1

Context-Aware Security for 6G WirelessThe Role of Physical Layer Security

Arsenia Chorti1, Andre Noll Barreto2, Stefan Kopsell2, Marco Zoli2, Marwa Chafii1, Philippe Sehier3,Gerhard Fettweis2, H. Vincent Poor4

1ETIS UMR8051, CY Universite, ENSEA, CNRS, F-95000, France2Barkhausen Institut gGmbH, Dresden 01187, Germany

3Nokia Bell Labs, Saclay, France4School of Engineering and Applied Science, Princeton University, Princeton, NJ, 08544

Abstract—Sixth generation systems are expected to face newsecurity challenges, while opening up new frontiers towardscontext awareness in the wireless edge. The workhorse behindthis projected technological leap will be a whole new set ofsensing capabilities predicted for 6G devices, in addition to theability to achieve high precision localization. The combinationof these enhanced traits can give rise to a new breed of context-aware security protocols, following the quality of security (QoSec)paradigm. In this framework, physical layer security solutionsemerge as competitive candidates for low complexity, low-delayand low-footprint, adaptive, flexible and context aware securityschemes, leveraging the physical layer of the communications ingenuinely cross-layer protocols, for the first time.

I. INTRODUCTION

While contemporary security literature predominantly fo-cuses on the 5G core network, the enhancement of the securityof the sixth generation (6G) wireless access becomes of criticalimportance. Notably, some of the recent, increasingly sophisti-cated attacks on the wireless edge, e.g., jamming or false basestations, can be implemented with a price tag as low as 1k$using low-cost software defined radios, while in addition, weexperience an expansion of the attack surface with artificialintelligence (AI) and machine learning (ML) tools. In parallel,proposals for the flexible allocation of the infrastructure re-sources under the umbrella of network slicing, brought aboutthe need for multi-domain orchestration, typically implementedusing ML. As we move gradually away from the standardclient-server networking paradigm and enter a new era oftruly end-to-end (E2E) quality of service (QoS), service levelagreements (SLAs) in the near future will be expected toinclude guarantees about the quality of security (QoSec) aswell. Defining the right ingredients of QoSec, including howto identify the security level required and propose adaptive,dynamic and risk aware security solutions, is currently beinginvestigated.

Meanwhile, the evolution towards 6G systems is expectedto introduce new means to harvest and interpret the “con-text” of the communication; related aspects encompass high-precision localization – projected to reach centimetre level –sensing from multiple sources that will allow obtaining anunderstanding of the type of nodes, in addition to the time

of communication and the age of information, the type of dataexchanged, etc. Incorporating context awareness in QoSec isprojected to allow handling more efficiently aspects related toidentifying the risk or threat level and the required securitylevel. In this framework, incorporating security solutions fromthe palette of physical layer security (PLS) can be particularlyattractive due to their low computational complexity (relevantimplementations are based on standard encoders) and theirinherent ability to adapt to the transmission medium properties;these properties make PLS particularly attractive for massivemachine type communications (mMTC) and ultra-low latencyuse cases.

In the rest of this article, we will begin in Section II with areview of open security issues in 5G and research challengesahead of 6G and move on to presenting a roadmap of ideasto address these challenges by leveraging context awarenessand incorporating PLS schemes in future security protocols inSection III. To illustrate some of the proposed ideas we outlineviable solutions to address specific security vulnerabilities in5G and 6G, along with a discussion of possible further direc-tions. Conclusions and the authors’ aspiration are presented inSection IV.

