ArticlePDF Available

Abstract and Figures

Although the fifth generation (5G) wireless networks are yet to be fully investigated, the visionaries of the 6th generation (6G) echo systems have already come into the discussion. Therefore, in order to consolidate and solidify the security and privacy in 6G networks, we survey how security may impact the envisioned 6G wireless systems, possible challenges with different 6G technologies, and the potential solutions. We provide our vision on 6G security and security key performance indicators (KPIs) with the tentative threat landscape based on the foreseen 6G network architecture. Moreover, we discuss the security and privacy challenges that may encounter with the available 6G requirements and potential 6G applications. We also give the reader some insights into the standardization efforts and research-level projects relevant to 6G security. In particular, we discuss the security considerations with 6G enabling technologies such as distributed ledger technology (DLT), physical layer security, distributed AI/ML, visible light communication (VLC), THz, and quantum computing. All in all, this work intends to provide enlightening guidance for the subsequent research of 6G security and privacy at this initial phase of vision towards reality.
Content may be subject to copyright.
1
The Roadmap to 6G Security and Privacy
Pawani Porambage,Member, IEEE, G¨
urkan G¨
ur, Senior Member, IEEE, Diana Pamela Moya
Osorio, Member, IEEE, Madhusanka Liyanage, Senior Member, IEEE, Andrei Gurtov, Senior Member, IEEE and
Mika Ylianttila, Senior Member, IEEE
Abstract—Although the fifth generation (5G) wireless net-
works are yet to be fully investigated, the visionaries of the
6th generation (6G) echo systems have already come into the
discussion. Therefore, in order to consolidate and solidify the
security and privacy in 6G networks, we survey how security may
impact the envisioned 6G wireless systems, possible challenges
with different 6G technologies, and the potential solutions. We
provide our vision on 6G security and security key performance
indicators (KPIs) with the tentative threat landscape based on
the foreseen 6G network architecture. Moreover, we discuss the
security and privacy challenges that may encounter with the
available 6G requirements and potential 6G applications. We also
give the reader some insights into the standardization efforts and
research-level projects relevant to 6G security. In particular, we
discuss the security considerations with 6G enabling technologies
such as distributed ledger technology (DLT), physical layer
security, distributed AI/ML, visible light communication (VLC),
THz, and quantum computing. All in all, this work intends to
provide enlightening guidance for the subsequent research of 6G
security and privacy at this initial phase of vision towards reality.
Index Terms—6G, Security, Security threats, AI/ML security,
DLT, Physical Layer Security, Privacy, Quantum computing.
I. INTRODUCTION
The evolution of wireless communication technologies
started from the first generation cellular networks (1G) in the
1980s. By then, significant advancements have been added to
the telecommunication and networking industries during 2G,
3G and 4G cellular networks. The era of fifth generation (5G)
wireless technologies has been already in deployment phase
since 2020, and it is yet to be evolved mostly on software-
based till the 2025 with the full coverage. The most remarkable
feature in 5G is the cloudification of networks with the
microservice-based architecture. This provides and abstraction
of physical resources to virtual and logical environments intro-
ducing on-demand automated learning management functions.
Sixth generation (6G) of mobile communication is already
envisioned by the researchers despite the fact that 5G coverage
is not yet being fully provided. Although it is expected that
Pawani Porambage, Diana Pamela Moya Osorio and Mika Ylianttila are
with the Centre for Wireless Communications, University of Oulu, Finland.
email: firstname.lasrname@oulu.fi
G¨
urkan G¨
ur is with the Zurich University of Applied Sciences (ZHAW),
Switzerland, email: gueu@zhaw.ch
Madhusanka Liyanage is with the School of Computer Science, University
College Dublin (UCD), Ireland and the Centre for Wireless Communi-
cations, University of Oulu, Finland. e-mail:madhusanka@ucd.ie, madhu-
sanka.liyanage@oulu.fi
Andrei Gurtov is with Department of Computer and Information Science,
Link¨
oping University, Sweden, email: andrei.gurtov@liu.se
Corresponding author
This work is an extension of the short paper (6 pages) which is accepted
to 2021 Joint EuCNC & 6G Summit. The paper is entitled as ”6G Security
Challenges and Potential Solutions” [1].
6G standardization will start somewhere 2026, the research
community has already started looking for novel research
directions towards materializing 6G vision. Networking and
communication scientific community envisage that 6G wire-
less networks will be driven by entirely intelligent network
orchestration and management [2], [3]. This is going to be
achieved with multiple technologies such as reconfigurable in-
telligent surfaces (RIS), visible light communications (VLC),
electromagnetic–orbital angular momentum, cell-free commu-
nications, and quantum computing [4]. The driving elements of
5G evolution such as virtual radio access networks (vRANs)
and cloudified core network are projecting the basis of 6G
architectural framework. As stated in [5], 6G architecture is
evolving in terms of platform, functional architecture, special-
izations and orchestration. Regarding the platform, heteroge-
neous cloud infrastructure are expected in 6G architecture to
achieve optimal Network Function (NF) execution [6]. This
needs the capability to discover the service that multiple
clouds are offering and the dynamic function placement. The
functional architecture requires new functionalities including,
not limited to, RAN-core convergence, cell free radio and
information collection for AI at physical and management
layers. Novel means of specialization are also anticipated such
as personal subnetworks, extreme slicing and flexible workload
offloading [7]. In the management of 6G cognitive networks,
the orchestration is based on the cognitive closed loop and
automation.
The security and privacy considerations in the envisioned
6G networks need to be addressed with respect to many
areas. There are specific security issues that may arise with
the novel 6G architectural framework as stated above. In
addition to that, there are many hypes on blending novel
technologies such as blockchain, VLC, TeraHertz (THz), and
quantum computing features in 6G intelligent networking
paradigms in such a way to tackle the security and privacy
issues. Therefore, 6G security considerations need to be also
discussed with respect to the physical layer security (PLS),
network information security, application security and deep
learning related security [1], [8].
A. Evolution of Mobile Security
The early generations of mobile networks (i.e., 1G, 2G, 3G)
encountered with significant security and privacy challenges
including cloning, illegal physical attacks, eavesdropping, en-
cryption issues, authentication and authorization problems, and
privacy issues [9]. Then, the security threat landscape has been
evolved with more advanced attack scenarios and powerful
attackers. The evolution of security landscape of telecommu-
nication networks, from 4G towards the envisioned 6G era, is
2
Fig. 1: Evolution of Mobile Security Landscape from 4G towards 6G
illustrated in Figure 1. 4G networks faced security and privacy
threats mainly due to the execution of wireless applications.
The typical examples include Media access control (MAC)
layer security threats (e.g., denial of service (DoS) attacks,
eavesdropping, replay attacks) and malware applications (e.g.,
viruses, tampering into hardware).
In the 5G architecture, security and privacy threats are
causing at access, backhaul and core networks [10]. Cyberware
and critical infrastructure threats, Network Functions Vir-
tualization (NFV) and Software-Defined Networking (SDN)
related threats, and cloud computing related threats are the
most common security issues in 5G [11]. There are numerous
occasions that SDN may create security threats, such as by
exposing critical Application Programming Interfaces (APIs)
to unintended software, the inception of OpenFlow, and cen-
tralizing the network control (i.e., subject to DoS attacks) [12].
Above all, the most significant driving force in 6G vision
is the added connected intelligence in the telecommunication
networks accompanied with advanced networking and AI/ML
technologies. However the alliance between AI and 6G may
also be a double edge sword in many cases while applying for
protecting or infringing security and privacy [13].
B. Motivation
Irrespective of the advancements of networking and commu-
nication technologies, security is always a paramount feature
to consider to ensure the resilience and reliability of networks.
Therefore, it will be useful to the research community to iden-
tify the security related research directions in the envisioned
6G networks. Since the standard functions and specifications
of 6G are yet to be defined, still there is a limited number
of literature that provides security and privacy insights of
beyond 5G networks. Furthermore, it is necessary to build
on 5G research in a methodical way and consolidate existing
emerging research towards 6G security realization. Already
there are many 6G vision papers available [14]–[17], however,
as summarized in Table I, only a handful of surveys have been
released with the key focus on 6G security and privacy. In
the existing surveys, none of the articles cover the holistic
picture of 6G security with respect to the expected novelties
and advancements that 6G intends to bring in terms of ar-
chitectural and technological aspects, and application areas.
