ArmSSL: Adversarial Robust Black-Box Watermarking for Self-Supervised Learning Pre-trained Encoders

Self-supervised learning (SSL) encoders are invaluable intellectual property (IP). However, no existing SSL watermarking for IP protection can concurrently satisfy the following two practical requirements: (1) provide ownership verification capability under black-box suspect model access once the stolen encoders are used in downstream tasks; (2) be robust under adversarial watermark detection or removal, because the watermark samples form a distinguishable out-of-distribution (OOD) cluster. We propose ArmSSL, an SSL watermarking framework that assures black-box verifiability and adversarial robustness while preserving utility. For verification, we introduce paired discrepancy enlargement, enforcing feature-space orthogonality between the clean and its watermark counterpart to produce a reliable verification signal in black-box against the suspect model. For adversarial robustness, ArmSSL integrates latent representation entanglement and distribution alignment to suppress the OOD clustering. The former entangles watermark representations with clean representations (i.e., from non-source-class) to avoid forming a dense cluster of watermark samples, while the latter minimizes the distributional discrepancy between watermark and clean representations, thereby disguising watermark samples as natural in-distribution data. For utility, a reference-guided watermark tuning strategy is designed to allow the watermark to be learned as a small side task without affecting the main task by aligning the watermarked encoder's outputs with those of the original clean encoder on normal data. Extensive experiments across five mainstream SSL frameworks and nine benchmark datasets, along with end-to-end comparisons with SOTAs, demonstrate that ArmSSL achieves superior ownership verification, negligible utility degradation, and strong robustness against various adversarial detection and removal.

Hiding Secrets in the CSI Quotient: A Robust Wi-Fi CSI Steganography System

Physical layer (PHY) steganography conceals secrets by making subtle modifications to transmitted radio waveforms, which can be applied to establish covert communication systems. Given the widespread deployment of Wi-Fi infrastructures, hiding secrets within Wi-Fi transmissions exhibits significant covertness and has attracted increasing research attention. Recent advances in Wi-Fi steganography have focused on embedding secrets within channel state information (CSI) by applying artificial finite impulse response (FIR) filters to outgoing signals. These methods can emulate natural wireless propagation effects, thereby evading detection by eavesdroppers. However, existing CSI-based approaches suffer from two critical limitations: vulnerability to environmental variations and limited steganographic capacity. This work presents a Wi-Fi steganography system that mitigates these constraints. Specifically, we introduce a CSI division mechanism to decouple artificial CSI components from natural wireless channel responses. In essence, secrets are embedded within the quotient of two consecutive CSI measurements. Furthermore, we propose an encoder-decoder neural network framework that automatically learns optimal strategies for FIR filter generation and secret recovery, substantially enhancing steganographic capacity. We implemented a prototype using commercial off-the-shelf hardware, including a software-defined radio (SDR) transmitter and two receiver platforms: ANTSDR and ESP32. Experimental evaluations demonstrate that the system achieves robust performance under dynamic environmental conditions while significantly improving steganographic capacity.

Tackling Resource-Constrained and Data-Heterogeneity in Federated Learning with Double-Weight Sparse Pack

Federated learning has drawn widespread interest from researchers, yet the data heterogeneity across edge clients remains a key challenge, often degrading model performance. Existing methods enhance model compatibility with data heterogeneity by splitting models and knowledge distillation. However, they neglect the insufficient communication bandwidth and computing power on the client, failing to strike an effective balance between addressing data heterogeneity and accommodating limited client resources. To tackle this limitation, we propose a personalized federated learning method based on cosine sparsification parameter packing and dual-weighted aggregation (FedCSPACK), which effectively leverages the limited client resources and reduces the impact of data heterogeneity on model performance. In FedCSPACK, the client packages model parameters and selects the most contributing parameter packages for sharing based on cosine similarity, effectively reducing bandwidth requirements. The client then generates a mask matrix anchored to the shared parameter package to improve the alignment and aggregation efficiency of sparse updates on the server. Furthermore, directional and distribution distance weights are embedded in the mask to implement a weighted-guided aggregation mechanism, enhancing the robustness and generalization performance of the global model. Extensive experiments across four datasets using ten state-of-the-art methods demonstrate that FedCSPACK effectively improves communication and computational efficiency while maintaining high model accuracy.