II. OPEN 5G SECURITY ISSUES AND SECURITYRESEARCH CHALLENGES AHEAD OF 6G

Despite the strengthening of 5G security protocols withrespect to previous generations, there are still open issuesthat have not yet been fully addressed, e.g., attacks underthe generic umbrella of “false base stations”. In parallel, inthe path towards the 6G evolution, new security challengesarise as a result of drastic changes in key operation param-eters, indicatively, i) the E2E latency tolerance; ii) the sheerscale of networks in mMTC use cases and very large scaleInternet of things (IoT); iii) the long lifespan of deployed IoTdevices (notably sensors) that will need to be secured; iv) thewide palette of underlying RF technologies involved; v) theaccelerated steps taken towards bringing quantum computersto life, to name but a few. In the following, we providea short review of open security issues in 5G and of someof the security challenges in the evolution towards 6G. Thisdiscussion provides the motivation for our proposal of context-aware security solutions for future generations of wireless,

arX

iv:2

101.

0153

6v1

[cs

.CR

] 5

Jan

202

1

2

which will also be able to leverage the physical layer to provideflexible and adaptive security guarantees.

A. False Base Station Attacks

The expression “false base stations” (FBS) describes wire-less devices that impersonate genuine base stations. They areconsidered a significant threat to mobile network operation,and, thus, means to detect them are important. The 3GPP 5GSecurity Specification (TS 33.501) has currently no normativetext on this. The topic is currently further studied by theSA3 working group, documented in TR 33.809 [1]. Therecan be various types of FBSs, and different attacks carriedout by them. Prevalent between them is the FBS acting asan IMSI catcher in 3G / 4G, which is no longer possiblein 5G, as the IMSI is encrypted. Another type of FBS is a“man-in-the-middle FBS” (MitM-FBS), as mentioned in TR33.809. Other types of attacks are to be considered veryseriously, such as MitM-FBS acting as a very stealthy andtargeted jammer. A major vulnerability highlighted by FBSsis that the phases of entry into the network, which precedethe enactment of the 5G security protocols, are particularlycritical for many of the attacks described in TR 33.809. Forexample, attacks consisting in replaying modified versions ofthe broadcast channels can have disastrous consequences onall the terminals of a cell, hindering their connection to thenetwork or forcing them to operate in a degraded mode. Asa result, it is necessary to propose methods that allow theuser equipment (UE) to determine whether a base station islegitimate, prior to executing certain procedures based onunauthenticated messages, even though the specifications donot require such a mechanism at present.

B. Security Challenges in Ultra Reliable and Low LatencyCommunications (URLLC)

Critical ultra reliable low latency communications (URLLC)are typically used for industrial IoT and other applicationsrequiring low latency and very high reliability. To achievehigh reliability, a possible avenue is by increasing diversity,e.g., multiple parallel transmissions can be exploited. However,this consequently increases the “attack surface”, while it mightalso impose more stringent constraints in terms of the speedof integrity checks (message authentication). As an example,in order to authenticate a given message a certain number(usually at least 128) of extra bits are needed and as aresult, the overhead in short packet communication can besubstantial. Furthermore, particular use cases (e.g., vehicle-to-everything, V2X) require both extremely low latency and high-speed device authentication and re-authentication for initialaccess, as well as very fast handover procedures. This couldbe problematic not only because of the involved computa-tions but also because of the transmission overhead and itsinduced latency increase. Overly aggressive latency targetscould entail a new security architecture altogether. In a nut-shell, while state-of-the-art proposals for fast authenticationusing implicit certificates or certificateless solutions can speedup authentication, many open challenges for sub-millisecond

delay constrained URLLC systems remain, with respect notonly to authentication, but as well for protecting the integrityand the confidentiality of both the control and data planes, asdocumented in [2].

C. Jamming Attacks in mMIMO — RF ResilienceAlthough multiple input multiple output (MIMO) systems,

including massive MIMO (mMIMO), make eavesdroppingmore difficult thanks to energy focusing, they neverthelessalso introduce vulnerability points. Indeed, beamforming inmMIMO systems relies on accurate channel estimation. Pilotsare transmitted in order to obtain the channel state information(CSI), which in turns allows precoding. If the CSI is notcorrectly estimated (e.g., because of interference or due to vol-untary contamination by a jammer) the precoder will dispersethe power, resulting in potential leakage and poor link quality.The later leads to service unavailability, giving rise to a denialof service (DoS) type of attack, as described in [3]. Similarattacks can also be launched at the medium access control(MAC) by tampering with the CSI reports sent by the devices.As a result, the beam management phase during network entryis vulnerable to RF jamming attacks. It is therefore crucial tohave the means to detect, locate and neutralize jammers, orimplement mitigation solutions.