Therefore, our main motivation is to shed the light on how
security may impact on the envisioned 6G wireless systems
with the possible challenges and the potential solutions while
identifying the future research areas.
C. Our Contribution
Given the fact that 6G networks are yet to be discovered
around ten years ahead, it is interesting to study the security
and privacy aspects of 6G networks in different angles. There-
fore, throughout the entire article we try to compile the future
research directions in 6G security and relate how they may
3
TABLE I: Surveys on 6G security and privacy
Ref. Contribution
[18] This white paper provides a high-level discussion on the role
of of trust, security, and privacy in the 6G networks and the
respective research challenges.
[9] Presents a concise survey on new research areas and challenges
in security and privacy with respect to four key aspects of
6G networks such as real-time intelligent edge computing,
distributed artificial intelligence, intelligent radio, and 3D in-
tercoms. Discusses the security and privacy issues on emerging
technologies including AI-based software, blockchain, quantum
communications, TeraHertz (THz) technology, Visible Light
Communication (VLC) technology, and molecular communi-
cations.
[19]
Provides a comprehensive survey of ML and privacy in 6G,
with a view to further promoting the development of 6G and
privacy protection technologies.
[20]
Provides a comprehensive road-map on important relevant
results on physical layer security (PLS) and discusses open
issues on the applicability of PLS in 6G systems.
evolve with the current research works. Our key contributions
in this article are as follows:
To explore driving trends, visions, applications, re-
quirements and key enabling technologies related to
6G security and privacy: This paper provides a brief sur-
vey mentioning the security and privacy challenges that
may encounter with the expecting 6G requirements, se-
curity key performance indicators (KPIs), novel network
architecture, new applications and enabling technologies.
To identify threat landscape and possible solutions
related to 6G security: The paper surveys the potential
security solutions for 6G in terms of distributed ledger
technology (DLT), physical layer security, quantum com-
munication, distributed AI/ML.
To present a road map for materializing 6G security
visions into a reality: The paper introduces the stan-
dardization efforts and renowned research projects that
are leading towards 6G security visionaries putting into
practice.
D. Outline
The remainder of the paper is organized as follows: Sec-
tion II presents the 6G security requirements and challenges
in general. This section also discusses the potential 6G security
KPIs and the security issues with respect to different 6G
architectural components. Section III describes the security
related issues that may encounter with the main 6G appli-
cations. Section IV focuses on security impact on novel 6G
technologies. Respectively, Section V and VI respectively
provide an overview on 6G privacy issues/possible solutions
and security standardization efforts. Finally, Section VII
provides the discussion and Section VIII concludes the paper.
II. 6G SECURITY REQUIREMENTS AND CHALLENGES
In this section, we first provide an overview about novel
6G requirements in general. Then we discuss the security
considerations, 6G security vision and the potential security
KPIs. The last subsections describe the security landscape for
the envisioned 6G architecture which is classified into four
key areas such as functional architecture (i.e., intelligent radio
and radio-core convergence), edge intelligence and cloudifica-
tion, specialized subnetworks, and network management and
orchestration.
A. New 6G Requirements
Future 6G applications will pose stringent requirements
and require extended network capabilities compared with the
currently developed 5G networks. These requirements are
summarized in Figure 2. They are established to enable the
wide range of key 6G use cases and thus can be catego-
rized accordingly. For Further enhanced Mobile Broadband
(FeMBB), the mobile connection speed has to reach the peak
data rate at Tbps level [21]. With Ultra massive Machine
Type Communication (umMTC), the connection density
will further increase in 6G due to the novel concept of
Internet of Everything (IoE) as the next phase of Internet
of Things (IoT). These devices will have to communicate
with each other and the infrastructure, and provide collabo-
rative services in an autonomous and self-driven manner [22].
For new latency extremely-sensitive 6G applications in the
Enhanced Ultra-Reliable, Low-Latency Communication
(ERLLC/eURLLC) use case, the E2E latency in 6G should
be reduced down to µs level [23]. 6G will require the network
energy efficiency to be improved by 10x than 5G and 100x
than 4G. It is also expected to enable extremely low power
communications for the resource constrained devices [23].
Moreover, intelligent and proactive mobility management sys-
tems will support seamless and instant mobility beyond 1000
kmph speeds [21].
For ERLLC, the latency impact of security workflows
will be considered to ensure service quality. Similarly, high
reliability requirements calls for very efficient security solu-
tions protecting availability of services and resources. With
FeMBB, extreme data rates will pose challenges regarding
traffic processing for security such as attack detection, AI/ML
pipelines, traffic analysis and pervasive encryption. That issue
can be alleviated with distributed security solutions since
traffic should be processed locally and on-the-fly in different
segments of the network, ranging from the edge to the core
service cloud [24]. At this point, DLT will be instrumental
with transparency, security and redundancy attributes. umMTC
will serve critical use-cases which impose much more stringent
security requirements compared to 5G. In particular, IoE with
very diverse capabilities will challenge the deployment and
operation of security solutions such as distributed AI/ML and
privacy concerns. An important aspect is how to integrate
novel security enablers in an abundance of resource con-
strained devices. Nevertheless, the security enforcement will
be more complex since network entities will be much more
mobile, changing their edge networks frequently and getting
services in different administrative domains.
B. 6G Security Vision and KPIs
The vision of 6G networks is formed with many novelties
and advancements in terms of architecture, applications, tech-
nologies, policies, and standardization. Similar to the generic
4
Industry 5.0
UAV based mobility
Connected Autonomous Vehicles
(CAV)
Smart Grid 2.0
Collaborative robots
Hyper-intelligent healthcare
Digital twin
Extended Reality
6G Applications
6G Requirements
New security requirements
New stakeholders
New attackers
- Attacks on 6G architecture (AI
compromises, physical attacks,
physical layer attacks, ...)
- Attacks on key 6G
technologies (poisoning
attacks, eavesdropping, ...)
- Attacks on 6G applications
>1 Tbps Peak data rate
1Gb/m2Area traffic capacity
0.01-0.1 ms Latency
100x Network energy efficiency
5x Spectrum efficiency
>1000 kmph Mobility
6G
Fig. 2: 6G applications, requirements and security.
6G vision which has the added intelligence on top of the
cloudified and softwarized 5G networks, 6G security vision
also has a close fusion with AI which leads to security
automation (Figure 3). At the same time, the adversaries also
become more powerful and intelligent and capable of creating
new forms of security threats. For instance, the detecting
zero-day attacks is always challenging whereas prevention
from their propagation is the most achievable mechanism.
Therefore, the necessity will become more important than ever
to incorporate intelligent and flexible security mechanisms
for predicting, detecting, mitigating, and preventing security
attacks and limiting the propagation of such vulnerabilities
in the 6G networks. It is also equally significant to ensure
privacy and trust in the respective domains and among the
stakeholders. Especially, security and privacy are two closely-
coupled topics where security relates the safeguarding of the
actual data and privacy ensures the covering up of the identities
related to those data. While security on its own is exclusive
from privacy, the vice versa is not valid: Essentially, to assure
privacy, there should be always security mechanisms that
protect data. In the coming sections, we discuss how security
and privacy complement each other for different aspects of
6G.
To set the scope of 6G, we also think that Key Performance
Indicators (KPIs) and Key Value indicators (KVI) will help
to take the dimensions of impact that go beyond the scope of
Fig. 3: 6G Security Vision
deterministic performance measures into full account [25]. It is
expected that 6G systems will incorporate novel aspects, such
as integrated sensing, artificial intelligence, local compute-
and-storage, and embedded devices [26]. These aspects will
5
TABLE II: Security KPIs and 6G vision.
KPI Description 6G impact
Protection level The guaranteed level of protection against certain
threats and attacks
More stringent due to the pervasive utility of 6G and
burgeoning risk level
Time to Respond (mean, max, ...) Time for security functions to counteract in case
of malicious activity
Much smaller due to compressed timescale of 6G networks,
e.g., an attack can cause havoc at an order or faster
Coverage The coverage of security functions over the 6G
service elements and functions
More challenging due to diverse 6G technologies and ultra-
distributed functions
Autonomicity level A measure of how autonomic security controls can
act
Expected to be easier to implement with pervasive AI, but
also may be counter-beneficial due to AI security issues
AI robustness The robustness of AI algorithms in the network
hardened for security
More difficult to maintain consistently system-wide but
more critical due to AI’s role in 6G
Security AI model convergence
time
Time for learning models working for security to
converge
Although more advanced AI/ML models are emerging and
hardware capabilities are improving, the data availability
and complexity are challenging factors for this KPI.
