the transmitting activity. Although the DEP can be arbitrarily close to 1 with covert communication techniques, the DEP is typically set as 90% to 95% in practical communication systems [11]. Even if we consider that the DEP is 99%, the probability that a warden who can detect the wireless environment 5 times per second finds a transmitting activity that lasts 10 seconds is 199%50=39.5%. We can conclude that, when transmitting the same amount of data, e.g., 1 article of 1000 words, with the same warden DEP, the probability of the wireless transmission being successfully detected by the warden is lower in the SIoT than that in the conventional IoT. The reason is that in the SIoT, the transmitter can encode articles into semantic information without affecting task completion, e.g., knowledge graphs, which have fewer bits than the original article. Therefore, with the same covert rate, transmitters in the SIoT can complete information transmission faster, as shown in Fig. 4. Because there is an upper limit to the frequency of the warden’s detection of the wireless environment, the shorter the transmission time is, the lower the probability that the transmitting activity will be detected.

However, there is no suitable performance indicator to describe the difference in covert communication security performance that is caused by the data amount difference. This research gap exists because all source messages are encoded in the conventional IoT and there are no differences in the amount of data. To fill this gap, we propose a new performance indicator for covert communications, i.e., detection failure probability (DFP), as follows:

Remark 2.

DFP describes the probability that no transmitting activity is detected by the warden’s multiple detections during the transmission time of the data. Therefore, as shown in Fig. 4, DFP can be defined as a power function of DEP, where the power is the number of detections. Considering that the warden performs f detections per unit time due to energy constraints, the number of detections can be calculated as the data amount divided by covert rate and then multiplied by f.

Refer to caption
Figure 5: The detection failure probability versus the ratio of the data volume of semantic information to that of the source message, in the SIoT and conventional IoT, respectively. The DEP is 95%, the covert rate is 20 bit/s/Hz, the bandwidth is 5 MHz, and the warden detects the wireless environment at a frequency of twice per second.

Figure 5 illustrates the detection failure probability versus the ratio of the data volume of semantic information to that of the source message. We can observe that although the warden’s DEP is the same in both the SIoT and conventional IoT, i.e., 90% as is set in much of the literature [11], a great gap exists in the achievable DFP. For example, if the semantic encoder can reduce the number of bits of the source message by half to obtain the semantic information, the DFP can be improved by 69%.

An interesting insight is that there is a tradeoff between the semantic encoder computing resource and the physical layer transmit power resource. However, unlike the tradeoff we discussed in Section II-A2, for the semantic encoder in the covert communication-aided SIoT, what matters is how much the encoder reduces the number of semantic information bits. For the semantic encoder in the PLS-aided SIoT, what matters is how low the probability is that the semantic information is decoded successfully by an illegal eavesdropper.

II-C Encryption

II-C1 Definition

Encryption is one of the most classical techniques to ensure secure transmission, which operates in the upper layers of the communication system. For encryption techniques, there are comprehensive metrics for performance evaluation, including but not limited to crack time, the throughput of encryption/decryption, and power consumption. The crack time and the computational resources to be used by the eavesdropper are positively related to the key size.

II-C2 Encryption in SIoT Network

In the SIoT, encryption techniques can be seen as a “second layer” of protection for the transmitted data. The reason is that the input of the encryption algorithm can be semantic information obtained through semantic coding, and semantic information itself has encryption properties. Even if the eavesdropper succeeds in breaking the encryption, it may not succeed in decoding the semantic information to obtain the source message, as we discuss in Section II-A2.

A general design is to integrate cryptography as an option with semantic communication systems [4]. In SIoT, if the transmitter and receiver want to hide the information from a potential eavesdropper, the goal is to minimize the error between the transmitter and receiver while maximizing the error between the transmitter and eavesdropper. Following this idea, an encrypted semantic communication system is designed in [4]. However, the authors in [4] only considered symmetric encryption, and related work is still in the vacant stage. More cryptography-assisted semantic communication systems can be designed to further improve the security of SIoT.