D. PrivacyAlthough 5G incorporates a set of measures to enhance

privacy in terms of user identity (subscription) privacy, recentresearch [4] on user location privacy and user untraceabilityhas shown that there are still many open issues based on onehand on the information leaked by the lower-layer wirelessprotocols, and on the other hand on design issues in thehigher-layer protocols (e.g., the authenticated key agreement(AKA) protocols). Moreover, the privacy guarantees are ratherweak from an end-user perspective. So far, they only considerattacks by outsiders (e.g., eavesdroppers on the wireless link),while internal attacks, e.g., by untrustworthy operators, are notconsidered. Given that the amount of personal data handled byfuture mobile networks will substantially increase (see SectionIII on the numerous nodes deployed with advanced sensorycapabilities), and, considering that governmental agencies aswell as adversarial entities have potentially a high interestin such data, future wireless networks have to be designedto ensure privacy without having to place trust in operators.As an example, privacy concerns and data ownership havebeen highlighted as some of the most difficult hurdles in thedeployment of smart cities.

E. Post-Quantum ResilienceA further challenge comes from quantum computing, which

has seen significant progress after massive earlier investments.Recently, prototypes of more than 50 qubits have been an-nounced. Since some of the most important cryptographicalgorithms used in 5G are not quantum-resistant, the relatedprotocols have to be redesigned involving post-quantum cryptoalgorithms. The national institute of standardization (NIST) is

3

currently evaluating novel post-quantum crypto algorithms toreplace current state-of-the-art public key encryption schemes.Nevertheless, it is a common concern that quantum resistancewill lead, at least in the immediate future, to an increase interms of the complexity of the new crypto systems as key sizesmight pose a significant problem. This could be especiallychallenging for URLLC and low-power / low-cost devices,further highlighting conflicting trends in future systems andthe interplay between computational based crypto and real-time communication between low-end devices.

F. Low-cost IoT devices

Further exploring the aspect of low-end IoT devices, theseare likely to be inapt to support advanced security mech-anisms, due to computing power, memory and – probablymost challenging – energy consumption constraints. Althoughlightweight cryptography could help to address some of thechallenges, such algorithms are currently not part of 5G andthe development of lightweight post-quantum solutions is arecent field of research. Another aspect with potentially highimpact in the short-term is that it is desirable that some ofthe low-cost IoT devices do not have a SIM card for costreduction reasons. Nevertheless, some of these terminals maycarry critical information that needs to be authenticated andprotected. New protection mechanisms that are lightweight,but nevertheless as secure as the existing conventional mech-anisms, must therefore be put in place.

G. Huge number of IoT devices

The envisioned huge number (trillions) of very diverse IoTdevices connected to the B5G network induces not only greatchallenges in terms of information security management, but,is in itself a security risk. Even if any individual insecure,low-cost IoT device amounts to only a needle-stick – thanksto potential aggregation in large scale botnets (e.g., the 2016Mirai attack) – the overall impact can be severe. Therefore, infuture mobile networks many related types of attacks, currentlylargely ignored, must be considered. In this aspect, decen-tralised intrusion / anomaly detection becomes important [5].

H. Long-term IoT Security

Another factor at play is that many IoT devices will typicallyhave a very long lifespan (>10 years as opposed to 3 years fora laptop) and can be distributed in large geographical areas.The impact of this is threefold. Firstly, any required securityupdates (e.g., software updates and security patches) might bedifficult to deploy in large-scale networks with geographicallyscattered IoT devices. Additionally, the security updates mightnot be available at all, for instance, if the manufacturer is notable or willing to provide them (as it is often the case today,even for more expensive devices like smartphones). Moreover,despite recent advances in lightweight cryptography, it isdifficult to guarantee that mass-produced, computationally andpower constrained IoT devices will have a hardware capableof being updated with the necessary patches to resist all the

threats that will arise in their lifetimes (e.g., post-quantumresistance).