Security Function Chain round-
trip-time
Time for chained security functions to process for
ingest, analyse, decide and act (related to ”Time
to respond” KPI)
Security architecture in 6G supposed to be more distributed,
leading to challenges. But at the same time, device-centric
and edge-centric solutions will help.
Cost to deploy security functions
(mean, max, ...)
Various cost metrics for measuring the cost of
deployment
Substantially increases due to complexity, thus harder to
meet target KPI values
both lead to enhancements to existing KPIs, as well as
require a whole new set of KPIs and KVIs which have
not traditionally been associated with mobile networks, such
as sensing accuracy, computational round-trip-time, and AI
model convergence time. The KVIs will quantify the value
of the new 6G related technologies from the perspective
of sustainability, security, inclusiveness, and trustworthiness
stemming from the UN sustainable development goals [27],
[28].
Therefore, we believe that the new aspects will have a
significant impact on how security KPIs are designed and
measured (as shown in Table II). Various aspects should be
considered for characterizing security, such as PLS, network
information security, and AI/ML related security [8].
C. Security Threat Landscape for 6G Architecture
Undoubtedly, the massive emergence of connections in the
future 6g networks will increase the security and privacy vul-
nerabilities. Considering the foreseen technological, architec-
tural and application specific aspects and their advancements
in the future 6G networks, the threat landscape of 6G security
is summarized in Figure 4. Since the attacks can be generalized
based on the architecture rather than the technologies or the
applications, we are taking this step forward to give the reader
an insight about the security threat landscape on top of the
envisioned 6G architecture.
Among various visionary 6G architectures proposed by
the industrial and academic research community, we have
identified the vision from Nokia Bell Labs as a realistic yet
ambitious proposal to facilitate our security landscape analysis
for 6G architecture [5]. As stated by Ziegler et al. in [5],
after investigating the potential 6G architectural innovation,
they decompose the data and information architecture into
four segments, namely, platform,functions,orchestration and
specialization. In the infrastructure ”platform” of 6G archi-
tecture, heterogeneous clouds need to create agnostic, open
and scalable run-time environment to accelerate the hardware
and improve data flow centrality. The ”functional” architecture
component includes the topics such as RAN core convergence
and intelligent radio. The ”specialized” part represents the
architectural enablers of flexible off-load, sub-networks and
extreme slicing. The ”orchestration” component includes the
intelligent network management and the cognitive closed loop
and automation of 6G networks. In the rest of the section, we
discuss the security considerations of these four 6G architec-
tural components and how they are related at the consumer
end.
However, in addition to the 6G architectural evolution, the
advent and advancements of technologies may also pave the
way to generate more powerful attackers who can create
sophisticated attacks. For instance, while detecting AI based
malicious activities, distributed learning based attack predic-
tion methods give promising potential solutions within the
constantly changing environments [8].
1) Intelligence Radio and RAN-Core Convergence: The
recent advances in the state-of-the-art circuits, antennas, meta-
material-based structures, and the dramatic evolution of AI
techniques, including ML, data mining, and data analysis, have
shed light on a novel path for the challenges expected in radio
networks towards 6G. In this sense, providing intelligence
beyond the already known intelligent spectrum access for
cognitive radio networks is of interest for addressing novel
radio network challenges. Thus, the envisioned intelligent
radio (IR) will involve cutting-edge AI/ML techniques in order
to address accurate channel modeling and estimation, modula-
tion, beamforming, resource allocation, optimal spectrum ac-
cess, automated network deployment and management. Hence,
the introduction of IR towards 6G will lead to a reduced
implementation time and a significant reduction in the cost
of new algorithms and hardware [29]. With all this promising
benefits of IR, security and privacy are becoming more and
more critical in wireless networks, specially for the increasing
demands for mission-critical services. For example, AI training
can be manipulated in a spectrum access system by inserting
fake signals, so that a malicious party can take advantage
6
Fig. 4: 6G Security Threat Landscape
of a large portion of spectrum by denying the spectrum to
other users. Also, attacks through the wireless channel, such
as denial-of-service, spoofing, and malicious data injection,
could affect the AI. Therefore, efficient detection of malicious
training is critical for the proper performance of IR [30].
Besides, new network architecture paradigms are expected
for 6G by harmonizing RAN and core functions. Given that
different core functions are being distributed and virtualized
to be implemented closer to RAN, which benefits low-latency
services, while higher-layer RAN functions are being central-
ized, RAN and core functions can be combined (RAN-Core
convergence) in order to simplify the network and facilitate
the implementation of some services [31]. Thus, security and
privacy challenges and opportunities from this convergence
should be addressed towards 6G.
2) Edge Intelligence and Cloudification of 6G Era: The
union between AI and edge computing is instinctive since there
is a close interaction [32]. In certain 6G wireless applications,
it is imperative to shift the computation towards the edge of
the network. Whether AI/ML algorithms are used to acquire,
storage or process data at the network edge, it is referred to as
edge intelligence (EI) [33]. In EI, an edge server aggregates
data generated by multiple devices that are associated with
it. Data is shared among multiple edge servers for training
models, and later used for analysis and prediction, thus devices
can benefit from faster feedback, reduced latency and lower
costs while enhancing their operation. However, as data is
collected from multiple sources, and the outcome of AI/ML
algorithms is highly data-dependant, EI is highly prone to
several security attacks. Under such circumstance, trust is
also required in EI services which are critical to ensure user
authentication and access control, model and data integrity, and
mutual platform verification [23]. In [34], it is demonstrated
how Blockchain is used to secure distributed edge services to
prevent resource transactions vulnerable to malicious nodes.
Blockchain ensures the consistency of decomposed tasks and
the chunks of learning data required in AI implementation.
Attackers can exploit the distributed nature and the re-
spective dependencies on edge computing to launch different
attacks like data poisoning, data evasion, or a privacy attack,
thus affecting the outputs of the AI/ML applications and
undermining the benefits of EI [35]. Moreover, EI may require
novel secure routing schemes and trust network topologies
for EI service deliveries. Security in EI is closely coupled
with privacy since the edge devices may collect privacy
sensitive data which contain user’s location data, health or
activities records, or manufacturing information, among many
others. Federated learning is one approach for privacy-friendly
distributed data training in edge AI models which enables local
ML models. In addition to that, secure multiparty computation
and homomorphic encryption for designing privacy-preserving
AI model parameter-sharing schemes in EI services are also
considered by researchers.
The key architectural change in 5G which has a cloud
native and microservice architecture is expected to evolve with
heterogeneous aspects in the cloud transformation towards
6G [5]. The heterogeneous clouds related to numerous service
delivery platforms including public, private, on-premises and
edge cloud may require proper co-ordination of communica-
tion resources and distributed computing through orchestration
and network control. The security considerations may also
differ based on the nature of each cloud environment and
the stakeholders. Mainly the most common security issues
include the violation of access control policies, data privacy
breaches, information security issues, insecure interfaces and
APIs, denial of service (DoS) attacks, and loss of data [36],
[37].
3) Specialized 6G Networks: As introduced in [5], the trend
of having vertical industries in 5G for industrial automation
will continue to 6G as sub networks. These specialized 6G
networks are expected to operate as stand-alone miniaturized
networks for multiple application verticals (e.g., in-body, in-
car, in-robot, sub-network of drones). When the wireless
interfaces enable sub-network owners or infrastructure to use
novel applications, those external communication interfaces
may impose security vulnerabilities. To avoid the unauthorized
persons remotely take control of the sub-network functions, it
will be important to use strong as well as lightweight authen-
tication and encryption algorithms together with methods for
monitoring network security by means of intrusion detection
systems. Hierarchical and dynamic authorization mechanism
will be more suitable to handle trust boundaries between
the large networks and the miniaturized sub-networks. Use
of trusted execution environments (TEE) may also guarantee
the confidentiality and integrity of such closed sub-network
environments.
4) Intelligence Network Management and Orchestration:
The extreme range of 6G requirements such as massive de-
mand for increased capacity, extremely low latency, extremely
high reliability and support for massive machine-to-machine
communication will demand a radical change in network
service orchestration and management in 6G. With the support
7
of AI, new 6G architecture is expected to offer intelligent
end-to-end automation of network and service management.