III New Security Issues

In this section, we discuss the new security issues arising from the introduction of semantic communication techniques in the IoT.

III-A Semantic Attack in SIoT Network

Unlike the bit streams transmitted in conventional IoT, the semantic information in SIoT is largely task-related and dependent on the design of the semantic encoder and decoder. However, a variety of error-correcting coding methods have been designed to correct bit errors, but methods that can reduce semantic noise have rarely been investigated. The semantic noise can have a small or large impact on system performance. For example, because of the small deviation of the text semantic vectors, the receiver decodes “bike” into “bicycle” when recovering the text message. The receiver’s judgment will not be affected. However, the disturbance of some semantic information may seriously affect the communication system. For example, if the images are incorrectly semantic encoded and uploaded to a dataset, the quality of the artificial intelligence model trained by the dataset may be affected.

The mismatch between the original source message and the obtained semantic information by semantic encoding is called semantic noise [5], which is considered as a special type of noise present in semantic communication systems. In the SIoT, some semantic noise is naturally present, e.g., different users have different interpretations of the same word, and require better semantic encoding and decoding design to overcome. However, some semantic noise is generated by attackers with the aim of disrupting the semantic communication system. For source messages in text form, synonym substitution or reversing the order of certain letters may cause the deep learning-based semantic model to misinterpret the semantics of the sentence. For source messages in image form, only by changing some pixels in an image, the semantic information extracted by a well-pre-trained semantic encoder can be completely inconsistent with the real content of the image [12]. Regardless of the modality of the source message, the goal of the semantic attack can vary and corresponds to different loss function optimization.

Refer to caption
Figure 6: The targeted semantic attack approach. The experimental platform for running the attack algorithm is built on a generic Ubuntu 20.04 system with an AMD Ryzen Threadripper PRO 3975WX 32-Cores CPU and an NVIDIA RTX A5000 GPU.
  • Targeted Semantic Attack: The goal is to generate semantic tampered source messages with a given target semantic information. Here, the target semantic information is the semantic information that the receiver in the SIoT wants to receive. For example, a digital twin service provider wants to collect some images with snowy mountain as semantic information to build a virtual object. The attacker can change some pixels in an irrelevant image to make the semantic information of the irrelevant image very close to snowy mountain. Therefore, the loss function could be the cosine similarity of the semantic vectors of the irrelevant pictures and the snowy mountain pictures. As shown in Fig. 6, as the number of iterations increases, the semantic similarity of the two images gradually increases. If the digital twin service provider cannot correctly detect the semantic tampered images, its database will be contaminated. Therefore, this type of attack can be called semantic data poisoning attack. Such a semantic tampering approach can also be used for man-in-the-middle attacks. A malicious intermediate node capable of intercepting the wireless communication channel can replace the images to be transmitted, without affecting the semantic information.

  • Untargeted Semantic Attack: Similar to the approach of the target semantic attack but with a different objective function, the aim of the untargeted semantic attack is to minimize the similarity between the semantic information of the tampered source message and its true semantic information. In this case, the devices in the SIoT are unable to perform properly the semantic encoding of the maliciously tampered source message. For example, the semantic feature of the attack image in Fig. 6 is not iterating to be closer to the “snowy mountain”, but as far from the “baseball player” as possible.

III-B Defense Methods

III-B1 Training-based Defense

By considering that a large part of the semantic communication encoders and decoders are functioned by deep learning methods, a feasible solution to reduce semantic noise is to improve the robustness of semantic models during the training process. Specifically, there have been some training-based methods, e.g., defensive distillation [13], weight perturbation [14], and adversarial training [15].