The aforementioned security challenges can potentially beaddressed with the aid of novel 6G features, as explained inthe next section.

III. 6G AS AN ENABLER TO CONTEXT AWARE QUALITYOF SECURITY LEVERAGING PLS

Even though 6G is still some years away from standard-ization, consensus is growing on its likely evolution path.Whereas new security challenges will arise in the near futureas outlined in Section II, 6G will also provide us with a new setof features that might help us tackle these challenges. Thesefeatures are briefly outlined in the following.• Higher frequencies and bandwidth: Continuing the

evolution seen in the previous generations, 6G will makeuse of ever higher carrier frequencies and bandwidth,moving towards frequencies above 100 GHz [6], whichallows the allocation of bandwidths larger than 1 GHz.The large bandwidth may increase the channel entropyin the frequency domain, which can potentially be ex-ploited in PLS primitives, notably in secret key gener-ation (SKG) from wireless coefficients [7], whose prin-cipal mechanisms are depicted in Fig. 1. Additionally,the use of higher frequencies will make beamformingwith pencil-sharp beams both a possibility, because ofthe smallest area occupied by antenna arrays, and anecessity, because of the need to compensate for thehigher channel attenuation, offering a viable applicationscenario for the wiretap channel.

• Integrated sensing and communications: Sensing islikely to be a key component of 6G. In addition tohigh-resolution image, video and sound, among otherpossible sensing data, which can be transmitted throughmobile communication networks, radar sensing is likelyto be an integral part of future wireless systems [8],reusing the same spectrum and waveform as communi-cations. These new capabilities along with centimetre-level localization precision will allow the network tohave a better understanding of the surroundings and gainsituational awareness, i.e., understanding of the contextof communication. This, on the other hand, raises othersecurity issues, as the sensing data themselves may besubject to tampering by attackers, and their integritymust be assured.

• Learning at the wireless edge: Centralized machinelearning, which processes data centrally using cloud-based computing, can suffer from critical security chal-lenges, e.g., a single point of failure and the vulnerabilityof data during backhaul. Moreover, due to the capacityrequirements and latency resulting from centralized dataaggregation and processing, it might not be suitable forreal-time applications. Thus, decentralized ML solutions,such as federated learning, in which data are in principlekept locally at end-user devices where it is collected, arebecoming increasingly important. While such distributedML solutions can serve as enabling technologies for 6G

4

Secret key generation

Step 3: Privacy amplification: Alice and Bob obtain a shared secret key k

Key AdvantagedistillationAlice

Privacy amplification

Advantagedistillation

Privacyamplification

Bob

𝒙𝑨

𝒙𝑩

𝒓𝑨

𝒓𝑨

k

k

Informationreconciliation

Informationreconciliation

𝒔𝑨

Key

Pilot

Pilot

Step 2: Information reconciliation: Alice her syndrome to Bob, so he can correct discrepancies of his observation

Step 1: Advantage distillation: Alice and Bob exploit the reciprocity of the wireless channel to extract shared randomness

Figure 1. Distilling symmetric keys from wireless coefficients hAB in multipath channels, exploiting channel reciprocity during the channel’s coherencetime. The procedure comprises three phases, referred to as advantage distillation, information reconciliation and privacy amplification.

mobile edge networks, they also are susceptible to se-curity issues, such as the leakage of private informationthrough learned model parameters, malicious end-userdevices and adversarial training examples.

These anticipated 6G features provide novel opportunitiesto address the security and privacy challenges outlined in Sec-tion II, allowing for the security architecture of 6G networksto be built around automation. Following the principles ofmultilateral security [15] the system should understand thesecurity goals of the entities involved and should adapt thesecurity controls accordingly based on contextual information,harvested from the novel 6G features. To this end, we need aset of building blocks:

i) The ability to express the desired and actual “level ofsecurity”;

ii) New, adaptive security controls;iii) “Understanding” the context;

iv) Automation in the form of a ML/AI based securityorchestrator.