The upcoming ETSI ZSM (Zero-touch network and Service
Management) [46] architecture is paving the path towards
such intelligence network management deployment in beyond
5G network. Below we discuss the key security challenges
in such intelligence network management deployments under
three aspects and summarize in Table III.
Open API’s security threats: 6G network is expected
to support open APIs by continuing the trend developed
in 5G networks [38], [39]. There are mainly three variants
of open API attacks we identify in the current literature.
1. Parameter attacks lead to unauthorized exploitation of the
data transferred through the API. The improper validation
of API parameters may also lead to inject attacks on cross-
domain data services. 2. Identity attacks allow the attackers to
exploit flaws in authentication and authorization process. For
instance, extraction of API keys and using them as credentials
can result in identity-based attacks. Moreover, unencrypted
transmission of API messages may lead to 3. man-in-the-
middle attack. An attacker can intercept the unencrypted API
messages and capture confidential information. In addition,
these open API’s can be vulnerable to DoS/DDoS attacks as
well. Here an attacker or a group of attackers can manipulate
an API out of order by submerging it with a massive amount
of requests.
Closed loop network automation: 6G networks may
allow closed-loop network automation for the zero touch
management capabilities of the network such as monitoring
the network to identify the fault and congestion occurrence.
Then, it analyzes the data and acts accordingly to eliminate
the identified issues. Thus, it creates a feedback loop of
communication between monitoring, identifying, adjusting and
optimizing the performance of the network to enable self-
optimization. Closed loop network automation in 6G will
create security threats such as DoS, Man-In-The-Middle and
Deception attacks [38].
Intent-Based Interfaces: Intent-based networking (IBN)
is a novel concept which is originally proposed to introduce
AI into the 6G mobile networks. The main idea of IBNs
is to directly transform users’ business intent into network
configuration, operation, and maintenance strategies using AI
TABLE III: Security Challenges in Intelligence Network Management and Orchestration of 6G Networks
Aspect Issue Description Solutions
Open API’s
security
threats
[38]–[40]
Parameter at-
tacks
- Improperly validated parameters may lead to injection attacks
on cross-domain data services.
- Data injection, data manipulation and logic corruption.
- Manipulating network topology data to insert fake links,
malicious nodes.
- Continuous injection of false parameters may leads DoS attack
to make the data services unresponsive.
- Input validation and user authentication.
- Access Control and rate limiting.
Identity
attacks
- Exploit flaws in authentication and authorization.
- Extraction of API keys and using them as credentials.
- Attack insecure E2E domain orchestration service to change
configurations to fail SLAs, create new instances demanding
more resources to exhaust the network.
- Authentication (Signed JWT tokens, OpenID con-
nect)
- Authorization (Role based Access Control, At-
tribute based access control, Access control lists)
Man-in-
the-middle
attack
- Obtain information from unencrypted transmission of API
messages between the API consumer and provider.
- Interception of API messages and revealing confidential infor-
mation
- Use secure encrypted communication
- Use of VPNs (e.g. IPsec, SSL/TLS and HIP)
DoS/DDoS
attacks
- Make an API out of order by submerging it with a massive
amount of requests
- Throttling/rate limiting the usage of APIs
- Deployment of API gateways and microgateways
- AI based API security for proactive monitoring
Closed loop
Automation
[38]–[42]
DoS attacks - Fake heavy load on VNFs to increase the capacity of VM,
which may. Lead to DoS
- Throttling/rate limiting on resources for VMs
- AI based resources level prediction
Man-in-
the-Middle
attacks
- Triggering a fake fault event and intercept the domain control
messages to reroute traffic via a malicious switch
- Use secure encrypted communication
- Use of VPNs (e.g. IPsec, SSL/TLS and HIP)
Deception
Attacks
- Intends to tamper transmitted data - Use Integrity validation mechanisms (e.g
Blockchain)
Intent-based
Interfaces
[38], [43]–
[45]
Information
Exposure
- Intercepting information of intents by an unauthorized entities
to compromise system security objectives (e.g., privacy, confi-
dentiality). This may lead to the launch of other attacks.
- Authenticating between intent producer and con-
sumer (Signed JWT tokens, OpenID connect)
- Controlled access via authorization controls (Role
based Access Control, OAuth 2.0)
- Secure communication via transport protocols (TLS
1.2)
Undesirable
configuration
- Changing the mapping from intent to action. Setting the
security level from “High” to “Low”
- Input validation via user authentication.
Abnormal
behaviors
- Malformed intent could change the behavior, causing network
outage
- AI based proactive monitoring for abnormality
detection
Malinformed
intent
- Changing the intent reduce the service quality. - Intent format validation
8
technologies. By using IBN concepts, 6G can effectively
mitigate the typical limitations in the traditional networks in
terms of efficiency, flexibility, and security. The key security
security vulnerabilities with IBN may include information
exposure, undesirable configuration and abnormal behaviors.
5) Consumer End (Terminals and Users): From the begin-
ing of the advanced portable communication in early gener-
ations of wireless systems, they are dependent on a physical
placing of symmetric keys in a Subscriber Identity Module,
which is also known as SIM card. Although the encryption
computations are moved from undisclosed to universal guide-
lines, the alternative cryptographic instruments are introduced
for the shared verification process [18]. In accordance with
the general standards, 5G security model is still dependent
on the SIM cards [47]. Although the SIM cards are getting
smaller into nanoscale, they still need to be inserted into
device/gadgets. This may limit the appropriateness of foreseen
IoE paradigm in 6G. In a way, this challenge can be tackled
with using eSIMs, however, introducing some issues with
physical measures. Another solution will be iSIMs which will
a part of System-on-Chip in future gadgets. This will also
face challenging due to the possible resistance coming from
the telecom operators due to conceivable loss of control.
Typically, SIM cards rely on proven symmetric key encryp-
tion, which scaled well up to millions to billions of users.
However, it has some serious issues with user privacy, IoT,
network authentication and fake base stations. Therefore, 6G
need to consider a significant shift from symmetric crypto
to asymmetric public/private keys and even to the post-
quantum keying mechanisms. Already 5G plans to support
authentication through a public-key infrastructure (PKI) and a
set of microservices communicating over HTTPS. The authen-
tication, confidentiality and integrity for such communication
is provided by Transport Layer Security (TLS) using elliptic
curve cryptography (ECC). Experiences that come from the
use of these technologies in 5G, will shape the user and device
authentication approaches in 6G.
III. SECURITY CHALLENGES WITH 6G APPLICATIONS
6G is emerging as the network facilitator to a wide range
of new applications which will drastically reshape the human
society of the 2030s and beyond. However, these applica-
tions and services come with very challenging performance
requirements as well as extremely stringent security levels due
to their critical nature and the need of high trust level. The
interplay between the general performance expectations and
security requirements becomes even more complicated with
the emergence of very capable and ubiquitous attackers and
nefarious activities. The envisaged capabilities of 6G could
enable a myriad of possible novel applications and use cases.
Among them, we extensively select the widely discussed ones
and also identify as most influential 6G applications (i.e.,
summarized in Figure 5 and Table IV) to elaborate on the
security considerations. This set of applications are regarded
as early deployment use cases and applications of 6G within
the current research literature [14], [16], [48], [49].
Industry 5.0
Digital Twin
Reduced operational cost
Interoperability
Realtime Operation
High Scalability
IoT data security
Secure Communication
High Scalability
IoT data security
AI security
UAV based Mobility
Reduced operational cost
Diversity of devices
Interoperability
Realtime Operation
High Scalability
Reduced operational cost
Diversity of devices
High Bandwidth
High Privacy
Holographic
Telepresence
Extended Reality
Reduced operational cost
Diversity of devices
Limited Resources
High Privacy
Connected Autonomous
Vehicles (CAV):
Reduced operational cost
Diversity of devices
Interoperability
Realtime Operation
High Scalability
Smart Grid 2.0
Terrorist Attacks
Scalable IoT Security
Physical Tampering
Intermittent Connectivity
Patient using
smart device
Intelligent
Healthcare
Ethical AI Security
Interoperability
Realtime Operation
High Privacy
Sacable IoT data security
6G
Network
VLC
Fig. 5: Key Security Requirements of Prominent 6G Applications
9
A. UAV based Mobility
Since 5G, Unmanned Arial Vehicles (UAVs) are getting
popular to use in various application domain. With the support
of 6G and AI based services, UAV technologies will be used
in new use cases such as passenger taxi, automated logistics,
and military operations [50], [51]. Due to the limited available
resources (i.e. processing and power) and latency critical ap-
plications in UAVs they should use lightweight security mech-
anisms which should satisfy the low latency requirements.
