This work addresses the joint security challenge in MIMO-OFDM integrated sensing and communication (ISAC) systems, where eavesdroppers can simultaneously intercept confidential information and passively infer target parameters. Existing approaches lack unified protection against both threats. To overcome this limitation, the paper proposes a two-layer security framework that operates without requiring eavesdropper channel state information. By jointly optimizing transmit beamforming, the framework injects artificial noise to disrupt communication eavesdroppers while deliberately distorting the sensing reference signal to generate synthetic “ghost” targets. These ghost targets are designed to be removable by legitimate users yet indistinguishable to sensing eavesdroppers, thereby misleading their perception. This approach achieves, for the first time, concurrent security for both communication and sensing functions in ISAC, significantly reducing the detection probability of true targets by eavesdroppers while preserving legitimate user performance.

Integrated sensing and communication (ISAC) enables the efficient sharing of wireless resources to support emerging applications, but it also gives rise to new sensing-based security vulnerabilities. Here, potential communication security threats whereby confidential messages intended for legitimate users are intercepted, but also unauthorized receivers (Eves) can passively exploit target echoes to infer sensing parameters without users being aware. Despite these risks, the joint protection of sensing and communication security in ISAC systems remains unexplored. To address this challenge, this paper proposes a two-layer dual-secure ISAC framework that simultaneously protects sensing and communication against passive sensing Eves and communication Eves, without requiring their channel state information (CSI). Specifically, transmit beamformers are jointly designed to inject artificial noise (AN) to introduce interference to communication Eves, while deliberately distorting the reference signal available to sensing Eves to impair their sensing capability. Furthermore, the proposed design generates artificial ghosts (AGs) with fake angle-range-velocity profiles observable by all receivers. Legitimate receivers can suppress these AGs, whereas sensing Eves cannot, thereby significantly reducing their probability of correctly detecting the true targets. Numerical results demonstrate that the proposed framework effectively enhances both communication and sensing security, while preserving the performance of communication users and legitimate sensing receivers.