In the following subsections we will present some of thesenecessary building blocks.

A. Quantifying Security: Quality of Security (QoSec)

Similar to QoS definitions (e.g., [ITU-T E.800]), qualityof security is the totality of characteristics of a service thatbear on its ability to satisfy stated and implied security needsof the user of the service. QoSec is helpful in the generaldirection of being able to provide different security guarantees,in response to the security needs of different use cases andrelated slices of the network, reflecting on the DiffServ QoSparadigm. A central aspect related to QoSec is to identify howto make the security level and its implementation adaptive,i.e., how to automatically identify the right QoSec and the

5

right combination of crypto schemes (encryption, integrity,authentication primitives), as well as how to incorporate theseflexibly in security protocols.

Thereby, adaptivity can happen at different levels: for a fixedcryptographic strength (e.g., 256-bit symmetric block ciphersconsidering quantum-resistant) and a fixed attacker model(e.g., “zero trust”, i.e., minimal (trust) assumptions regardingall involved entities) we can adapt the specific cryptographicalgorithms and protocols that are used [9]. On the other hand,we could also adapt the desired cryptographic strength or theconsidered attacker model based on contextual information.In future security protocols varying levels of trustworthiness(e.g., as defined by NIST in SP800-53 Rev. 4) are envisionedthrough the use of security control baselines. Note that theseare developed based on a number of general assumptions,including common environmental, operational, and functionalconsiderations, giving rise to the question of context awarenessin security.

B. Context Awareness at the Wireless Edge: The Role ofArtificial Intelligence

The opening up of the THz spectrum will providenew “sensing” capabilities to 6G devices, such as high-definition imaging and frequency spectroscopy. In combina-tion with high-precision localization, as showcased recentlyfor mmWave systems, these enhanced sensing capabilitiescan prove instrumental in understanding context and couldnaturally be incorporating in trust building and predictingreliability. Incorporating context awareness in security controlsamounts to being able to provide answers – with the aid ofAI – to the following open-ended questions:

1 How to measure the threat level from context: PHYlayer inputs, particularly in the form of sensing in-formation including the location of a node, the timeof communication, the ambient temperature, etc., carryimportant contextual information, directly related tosemantics. We can envision AI based fusion of sensinginformation to obtain an enhanced evaluation of thethreat level.

2 How to use context to identify the security levelrequired for particular data flows / slices: We needto take steps towards defining new metrics describingthe criticality of the particular data exchanged andfurthermore, how valuable they are considered from anadversarial point of view. This can be thought of as theanalogous of defining the priority level in QoS.

3 How to match security levels to security schemes:After defining the security level with rapport to thecontext of communication, the next question is how tomap this to an actual set of algorithms and securityschemes. Two approaches emerge that can possibly beused jointly: i) a crypto based approaches, in which thestrength of crypto systems is, roughly speaking, relatedto the lengths of the keys (after the right transformationsare accounted for); ii) PLS approaches, in which thewireless channel and the hardware are used as sources

of uniqueness (for authentication) and / or entropy forconfidentiality purposes (e.g., for SKG) [7].

C. Adaptive Security Controls: The Role of Physical LayerSecurity in 6G

In the past years, PLS [10], [11] has been studied andindicated as a possible way to emancipate networks fromclassic, complexity based, security approaches [12]. PLS isbased on the premise that we can complement some of thecore security functions, exploiting both the communicationradio channel and the hardware as sources of uniqueness or ofentropy.