Moreover, factors such as high scalability, diversity of devices
and high mobility have to be considered while developing the
security mechanisms for UAVs. Since 6G will support AI and
Edge-AI based UAV functions such as collision avoidance,
path planing, route optimization, and swarm control, it is
important to deploy mechanism to mitigate AI related attacks
as well. Specially, protected integrity of control data is a vital
requirement for proper operation. Due to the unmanned nature
of UAVs, they are highly vulnerable for physical attacks. An
adversary can physically capture the UAVs by jamming control
signal or use physical equipment, then steal the important
data contained within the UAVs. Moreover, UAVs will have
advanced computational and communication capabilities com-
pared to other smart devices. Thus, a swarm of drones can be
used to perform organized attacks. Such attacks can be range
from cyber-attacks to physical terrorist attacks [52], [53].
B. Holographic Telepresence
Holographic telepresence is a 6G application which can
project realistic, full-motion, real-time three-dimensional (3D)
images of distant people and objects with a high level of
realism rivaling of the physical presence [54] (e.g.,3D video
conferencing and news broadcasting [55]). An extremely large
bandwidth is required to enable holographic communication.
When the number of holographic communication devices are
increasing, the bandwidth requirements are also increasing
proportionally. Thus, the security mechanisms used for holo-
graphic communication should not bring an extra burden on
already overwhelmed bandwidths. Moreover, factors such as
reduced operational cost and diversity of devices have to
be considered while developing the security mechanisms for
holographic communication. However, most critical challenge
related to holographic telepresence is the protection of the
privacy [56]. Specially, providing the required level of privacy
when a holographic image is projected to a remote location is
also important aspect to consider. Since the remote presenter
can not control the environmental settings of the projected
location, additional privacy protection mechanisms should
implemented, so that users can ensure the privacy.
C. Extended Reality
Extended reality (XR) is a term used to refer all real
and virtual combined environments which cover Augmented
Reality (AR), Virtual Reality (VR), Mixed Reality (MR),
and everything in between [57], [58]. 6G will support the
advancements of XR by providing opportunity to use in
various use cases including virtual tourism, online gaming,
entertainment, online teaching, healthcare and robot control.
Managing personal data is an important security aspect of XR
which will include not only people’s credit card numbers or
purchase histories, but also more personal information such as
feelings, behaviors, judgments, and physical appearance. Thus,
offering the required level of data responsibility is a critical
requirement of 6G networks in terms of collection, storage,
protection, and also sharing of personal data. Moreover, if fake
or forged data are used in XR applications, the quality of user
experience (QoE) in XR will fail. The factors such as high
scalability, low overhead, and diversity of devices should be
considered while developing the security mechanisms for XR.
Depending on the application, the security level or enforced
TABLE IV: 6G Applications: Security requirement and Possible Challenges.
Security Requirements Expected Security and Implantation Challenges
Potential 6G Applications
Ultra Lightweight Security
Zero-touch Security
High Privacy
Proactive Security
Security via Edge
Domain specific security
Limited resources
Diversity of Devices
High Mobility
Physical Tempering
Terrorist Attacks
Intermittent Connectivity
Localized environment
Lack of Security Standards
E2E Security orchestration
Energy Efficiency
UAV based mobility M H L M H L H M H M H L L L H H
Holographic Telepresence M L H L M L H M L M L L M M H H
Extended Reality H M H L H L H M M H L L L H H H
Connected Autonomous Vehicles L H M H H H L M H M H L L L H M
Smart Grid 2.0 H M M H L H H L L H H H L L L M
Industry 5.0 M H L H H H H H M L M L H M H H
Hyper-Intelligent Healthcare H M H M H H H H M M L M H M H H
Digital Twin M H L L M M L M L L H M L L H M
LLow Level Requirement/Impact MMedium Level Requirement/Impact HHigh Level Requirement/Impact
10
security methods in XR application can fluctuate significantly.
For instance, military applications may need the highest level
of security (i.e. strong multi-factor authentication, data encryp-
tion, user access control) while entertainment applications may
require a lower level of security.
Another critical security issue related specifically to XR is
the fake experiences. If fake or forged data been used in XR
applications, total XR experience will fail. Such incidents can
even cause fatal results. For instance, use of fake experience in
critical XR environments such as surgery or military operation
may lead to life-or-death consequences.
D. Connected Autonomous Vehicles (CAV)
Nearly 50 leading automotive and technological companies
are heavily investing in autonomous vehicle technology. The
world moves forward to experience truly autonomous, reliable,
safe, and commercially viable driver-less cars in near future
[59]. With the advent of Connected Autonomous Vehicles
(CAV) technologies, a new service ecosystem will emerge
such as driver-less taxi and driver-less public transport [49],
[60]. The security issues in complex CAV ecosystem can be
categorized into three categories as vehicle level, CAV supply
chain and data collecting. The vehicle level attacks can happen
by hijacking vehicle sensors, V2X communications and taking
over physical controls. Similar to UAVs, autonomous nature
without human involvement will lead to possibility of physical
hijacking. However, autonomous vehicles have more advanced
capabilities than UAVs. Therefore, emergency security mea-
sures can be integrated within a car. For instance, automatic
stop of car during a terrorist attack is possible. 6G network
can analyze the situation and deliver the emergency signals to
vehicles.
Moreover, new types of cyber attacks due to V2X communi-
cations in CAV ecosystem are possible. Advance CAVs have
communication link with the car manufacturer, so they can
constantly monitor and make instant transmission of software-
related patches to mitigate any foreseen troubles over the air.
However, vulnerabilities in the communication channels or
forging the data downloaded from manufacturer cloud services
can compromise the safety and security of the vehicles and its
passengers.
The CAV ecosystem has a complex supply chain with dif-
ferent third-party service providers such as CSPs (Communi-
cation Service Providers), Road Side Equipment (RSE), cloud
service providers and regulators. Enabling common standard
of security requirements and enabling the inter-operability is
challenging. Privacy issue may arise when CAVs collect data
about the travel routes, control sensor data and also about
their owners and passengers. Such data becomes a honeypot
for malicious attackers. According to the National Institute of
Standards and Technology (NIST), CAV security framework
should target on providing device security, data security, and
individuals’ privacy.
Specially, when public transport modes such as trains,
flights and buses are used, protection of individual privacy
while delivering 6G services such as XR, holographic telep-
resence will be challenging. Therefore, 6G security framework
for CAVs has to consider security convergence by combining
of physical security and cybersecurity along with the concept
of Privacy by Design.
E. Smart Grid 2.0
With the development of smart devices and advanced data
analytical techniques, the grid networks are getting smarter
and evolving from Smart grid 1.0 to Smart grid 2.0. Smart
grid 2.0 may offer features such as automated meter data
analysis, intelligent dynamic pricing, intelligent line loss anal-
ysis, distribution grid management automation and reliable
electric power delivery with self-healing capabilities [61]. In
smart grid 2.0, it is important to offer network information
and cybersecurity to ensure confidentiality, integrity and avail-
ability of the energy network. The most common security
vulnerabilities may include different type of attacks such as
physical attacks, software related threats, threats targeting
control elements, network based attacks and AI/ML related
attacks [62]. The critical components and services such as
data access points, control elements (SCADA) [63] and the
EMS of the cyber-physical system [64], metering, billing and
information exchange are heavily targeted in these attacks.
Moreover, the improvement of trust management of trading
mechanisms is a critical requirement of smart grid 2.0. One
of the key features envisaged by Smart grid 2.0 is the trading
of energy between unknown parties in a P2P manner. Such
trading could occur in variations of prosumer-to-prosumer and
prosumer-to-consumer due to popularity of solar PV based
small scale energy production and electrical cars [65]. Due
to the scale of number of such occurrences, the trust should
be established with minimal intervention of an intermediary.
Moreover, the radical shift in smart grid management from
centralized to distributed mode has also created the necessity
of instating trust between the buyer and the seller, which has
been the role of the third party intermediary (i.e., Distribution
Systems Operator) in a vertical grid arrangement [66].