Although there have been several approaches to improve model robustness using adversarial samples in the fields of natural language and image processing [15], semantic noise-resistant models in wireless communication have not been sufficiently studied. Fortunately, researchers can draw inspiration from existing adversarial training methods and consider the impact of wireless channels and transmission overhead in the SIoT. Most recently, to reduce the impact of semantic noise on the system, a masked vector quantized-variational autoencoder (VQ-VAE) is developed as the architecture of the robust semantic communication system [5]. To improve the system robustness, a feature importance module is proposed to suppress noise-related and task-independent features. It is shown that the proposed masked VQ-VAE requires 0.36% transmitted symbols of the conventional “joint photographic experts group (JPEG) + low-density parity-check coding” method [5], while effectively improving the system robustness by reducing the impacts of semantic noise.

III-B2 Training-free Defense

Research on training-free defense methods remains to be developed. There may be different defense methods for data with different modalities. Taking image data as an example, a possible defense solution is to use the visual invariance of the semantic tampered images for correct semantic extraction. As shown in Fig. 6, although the semantic similarity between the two images is high for a semantic encoder, the human eye can easily see the difference between them. The reason is that only some pixels in the attack image have been adjusted. Inspired by this, we try to blur both images by using Gaussian method, and find that the semantic similarity between them can be reduced from 0.987 to 0.78, without retraining the semantic model. More pre-processing solutions could be investigated to defend against this kind of semantic attack as a future research direction.

IV Future Direction

IV-A Explainable AI-aided Semantic Communications

The past few years have witnessed the rapid development of machine learning (ML) technologies, especially deep learning, which has shown significant advantages in a variety of applications. Most of them, however, are often unable to explain their decisions and actions during the operation process, triggering the research on explainable artificial intelligence (XAI). The XAI aims to provide users with detailed explanations of how the decision is made or the result is obtained. For semantic communications, which rely on ML, the XAI can make the training of transceiver pairs change from black box to white box, driving the training process clearer and easier to understand. Such improvement not only allows semantic communication system designers to identify and fix potential vulnerabilities or threats but also helps users understand and trust these semantic communications better. Therefore, studying explainable AI-aided semantic communications is an indispensable step to improve its security.

IV-B Blockchain-aided Semantic Internet of Things Network

The blockchain is a chain of blocks that store all committed transactions in a decentralized and distributed network. Unlike the conventional ways, the blockchain realizes the peer-to-peer digital assets transfer without any intermediaries, and the features of decentralization, immutability, audit-ability and transparency drive the transactions’ security. Considering the above advantages, the stored and shared transaction information in the blockchain can be replaced with semantic information that needs to be transmitted. In this way, not only the storage consumption of the blockchain is reduced, but also, the decentralized blockchain verification mechanism would further improve the security of semantic content. Therefore, how to better integrate blockchain and the SIoT is also worthy of further study.

IV-C Secure Semantic Communications for Metaverse

As a novel type of Internet application and social form, the Metaverse has received more and more attention in recent years. To provide an ideal immersive experience for users, the data that describes the user and physical world must be transmitted to the virtual world quickly and accurately, during this process effective tracking and accurate prediction are critical. Thereby, semantic communication is one of the best-suited techniques for this task. Considering the characteristics of data and the requirements of applications, it is vital to study the security of semantic communication under the framework of the Metaverse. This not only affects the user experience but is also directly related to the user’s security and privacy in the physical world.

V Conclusion

Considering the new features of the SIoT compared to the conventional IoT, we rethought three wireless communication security techniques, i.e, PLS, covert communications, and encryption. We discussed the characteristics of each technology when applied in SIoT. Specifically, because of the encryption characteristics of semantic information itself, the security enhancement that PLS can bring to the network is further improved. In addition, since semantic information that has fewer bits can be transmitted faster than the original source message, the difficulty of achieving covert communications is reduced. To show these two new characteristics, we proposed two new indicators, i.e., semantic SOP and DFP. Finally, we discussed new attacks and defense schemes that have emerged at the semantic level. We foresee that the combination of semantic communications and classical security techniques will revolutionize the architecture of communication networks, bringing new inspiration to the two most important dimensions of performance and security.