It is usually this latter aspect of PLS that is considered inthe literature, around the concept of the secrecy capacity andof the SKG capacity [13]. In this framework, PLS leveragesthe physical properties of the radio channel, namely diffusion,superposition and reciprocity, to create opportunities for securedata transmission in the presence of eavesdroppers in thechannel. These properties can be exploited in a variety of ways,including taking advantage of independent fading between le-gitimate users and eavesdroppers, the use of multiple-antennasor relays to create secure degrees of freedom, and jammingof eavesdroppers. The use of PLS will profit from the pencil-sharp beams likely to be available in 6G [14], as they willmake eavesdropping very difficult by attackers not located inthe beam direction, while the same is true for visible lightcommunications [12]. Additionally, the high bandwidth mayprovide enough entropy to help the generation of high-ratesecret keys [7].

As a source of uniqueness, we can leverage PHY byusing RF fingerprinting and high-precision localization. It isworth mentioning that many new features of future networks,like low-latency control loops, sensor fusion or simultaneouslocalization and mapping (SLAM) will require only localcommunications, not involving the core network. These can bemade more secure and agile if PLS is employed, alleviatingthe need for network-based centralized security. In this context,PLS enabled by ML can be used for intelligent PHY authenti-cation in dynamic and complex 6G environments such as IoTnetworks. Thanks to the ability of ML techniques to learn andcapture statistics of complex features, we can achieve low-cost,continuous, highly reliable, model-independent, and context-aware authentication, e.g., leveraging localization and RFfingerprinting. To enhance the reliability of such authenticationmechanisms, the trustworthiness of the observed and estimatedattributes needs to be monitored, accounting for context.

Finally, in terms of authentication, it is further possibleto leverage “hardware fingerprints” in the form of physicalunclonable functions (PUFs), as an authentication factor inmulti-factor authentication protocols. PUFs rely on the useof Wyner-Ziv reconciliation approaches to offer measurablere-usability of the hardware fingerprint. Combining variousPLS technologies, hybrid PLS-crypto systems can be builtaround the ideas of zero-round trip time (0-RTT) protocolsand / or authenticated encryption [13], offering further toolsto develop fast authentication schemes at PHY, potentiallyexploiting multiple authentication factors.

6

LoS, slow / flat fad.

Large scale fading: Predictable channel

realization

NLoS, fast / freq. sel. fad.

Small scale fading: Unpredictable channel

realization

Source of

entropy:distil keys or

keyless transmission

Uniquenessidentifier:

localization / RF fingerprint

based authentication

Channel treated as either a source of uniqueness or a source of entropyWhen one is not available, the other probably is…

So far we have studied the channel for the reliability point of viewNeed to characterize the channel from the security point of view

Study channel predictability / unpredictability => align with semantic security

Figure 2. The wireless channel can act as a source of entropy or as a source of uniqueness for authentication.

PLS offers notable advantages. Firstly, it is inherently adap-tive; by adjusting the target secrecy rate or secret key rate,one can adapt related secrecy outage probabilities, offering aflexible framework with respect to adaptive security controls.Furthermore, PLS can provide information-theoretic securityguarantees using lightweight mechanisms (e.g., using Polaror low density parity check (LDPC) encoders) as opposed tocomputationally expensive cryptographic schemes. Thus, suchapproaches are suitable for low complexity IoT devices andfor networks with light or no infrastructure, either as stand-alone best-effort security mechanisms or as complements tomore traditional methods. It is noteworthy that as the line-of-sight conditions and the channel quality change, there is aclear trade-off between the use of the CSI for high precisionlocalization for authentication or as the means to distil entropyfor use in confidentiality and integrity schemes, showcased inFig. 2. This unique setting can only be exploited with enhancedmonitoring of the wireless channel and of the context ingeneral, revealing that context awareness is indeed an enablerfor PLS.

D. Discussion and Practical ExamplesLooking at the broader picture, down the path towards 6G,

novel security challenges and opportunities arise. Among thechallenges, noteworthy are issues related to vulnerabilities inthe initial entry phases of a node in a network (before theenactment of the 5G security protocols), the massive number oflow-end and heterogeneous IoT devices, sub-millisecond delayconstraints for critical IoT use cases, etc., while offering post-quantum security guarantees and addressing issues of privacy.On the other hand, 6G is expected to be the first generation of

wireless to offer edge- and device-level intelligence, leveragingnovel sensing capabilities and the extensive use of ML. Theincorporation of context awareness in 6G security protocolscan propel the introduction of disruptive new technologies toprovide flexible and adaptive security guarantees, based on anon-line evaluation of the security threat level.