F. Industry 5.0
Industry 5.0 is identified as the next innovation in industrial
revolution which means people working alongside robots and
smart machines to add a personal human touch to the Industry
4.0 pillars of automation and efficiency [67]. 6G plays a vital
role in enabling the advancements of automated industrial en-
vironment. Similar to other 6G enabled applications, Industry
5.0 will also face critical security threats and also they need
to provide basis security needs such as integrity, availability,
authentication, and audit aspects. Factors such as reduced
operational cost, diversity of devices, high scalability have to
be considered while developing the security mechanisms for
Industry 5.0. 6G will mainly responsible for The data security
and integrity protection [68] in Industry 5.0 as controlling
commands and monitoring data will be transferred over the
6G networks. Therefore, 6G era should also provide highly
scalable and automated access control mechanisms and audit
systems to restrict the access to the sensitive resources such
as intellectual properties related to Industry 5.0.
11
G. Intelligent Healthcare
Digital healthcare or e-health care services are evolving
for new dimensions. Within few years, AI-driven intelligent
healthcare will be developed based on various new methodolo-
gies including Quality of Life (QoL), Intelligent Wearable De-
vices (IWD), Intelligent Internet of Medical Things (IIoMT),
Hospital-to-Home (H2H) services, and novel business mod-
els [21], [69]. The growth elderly population may create the
increase the importance of e-health than every before. Body
Area Networks (BANs) with the integrated intelligent health
systems are advancing towards personalized health monitoring
and management. Such personalized BANs can collect health
information from multiple sensors, dynamically exchange the
collected information with the environment and interact with
networking services including social networks [70].
6G will be the main communication platform to interconnect
the intelligent healthcare services in the future. Thus, enabling
the secure communication, device authentication and access
control for billions of IoMT and wearable devices will be
critical security challenges to solve in 6G era.
Privacy protection and ensuring of the ethical aspects of
user data or electronic health records will be a critical issue in
future healthcare system. As explained above, the utilization
of AI is mandatory to manage billions of IoMT devices and
process the health related information. However, current AI
model are mainly focused on performance optimization rather
than the ethical aspects. Specially, AI models should follow
strict ethical rules on data collection and use of user data for
the model training [71]. Moreover, AI models should comply
with privacy rules and regulations enforced by the regulation
bodies. As the main communication infrastructure for future
healthcare systems, 6G networks should protect both privacy
and integrity aspects of the patient information and records.
H. Digital Twin
The digital twin is a novel industrial control and automation
systems concept which is identified as a key 6G application.
A digital twin is defined as a digital or virtual copy of
a physical object, an asset or a product [72], [73]. Digital
twin interconnects virtual and physical worlds by collecting
real-time data by using IoT devices which are connected
to the physical system. These collected data will be stored
in locally decentralized servers or centralized cloud servers.
Then, the collected data will be analyzed and evaluated in the
virtual copy of the assets. After obtaining the results form the
simulations, the parameters are applied to the real systems. The
integration of data in real and virtual representations will help
in optimizing the performance of the physical assets. Digital
twin can be used in other use cases such as Industry 5.0,
Automation, healthcare, utility management and contractions.
The biggest security challenge in the digital twin system
is that an attacker can intercept, modify, and replay all
communication messages between the physical and digital
domains. With the popularity of digital twin systems in future,
6G should support highly scalable secure communication
channels. Another issue in digital twin systems is that the
attacker can modify or alter the IoT data and make privacy
attacks. When 6G is used to enable digital twin system, IoT
data integrity and privacy protection mechanisms should be
utilized. For instance, blockchain can be used as a candidate
technology to enable such features in 6G networks.
IV. SECURITY IMPAC T ON NE W 6G TECHNOLOGIES:
REQUIREMENTS, THRE AT LANDSCAPES AND POSSIBLE
SOLUTIONS
Considering the security requirements and application spe-
cific aspects of the future 6G networks which are presented
in the previous sections, here we discuss the threat landscape
and possible security solutions related to few 6G technologies
that have already gained the most attention. Although many
other emerging technologies show their potential of relevance
to 6G, their security and privacy considerations are not yet
discovered in the state-of-the-art. In contrast, certain topics
such as network softwarization and cloudification are already
discussed with respect to 5G security. Based on the current
literature, we identified that technologies such as DLT, dis-
tributed and scalable AI/ML and quantum computing, and
some PLS related topics (THz, VLC, RIS, MC) are quite
relevant and have substantial amount of work and new research
directions related to security and privacy in 6G. Therefore, we
extensively discuss those listed topics in the remainder of the
section. In brief, we discuss the possible security solutions
for the key security issues in 6G networks, how the available
and evolving technologies can mitigate such security threats,
state-of-the-art of security mitigation techniques for the given
technologies, and beyond the state-of-the-art vision.
A. Distributed Ledger Technology (DLT)
Among DLTs, today Blockchain technology has gained
the highest attention in the telecommunication industry. The
advantages of blockchain such as disintermediation, im-
mutability, non-repudiation, proof of provenance, integrity and
pseudonymity are particularly important to enable different
services in trusted and secure manner in the 6G networks [74].
In addition to the advantages of AI in 6G, the use of
AI/ML, and other data analytic technologies, can be a source
for new attack vectors in 6G. It has been proven that ML
techniques are vulnerable to several attacks [75] targeting
both training phase (i.e., poisoning attacks) and the testing
phase (i.e., evasion attacks). Since data is the fuel for AI
algorithms, it is crucial to ensure their integrity and their
provenance from trusted sources [76]. DLT can achieve the
trust dimensions, such as protect the integrity of AI data
via immutable records and distributed trust between different
stakeholder, which will enable the confidence in AI-driven
systems in a multi-tenant/multi-domain environment.
Furthermore, DLT/blockchain show the potential of using
as a facilitating technology to evolve the 5G service models
to support 6G. These services may include, however not
limited to, secure VNF management, secure slice brokering,
automated Security SLA management, scalable IoT PKI man-
agement, secure roaming and offloading handling and user
privacy protection, to comply with 6G requirements [77], [78].
12
1) Threat Landscape: Due to the foreseen alliance of DLT
and 6G, the security vulnerabilities of Blockchain and smart
contracts may also implicitly impact the 6G networks [79].
Most of these attacks are occurred due to the reasons such as
software programming errors, restrictions in the programming
languages, and security loopholes in network connectivity
[80]. Moreover, these security issues can be occurred in
both public and private blockchain platforms. They lead to
complications such as loss of accuracy, financial losses in
terms of cryptocurrency and reduced availability of the system.
Some of the critical security attacks in blockchain and smart
contract systems are listed below (Figure 6).
Fig. 6: Key Security Vulnerabilities of Blockchanized 6G
Services.
Majority attack / 51% attack: If malicious users capture
the 51% or more nodes in the blockchain, they could take over
the control of the blockchain. In a majority attack, the attackers
could alter the transaction history and prevent the confir-
mation of new legitimate transactions from confirming [81].
Blockchain systems which use majority voting consensus [82]
are usually vulnerable for majority attacks.
Double spending attacks: The spending of the crypto-
graphic token is a key feature of most the blockchain plat-
forms [83]. However, there is a risk that a user can spend a
single token multiple times [84] due to lack of physical notes.
Such attacks are called the double spending attacks [85] and
blockchain systems should have a mechanism to prevent such
double spending attacks.
Re-entrency Attack: The re-entrancy vulnerability can be
occurred when a smart contract invokes another smart contract
iterative. Here, the secondary smart contract which has invoked
can be malicious. For instance such an attacks was performed
to hack Decentralized Autonomous Organization (DAO) in
2016 [86]. An anonymous hacker stole USD50M worth Ethers.
Sybil attacks: Here, an attacker or a group of attackers are
trying to hijack the blockchain peer network by conceiving
fake identities [87]. The blockchain systems which have min-
imal and automated member addition systems are typically
prone to Sybil attacks [88].
Privacy Leakages: Blockchains and smart contracts are
vulnerable to several privacy threats such as leakage of transac-
tion data privacy [89], leakage of smart contract logic privacy
[90], leakage of user privacy [91] and privacy leakages while
execution of smart contracts [92]. Some of the blockchain
nodes may follow the strict privacy roles and support too
much transparency which may leads to reveal some sensitive
information such as trade secrets and pricing information [89].
Moreover, business logic of the organization required to be
incorporated in the blockchain. The sensitive business logic
information such as commissions and bonuses may need be
included smart contracts and these information can be revealed
to the competitors [90].