  • [1] W. Xu, Z. Yang, D. W. K. Ng, M. Levorato, Y. C. Eldar et al., “Edge learning for B5G networks with distributed signal processing: Semantic communication, edge computing, and wireless sensing,” arXiv preprint arXiv:2206.00422, 2022.
  • [2] Z. Yang, M. Chen, W. Saad, W. Xu, M. Shikh-Bahaei, H. V. Poor, and S. Cui, “Energy-efficient wireless communications with distributed reconfigurable intelligent surfaces,” IEEE Trans. Wireless Commun., vol. 21, no. 1, pp. 665–679, Jan. 2021.
  • [3] A. Chorti, A. N. Barreto, S. Köpsell, M. Zoli, M. Chafii, P. Sehier, G. Fettweis, and H. V. Poor, “Context-aware security for 6G wireless: The role of physical layer security,” IEEE Commun. Stand. Mag., vol. 6, no. 1, pp. 102–108, Jan 2022.
  • [4] X. Luo, Z. Chen, M. Tao, and F. Yang, “Encrypted semantic communication using adversarial training for privacy preserving,” arXiv preprint arXiv:2209.09008, 2022.
  • [5] Q. Hu, G. Zhang, Z. Qin, Y. Cai, G. Yu, and G. Y. Li, “Robust semantic communications with masked VQ-VAE enabled codebook,” arXiv preprint arXiv:2206.04011, 2022.
  • [6] W. Yang, H. Du, Z. Liew, W. Y. B. Lim, Z. Xiong, D. Niyato, X. Chi, X. S. Shen, and C. Miao, “Semantic communications for 6G future internet: Fundamentals, applications, and challenges,” arXiv preprint arXiv:2207.00427, 2022.
  • [7] A. Mukherjee, S. A. A. Fakoorian, J. Huang, and A. L. Swindlehurst, “Principles of physical layer security in multiuser wireless networks: A survey,” IEEE Commun. Surv. Tut., vol. 16, no. 3, pp. 1550–1573, Mar. 2014.
  • [8] H. Xie, Z. Qin, and G. Y. Li, “Task-oriented multi-user semantic communications for VQA,” IEEE Wireless Commun. Lett., vol. 11, no. 3, pp. 553–557, Mar. 2021.
  • [9] I. Makhdoom, M. Abolhasan, and J. Lipman, “A comprehensive survey of covert communication techniques, limitations and future challenges,” Comput. Secur., p. 102784, 2022.
  • [10] O. Rioul and J. C. Magossi, “On shannon’s formula and hartley’s rule: Beyond the mathematical coincidence,” Entropy, vol. 16, no. 9, pp. 4892–4910, Sept. 2014.
  • [11] T.-X. Zheng, Z. Yang, C. Wang, Z. Li, J. Yuan, and X. Guan, “Wireless covert communications aided by distributed cooperative jamming over slow fading channels,” IEEE Trans. Wireless Commun., vol. 20, no. 11, pp. 7026–7039, Nov. 2021.
  • [12] C. Szegedy, W. Zaremba, I. Sutskever, J. Bruna, D. Erhan, I. Goodfellow, and R. Fergus, “Intriguing properties of neural networks,” in Proc. Int. Conf. Learn. Represent., 2014.
  • [13] N. Papernot, P. McDaniel, X. Wu, S. Jha, and A. Swami, “Distillation as a defense to adversarial perturbations against deep neural networks,” in Proc. IEEE Symp. Secur. Priv., 2016, pp. 582–597.
  • [14] D. Wu, S.-T. Xia, and Y. Wang, “Adversarial weight perturbation helps robust generalization,” Proc. Adv. Neural Inf. Process. Syst., vol. 33, pp. 2958–2969, 2020.
  • [15] Y. Bai, Y. Zeng, Y. Jiang, S.-T. Xia, X. Ma, and Y. Wang, “Improving adversarial robustness via channel-wise activation suppressing,” arXiv preprint arXiv:2103.08307, 2021.