It is in this context that PLS technologies can be trulyexploited; PLS can be realised only with provably trustworthymonitoring and understanding of the communication environ-ment and communication medium in 6G. In applications suchas the IoT, PLS emerges as a very competitive candidateto be used in context-aware, flexible and adaptive securitycontrols, both for authentication as well as for confidentialityschemes. While PLS might not, at least in the near future, beincorporated in zero-trust security protocols, it does providea viable alternative to securing massive and ultra-low latencynetworks with relaxed security guarantees, as a competitivecandidate for emerging QoSec approaches that will cut acrossall layers of the network stack.

To exemplify some of the points made previously, in TableI we present a roadmap on how to address the securitychallenges listed in Section II. We want to emphasize that thepresented ideas are still just parts of the puzzle and have to beembedded in a much more holistic approach, which, besidesadditional technical means, has to incorporate organisational,regulatory, economical – and not to forget: standardisation –aspects.

IV. CONCLUSIONS

Unarguably, 5G security enhancements present a big im-provement with respect to LTE. However, as the complexity

7

Table I. ROADMAP OF SOLUTIONS FOR 5G / 6G SECURITY CHALLENGES

Security Challenge / Scenario Recommended techniques (with ∗ we denote PLS / PHY solutions)

False Base Station Attacks∗ Intelligent PHY authentication using RF fingerprinting and localization of BS from UE (inverse localization)∗ Pre-shared keys established / distributed with SKG

Low Latency Communications

∗ Fast authentication using PUFs and RF fingerprinting as early authentication factors∗ Short packet secrecy encoding∗ Short blocklength Slepian Wolf and Wyner Ziv reconciliation decoders (for SKG and PUFs)

Jamming Attacks in mMIMO — RF Resilience

∗ Spectrum sensing, channel charting, channel learning∗ Advanced modulation and coding∗ Intrusion detection at PHY∗ Covert communications / low probability of detection

Privacy

- Context aware choice of pseudonymity, partial identities

- Contextual aware integrity to detect and mitigate violations

- Context aware appropriateness and distribution

Post-Quantum Resilience

∗ PLS is information theoretic secure∗ Long symmetric encryption keys using channel-based key generation∗ Hybrid crypto-PLS schemes

Low-cost IoT devices∗PLS is lightweight, secrecy encoders, SKG, PUfs, etc.

Awareness of low-cost / low-security IoT devices for appropriate isolation in a dedicated network slice

Huge Number of IoT devices

- Contextual understanding to automatically select appropriated QoSec

- Adaptive and automatic security controls removing the burden to manually configure and monitor all the IoT devices∗ PLS as a scalable technique for key management and distribution∗ PLS as adaptive security scheme

Long-term IoT security

- Awareness of a decrease over time in QoSec and trusthwortiness

- Automatic adoption of the overall security controls and policies

- Context aware access control, e.g., excluding untrustworthy devices from the network or reduction of (access) rights

of the application scenarios increases with the introduction ofnovel use cases, notably URLLC and mMTC, novel securitychallenges arise that might be difficult to address using thestandard paradigm of complexity based classical cryptographicsolutions. At the same time, in the longer 10-year horizonnovel security concepts based on “trust models” and risk-based, adaptive identity management and access control willcome to life, enabled to a large extend by AI. To allow forflexible QoSec in the DiffServ framework, the developmentand integration of security controls at all layers of the com-munications system is envisioned.