Other attacks: Apart from the above, blockchains and
smart contracts are vulnerable to several other security threats
such as destroyable contracts [93], exception disorder [94],
call stack vulnerability [95], bad randomness [96], under-
flow/Overflow errors [97] [98], broken authentication [99],
broken access control [100], security misconfiguration [101]
and unbounded computational power intensive operations
[102].
2) Possible Solutions: Obviously, when the
DLT/blockchain solutions are adopted in 6G networks,
they should always comply with possible mechanisms to
mitigate the above security attacks. However, the deployment
of some of the security mechanisms can be momentous
in the public blockchains than in the private blockchains.
For instance, the debugging or any correction of smart
contracts might be a cumbersome process [103] since the
smart contracts are adopted by all the nodes in a blockchain
network. Since the smart contracts are playing a vital role in
DLT/blockchain systems to enable the automation, ensuring
the accuracy of the smart contract is necessary. Moreover, the
proper validation of correct functionality of the smart contract
is required before deploying it in thousands of blockchain
nodes. The accurate functionality of smart contacts can be
checked by identifying semantic flaws [104], [105], using
security check tools [106], [107] [108] and performing
formal verification [109]–[112].
Moreover, proper access control and authentication mecha-
nisms should be utilized to identify the malicious bots and AI-
agent based blockchain nodes. Such mechanisms can prevent
the majority and Sybil attacks. The additional privacy preser-
vation mechanisms such as privacy by design [113], [114]
13
and TEE [115], [116] can be integrating to prevent privacy
leakages in blockchain based 6G services [117], [118].
Moreover, blockchain/DLT support different architecture
types such as (i) public, (ii) private, (iii) consortium and (iv)
hybrid blockchain [119]. The impact of above security attacks
naturally vary for different architectures. For example, the 51%
attacks are highly impacting on public blockchains. In such
cases, a consortium or private blockchains can be suitable
for certain 6G services (e.g., spectrum management, roaming)
which has less number of miners [78]. Therefore, selecting the
proper blockchain/DLT type according to the 6G application
and services can eliminate the impact of certain attacks.
B. Quantum Computing
With in the next couple of years, it is expected that quantum
computing will be commercially available and will impose a
huge threat on the current cryptographic schemes. As stated
in the current state-of-the-art, quantum computing is envi-
sioned to use in 6G communication networks for detection,
mitigation and prevention of security vulnerabilities. Quan-
tum computing assisted communication is a novel research
area that investigates the possibilities of replacing quantum
channels with noiseless classical communication channels to
achieve extremely high reliability in 6G. Moreover, with the
advancements of quantum computing, it is foreseen by the
security researchers that quantum-safe cryptography should
be introduced in the post-quantum world. The discrete log-
arithmic problem, which is the basis of current asymmetric
cryptography, may become solvable in polynomial time with
the development of quantum algorithms (e.g., Shor) [120].
Since quantum computing tends to use the quantum nature
of information, it may intrinsically provide absolute random-
ness and security to improve the transmission quality [4].
Integrating post-quantum cryptography schemes with physical
layer security schemes may ensure secure 6G communication
links [121]. Moreover, new eras may open up by introducing
ML-based cyber-security and quantum encryption in commu-
nication links in 6G networks. Quantum ML algorithms may
enhance security and privacy in communication networks with
the quantum improvements in unsupervised and supervised
learning for classification and clustering tasks. There are
promising 6G applications where there are potentials in apply-
ing quantum security mechanisms. For instance, many 6G ap-
plications such as ocean communication, satellite communica-
tion, terrestrial wireless networks, and TeraHertz communica-
tions systems have potentials of using quantum communication
protocols such as quantum key distribution (QKD) [122]. QKD
is applicable in the conventional key distribution schemes
by providing quantum mechanics to establish a secret key
between two legitimate parties. Figure 7 demonstrates the
envisioned roles of quantum computing and quantum security
in the 6G era.
1) Threat Landscape: Within the threat landscape in
quantum-based attacks, the adversaries are also considered to
have quantum powers. Although quantum computers are yet
to be evolved in the long run, the threat it may generate on
IoT devices needs to be carefully considered already. Since
Fig. 7: Role of quantum computing in 6G.
cryptography is the key security factor in IoT networks and
IoT devices, they require light-weight cryptographic solutions.
It is always challenging to incorporate post-quantum crypto
solutions which are resisting quantum-based attacks in IoT
devices. Therefore, device independent quantum cryptography
is a challenge in the post-quantum era in 6G paradigm.
The oblivious transfer (OT) in classical information sharing
allows sender to transfer one of potentially many pieces of
information to a receiver while remaining oblivious as to
which piece has been transferred. However, this feature is
unable to maintain in quantum information since any leakage
may create huge damage to whole two-party communication.
As a fundamental law, the quantum computers have no-
cloning property which makes impossible to maintain the exact
copy of quantum state (i.e., rewinding not achievable). In
quantum cloning attacks, an adversary has to take a random
quantum state of an information and make an exact copy
without altering the original state of the information. Although
perfect quantum state copies are prohibited, in [123], it is
proven that a quantum state can be copied with maximal accu-
racy via various optimal cloning schemes. Quantum cloning
attacks may even occur in high-dimensional QKD schemes
as quantum hacking in a secure quantum channel. Moreover,
quantum collision attacks can also occur when two different
inputs of a hash function provide the same output in a quantum
setting.
2) Possible Solutions: In order to be ready with the threat
due to quantum computing in the future 6G era, the scientists
have already started investigating quantum resistant hardware
and encryption solutions. There are few post-quantum cryp-
tographic primitives identified as lattice-based, code-based,
hash-based and multivariate-based cryptography [124]. In the
current context, lattice computational problems show better
performance in IoT devices. Due to the smaller key-length,
they fit better in 32-bit architecture. However, these categories
are yet to be evolved and are recommended for the IoT devices
with respect to their performance and memory constraints and
communication capabilities. As post-quantum cryptography
will be no longer protected with the classical random oracle
model, it may need to verify security in the quantum-accessible
random oracle model where the adversary can query the
random oracle with quantum state [125].
14
C. Distributed and Scalable AI/ML
6G envisions autonomous networks that can perform
Self-X functions (self-monitoring, self-configuration, self-
optimization and self-healing) without any human involvement
[126]. The ongoing ZSM architecture specifications entailing
intent-based interfaces, closed-loop operation and AI/ML tech-
niques to empower full-automation of network management
operations including security are steps towards that goal. Since
the pervasive use of AI/ML will be realized in a distributed
and large-scale system for various use cases including network
management, distributed AI/ML techniques are supposed to
enforce rapid control and analytics on the extremely large
amount of generated data in these networks. As demonstrated
in Figure 8, 6G security is mainly revolving around AI in two
aspects such ”AI for security” and ”Security for AI”.
Security
for AI
Trustworthiness
Ethics and liability
Model and data
resilience
(Adversarial AI)
Scalability
Explainability
Visibility
AI
for security
6G
Autonomous Systems
Federated Learning
Deep Learning
Privacy-preserving
ML
Fig. 8: 6G security and AI.
Distributed AI/ML can be used for security for different
phases of cybersecurity protection and defense in 6G. The
utility of AI/ML driven cybersecurity lies on the advantages in
terms of autonomy, higher accuracy and predictive capabilities
for security analytics. Following are some challenges regarding
the AI/ML in 6G systems as defined in [127]:
- Trustworthiness Are ML components trustworthy? This
is a more important question when critical network functions
including security are AI-controlled.
- Visibility For controllability and accountability, visibility
is crucial. A research question is how to monitor timely for
security-violating AI incidents.
- AI Ethics and Liability Could some AI based opti-
mization starve some users or applications? Do AI driven
security solutions protect all users the same? Who is liable
if AI controlled security functions fail?
- Scalability and feasibility For federated learning, data
transmissions should be secured and preserve privacy. For
AI/ML controlled security functions, scalability in terms of
required computation, communication and storage resources is
challenging. For instance, FeMMB leads to huge data flows.
Integrated with AI/ML, these flows may cause significant
overhead.
- Model and data resilience Models should be secured
and robust in the learning and inference phases (e.g., against
poisoning attacks). However, more attacks are being developed
with increasing variety and proficiency in recent years [128],
e.g. on federated learning [129].