Secret Key Generation for IRS-Assisted Multi-Antenna Systems: A Machine Learning-Based Approach

Physical-layer key generation (PKG) based on wireless channels is a lightweight technique to establish secure keys between legitimate communication nodes. Recently, intelligent reflecting surfaces (IRSs) have been leveraged to enhance the performance of PKG in terms of secret key rate (SKR), as it can reconfigure the wireless propagation environment and introduce more channel randomness. In this paper, we investigate an IRS-assisted PKG system, taking into account the channel spatial correlation at both the base station (BS) and the IRS. Based on the considered system model, the closed-form expression of SKR is derived analytically considering correlated eavesdropping channels. Aiming to maximise the SKR, a joint design problem of the BS precoding matrix and the IRS phase shift vector is formulated. To address this high-dimensional non-convex optimisation problem, we propose a novel unsupervised deep neural network (DNN)-based algorithm with a simple structure. Different from most previous works that adopt iterative optimisation to solve the problem, the proposed DNN-based algorithm directly obtains the BS precoding and IRS phase shifts as the output of the DNN. Simulation results reveal that the proposed DNN-based algorithm outperforms the benchmark methods with regard to SKR.

Machine Learning-Based Secret Key Generation for IRS-assisted Multi-antenna Systems

Physical-layer key generation (PKG) based on wireless channels is a lightweight technique to establish secure keys between legitimate communication nodes. Recently, intelligent reflecting surfaces (IRSs) have been leveraged to enhance the performance of PKG in terms of secret key rate (SKR), as it can reconfigure the wireless propagation environment and introduce more channel randomness. In this paper, we investigate an IRS-assisted PKG system, taking into account the channel spatial correlation at both the base station (BS) and the IRS. Based on the considered system model, the closed form expression of SKR is derived analytically. Aiming to maximize the SKR, a joint design problem of the BS precoding matrix and the IRS reflecting coefficient vector is formulated. To address this high-dimensional non-convex optimization problem, we propose a novel unsupervised deep neural network (DNN) based algorithm with a simple structure. Different from most previous works that adopt the iterative optimization to solve the problem, the proposed DNN based algorithm directly obtains the BS precoding and IRS phase shifts as the output of the DNN. Simulation results reveal that the proposed DNN-based algorithm outperforms the benchmark methods with regard to SKR.

Towards Receiver-Agnostic and Collaborative Radio Frequency Fingerprint Identification

Radio frequency fingerprint identification (RFFI) is an emerging device authentication technique, which exploits the hardware characteristics of the RF front-end as device identifiers. RFFI is implemented in the wireless receiver and acts to extract the transmitter impairments and then perform classification. The receiver hardware impairments will actually interfere with the feature extraction process, but its effect and mitigation have not been comprehensively studied. In this paper, we propose a receiver-agnostic RFFI system that is not sensitive to the changes in receiver characteristics; it is implemented by employing adversarial training to learn the receiver-independent features. Moreover, when there are multiple receivers, this functionality can perform collaborative inference to enhance classification accuracy. Finally, we show how it is possible to leverage fine-tuning for further improvement with fewer collected signals. To validate the approach, we have conducted extensive experimental evaluation by applying the approach to a LoRaWAN case study involving ten LoRa devices and 20 software-defined radio (SDR) receivers. The results show that receiver-agnostic training enables the trained neural network to become robust to changes in receiver characteristics. The collaborative inference improves classification accuracy by up to 20% beyond a single-receiver RFFI system and fine-tuning can bring a 40% improvement for under-performing receivers.