In this framework, PLS is being considered as a possibleway to emancipate networks from classical, complexity based,security approaches. Since the wireless channel is reciprocal,time-varying and random in nature, it offers a valid, inher-ently secure source for key agreement protocols between twocommunicating parties. This is pertinent to many forthcoming6G applications that will require strong, but nevertheless,lightweight mechanisms; in this direction, PLS may offer suchsolutions, or complement existing algorithms, with minimalchanges in the control plane. With respect to authentication,PUFs, wireless fingerprinting / localization, combined withmore classical approaches, could also enhance AKA in de-manding scenarios. In parallel, THz communications will relyupon setting up radio “wires”, potentially providing a concrete

scenario for the wiretap channel.As a conclusion, context awareness enabled by the novel

6G capabilities can allow introducing disruptive tools forproviding adaptive security guarantees, tailored to the contextof the communication. These new opportunities can be in 6Gcombined with advances on PHY modulation and transmissionto offer solid opportunities for the employment of PLS innovel, flexible QoSec approaches.

REFERENCES

[1] 3GPP TR33.809, Study on 5G security enhancements against false basestations (Rel 16), Sep. 2018.

[2] 3GPP TR33.825, Study on the Security of 5G URLLC (Release 16),Oct. 2019.

[3] Y. Arjoune, S. Faruque: “Smart jamming attacks in 5G new radio:A review”, in Proc. 10th Annual Computing and CommunicationWorkshop and Conference (CCWC), 2020.

[4] Haibat Khan, Keith M. Martin: “A survey of subscription privacy onthe 5G radio interface – The past, present and future”, Journal ofInformation Security and Applications, Vol. 53, 2020.

[5] G.A. Nunez Segura, S. Skaperas, A. Chorti, L. Mamatas, C. BorgesMagri: “Denial of Service Attacks Detection in Software-DefinedWireless Sensor Networks”, in Proc. IEEE Int. Conf. Commun. (ICC)Worskhop on SDN Security, 7-11 Jun. 2020, Dublin UK.

[6] S.A. Busari et al.: “Millimeter-Wave Massive MIMO communicationfor future wireless systems: a survey”, IEEE Comm. Survey andTutorials, 2018.

8

[7] M. Zoli , A. N. Barreto, S. Kopsell, P. Sen, G. Fettweis: “Physical-Layer-Security Box: a concept for time-frequency channel-reciprocitykey generation”, EURASIP Journal on Wireless Communications andNetworking, vol. 122, June 2020.

[8] A. Bourdoux, A. Noll Barreto et al.: 6G White Paper on Localizationand Sensing, White paper, 6G Research Visions, No. 12, University ofOulu, 2020.

[9] Z.Md. Fadlullah, C. Wei, Z. Shi, N. Kato: “GT-QoSec: A Game-Theoretic Joint Optimization of QoS and Security for DifferentiatedServices in Next Generation Heterogeneous Networks”, IEEE Trans.Wireless Commun., Vol. 16, No 2, Feb. 2018.

[10] A. Chorti, C. Hollanti, J.-C. Belfiore, H.V. Poor: Physical LayerSecurity: A Paradigm Shift in Data Confidentiality, Physical and Data-Link Security Techniques for Future Communication Systems, SpringerInternational Publishing, 1–15, 2016.

[11] H.V. Poor, R.F. Schaefer: Wireless physical layer security, Proceedingsof the National Academy of Sciences of the U.S.A., vol. 114, no.1, pp.19–26, January 3, 2017.

[12] M. Ylianttila et al.: 6G White Paper: Research Challenges for Trust,Security and Privacy, White paper, 6G Research Visions, University ofOulu, June 2020.

[13] M. Mitev,, A. Chorti, M.J. Reed, L. Musavian: “Authenticated secret keygeneration in delay-constrained wireless systems”, EURASIP Journal onWireless Communications and Networks, vol. 122, June 2020.

[14] E. Bjorson et al., “MIMO: ten myths and one critical question”, IEEEComm. Mag. 2016.

[15] Gunter Muller, Kai Rannenberg (eds.): Multilateral Security in Com-munications, AddisonWesley-Longman, Munchen, 1999.