DeepGuard: Defending Deep Joint Source-Channel Coding Against Eavesdropping at Physical-Layer

TL;DR

DeepGuard is a novel physical-layer defense framework for DeepJSCC that uses preamble perturbation to protect against real-world eavesdropping attacks, validated through over-the-air SDR experiments.

Contribution

It introduces the first over-the-air defense mechanism for DeepJSCC against eavesdropping, including a theoretical analysis and an optimization algorithm for signal perturbation.

Findings

DeepGuard effectively degrades eavesdropper performance in real-world scenarios.

The preamble perturbation preserves legitimate communication quality.

Over-the-air experiments confirm the robustness of DeepGuard against various attacks.

Abstract

Deep joint source-channel coding (DeepJSCC) has emerged as a promising paradigm for efficient and robust information transmission. However, its intrinsic characteristics also pose new security challenges, notably an increased vulnerability to eavesdropping attacks. Existing studies on defending against eavesdropping attacks in DeepJSCC, while demonstrating certain effectiveness, often incur considerable computational overhead or introduce performance trade-offs that may adversely affect legitimate users. In this paper, we present DeepGuard, to the best of our knowledge, the first physical-layer defense framework for DeepJSCC against eavesdropping attacks, validated through over-the-air experiments using software-defined radios (SDRs). Considering that existing eavesdropping attacks against DeepJSCC are limited to simulation under ideal channels, we take a step further by identifying and implementing four representative types of attacks under various configurations in orthogonal frequency-division multiplexing systems. These attacks are evaluated over-the-air under diverse scenarios, allowing us to comprehensively characterize the real-world threat landscape. To mitigate these threats, DeepGuard introduces a novel preamble perturbation mechanism that modifies the preamble shared only between legitimate transceivers. To realize it, we first conduct a theoretical analysis of the perturbation's impact on the signals intercepted by the eavesdropper. Building upon this, we develop an end-to-end perturbation optimization algorithm that significantly degrades eavesdropping performance while preserving reliable communication for legitimate users. We prototype DeepGuard using SDRs and conduct extensive over-the-air experiments in practical scenarios. Extensive experiments demonstrate that DeepGuard effectively mitigates eavesdropping threats.