To address information leakage risks in semantic communication over eavesdropping channels, this paper proposes a digital semantic communication security framework based on superposition coding. Methodologically, it introduces a novel two-layer constellation mapping mechanism that decouples the semantic layer from the cloud-core layer, integrated with power-domain secure resource allocation and symbol-error-probability (SEP)-driven modulation design—enabling quantifiable and parameter-tunable semantic-level security. Theoretical analysis and experiments demonstrate that the framework approaches the zero-information-leakage upper bound: eavesdroppers reconstruct images with PSNR degraded to noise-floor levels and MSE comparable to the original data’s variance, while legitimate users maintain low symbol error rates. Compared to baseline methods, the framework significantly enhances eavesdropping resilience and semantic fidelity.

This paper addresses the challenge of achieving security in semantic communication (SemCom) over a wiretap channel, where a legitimate receiver coexists with an eavesdropper experiencing a poorer channel condition. Despite previous efforts to secure SemCom against eavesdroppers, guarantee of approximately zero information leakage remains an open issue. In this work, we propose a secure digital semantic communication (SemCom) approach based on superposition codes, aiming to provide quantifiable and controllable security for digital SemCom systems. The proposed method employs a double-layered constellation map, where semantic information is associated with satellite constellation points and cloud center constellation points are randomly selected. By carefully allocating power between these two layers of constellation, we ensure that the symbol error probability (SEP) of the eavesdropper decoding satellite constellation points is nearly equivalent to random guessing, while maintaining a low SEP for the legitimate receiver to successfully decode the semantic information. Simulation results demonstrate that the Peak Signal-to-Noise Ratio (PSNR) and Mean Squared Error (MSE) of the eavesdropper' s reconstructed data, under the proposed method, can range from decoding Gaussian-distributed random noise to approaching the variance of the data. This validates the effectiveness of our method in nearly achieving the experimental upper bound of security for digital SemCom systems when both eavesdroppers and legitimate users utilize identical decoding schemes. Furthermore, the proposed method consistently outperforms benchmark techniques, showcasing superior data security and robustness against eavesdropping.