EveGuard: Defeating Vibration-based Side-Channel Eavesdropping with Audio Adversarial Perturbations

TL;DR

EveGuard is a software-based defense that uses audio adversarial perturbations to prevent vibration-based side-channel eavesdropping, effectively protecting voice privacy without hardware changes.

Contribution

The paper introduces EveGuard, a novel framework combining a perturbation generator and domain translation to defend against vibration-based side channels.

Findings

Achieves over 97% protection rate against audio classifiers.

Significantly impairs eavesdropped audio reconstruction.

Maintains high audio quality as verified by user study.

Abstract

Vibrometry-based side channels pose a significant privacy risk, exploiting sensors like mmWave radars, light sensors, and accelerometers to detect vibrations from sound sources or proximate objects, enabling speech eavesdropping. Despite various proposed defenses, these involve costly hardware solutions with inherent physical limitations. This paper presents EveGuard, a software-driven defense framework that creates adversarial audio, protecting voice privacy from side channels without compromising human perception. We leverage the distinct sensing capabilities of side channels and traditional microphones, where side channels capture vibrations and microphones record changes in air pressure, resulting in different frequency responses. EveGuard first proposes a perturbation generator model (PGM) that effectively suppresses sensor-based eavesdropping while maintaining high audio quality. Second, to enable end-to-end training of PGM, we introduce a new domain translation task called Eve-GAN for inferring an eavesdropped signal from a given audio. We further apply few-shot learning to mitigate the data collection overhead for Eve-GAN training. Our extensive experiments show that EveGuard achieves a protection rate of more than 97 percent from audio classifiers and significantly hinders eavesdropped audio reconstruction. We further validate the performance of EveGuard across three adaptive attack mechanisms. We have conducted a user study to verify the perceptual quality of our perturbed audio.