1) Threat Landscape: It is expected that 6G will heavily
rely on AI and ML technologies. However, the use of AI
and ML will lead to 6G intelligence network management
system to become a victim of AI/ML related attacks. Such
attacks can target the training phase (poisoning attacks) as
well as the test phase (evasion attacks) [130], [131]. Dur-
ing a poisoning attack on the training phase, the attacker
can tamper the training data by injecting carefully crafted
malicious samples, to influence the outcome of the learning
method [132]. Such injection of crafted samples may lead to
intelligence services supporting the E2E services to mispredict
the resource requirements and misclassifying the services.
Evasion attacks during the test phases attempts to circumvent
the learned model by introducing disorders to the test data.
Moreover, model inversion aims to derive the training data,
utilizing the outputs of the targeted ML model while model
extraction attacks steals the model parameters to replicate
(near-)equivalent models. Infrastructure-targeting physical
attacks essentially strive for communication tampering, and
intentional outages and impairments in the communication
and computational infrastructure for impairments in decision-
making/data processing and may even put entire AI systems
in offline.
At the AI middleware layer, a significant threat is the
compromise of AI frameworks to exploit vulnerabilities
in those artefacts or traditional attack vectors towards their
software, firmware and hardware elements. For another type
of attack, API-based attacks, an adversary queries and attack
an API of a ML model to obtain predictions on input feature
vectors. This may lead to model inversion (recover training
data), model extraction (reveal model architecture compromis-
ing model confidentiality) and membership inference (exploit
model output to predict on training data and ML model)
attacks.
2) Possible Solutions: There are different solutions against
these threats for AI/ML. Adversarial training injects perturbed
examples similar to attacks into training data to increase
robustness [133]. Defensive distillation is another defensive
strategy that is based on the concept of knowledge transfer
from one neural network to another via soft labels, which are
the output of a previously trained network and represent the
probability of different classes. They are used for the training
instead of using hard labels mapping every data to exactly
one class) [134]. These two solutions are both effective ones
against evasion attacks and adversarial attacks.
Against poisoning attacks in the training phase, protection
of data integrity and authentication of the data origin is instru-
mental. In that regard, blockchain provides a distributed, trans-
parent and secure data sharing framework perspective [135].
Similarly, moving target defense [136], [137] and input val-
idation [138] are used. The latter is also beneficial against
adversarial attacks. To mitigate model inversion attacks, an
effective defense is to control information provided by ML
15
APIs to the algorithms to prevent them. This approach is also
effective against adversarial attacks. Another countermeasure
against model inversion attacks is to add noise to ML predic-
tion [139]. Noise injection, but to the execution time of the
ML model, is also used against model extraction attacks.
D. Physical Layer Security
Fig. 9: Illustrative PLS scenarios in 6G era: a) THz commu-
nications in the presence of eavesdroppers, b) Secure MIMO
VLC systems with artificial noise, c) RIS-aided secure wireless
communication, d) Eavesdropping in molecular communica-
tions.
Physical layer security (PLS) mechanisms rely on the
unique physical properties of the random and noisy wireless
channels to enhance confidentiality and perform lightweight
authentication and key exchange. The flexibility and adapt-
ability of PLS mechanisms, specially for resource-constrained
scenarios, joint with the opportunities provided by disruptive
6G technologies may open a new horizon for PLS in the
time frame of 6G. Figure 9 shows illustrative scenarios for
PLS regarding key technologies expected for 6G, which are
described next.
1) TeraHertz technology: In 6G, it is expected to move
further to higher carrier frequencies, in the terahertz range (1
GHz to 10 THz), to improve spectral efficiency and capacity of
future wireless networks as well as provide ubiquitous high-
speed Internet access. In those frequencies, the transmitted
signals are highly directional and the propagation environment
is harsh, thus the interception of signals is mostly limited to
illegitimate users that are located in the same narrow beam of
the legitimate user.
Threat Landscape: Even with the use of extremely narrow
beams, an illegitimate receiver can intercept signals in line-
of-sight (LoS) transmissions. Thus, THz communications are
prone to data transmission exposure, eavesdropping, and ac-
cess control attacks.
Possible Solutions: In [140], the authors prove that an
illegitimate user can intercept signals by placing an object in
the path of the transmission, so that the radiation is scattered
towards him. In that paper, it is proposed to perform a charac-
terization of the backscatter of the channel in order to detect
some, although not all, eavesdroppers. Moreover, in [141],
the authors proposed to explore the multipath nature of THz
propagation links to enhance the information-theoretic secu-
rity. Therein, by sharing data transmission over multiple paths,
the authors showed that the message eavesdropping probability
can be significantly reduced, even when several eavesdroppers
are cooperating, at a cost of a slight decrease on link capacity.
That solution can be explored for transmitting sensitive data or
performing secure key exchange in THz networks. Moreover,
in [142], a study is conducted for performing authentication at
the physical layer in vivo nano networks at THz frequencies,
where a distance-dependent-pathloss based authentication is
performed. The authors showed that pathloss can be used as
a device fingerprint from a THz time-domain spectroscopy
setup. All in all, new PLS solutions, as electromagnetic
signature of THz frequencies for performing authentication at
the physical layer [9], would benefit THz wireless joint with
the incorporation of new countermeasures on the transceiver
designs.
2) Visible Light Communication technology: VLC is an op-
tical wireless technology that has gained significant attention
due to its advantages compared with radio frequency (RF)
systems, such as high data rates, large available spectrum,
robustness against interference, and low-cost for deployment.
VLC also has great potential to complement RF systems in
order to exploit the benefits of both networks [143].
Threat Landscape: VLC systems are intrinsically more
secure compared with RF systems due to light cannot pen-
etrate walls. However, due to the broadcast nature of VLC
systems (as in RF), when communication takes place on public
zones or with large windows in the coverage, VLC systems
are prone to eavesdropping attacks, thus confidentiality may
be potentially compromised [144]. Moreover, VLC systems
present different characteristics than RF systems that should
be considered for the design of PLS mechanisms. For instance,
VLC channels are quasi-static and real-valued channels, and
VLC systems present a peak-power constraint that impedes
unbounded inputs, e.g. Gaussian inputs. Therefore, these op-
erating constraints should be revisited for the performance
evaluation and the optimization of PLS strategies in VLC
systems [145]. Besides, according with the study conducted
in [146], VLC systems are more vulnerable at locations that
present strong reflections.
Possible Solutions: In [144], the enhancement of the se-
crecy performance, in terms of the achievable secrecy rate,
of a multiple-input multiple-output (MIMO) VLC system is
demonstrated by using linear precoding. Therein, the peak-
power constraint is considered for the transmitted signal, and
only discrete input signaling schemes are used. Also, in [147],
a scheme of watermark-based blind PLS was investigated,
where red, green and blue LEDs and three color-tuned photo-
diodes are employed to enhance the secrecy of a VLC system
by implementing a jamming receiver joint with the spread
16
spectrum watermarking technique.
3) Reconfigurable Intelligent Surface: With the evolution
of metamaterials and micro electro-mechanical systems, RIS
have emerged as a promising option to tackle the challenges
of intelligent environments regarding security, energy and
spectral efficiency. RIS is a software-controlled metasurface
composed by a planar array of a large number of passive and
low-cost reflecting elements, which are capable of dynami-
cally adjust their reflective coefficients, thus controlling the
amplitude and/or phase shift of reflected signals to enhance
the wireless propagation performance.
Threat Landscape: Traditional PLS techniques, such as
the deployment of active relays or friendly jammers that use
artificial noise (AN) for security provisioning, may incur on
increased hardware cost and energy consumption. Moreover,
in adverse wireless propagation environments, an adequate
secrecy performance cannot be always guaranteed even with
the use of AN. Therefore, it would be desirable to adaptively
control the propagation properties of wireless channels to
ensure secure wireless communications, which is impossible
to attain with traditional communication technologies.
Possible Solutions: By controlling the phase shifts of RIS in
an intelligent manner, the reflected signals can either be added
coherently at the intended receiver to enhance the quality of
the received signal, or be added destructively at a non-desired
receiver to enhance security [148]. In this sense, RIS-assisted
PLS has become a promising technology for secure and low-
cost 6G networks. For instance, in [149], it is shown the
importance of RIS technology for enhancing security, even
if the eavesdropping link is in better conditions than the
legitimate link. Moreover, the secret key generation problem
for RIS-assisted wireless networks has also been investigated,
where each element of the RIS is an individual scatter to
enhance the secret key capacity [150].
4) Molecular communication (MC): In MC, bionanoma-
chines communicate using chemical signals or molecules in
an aqueous environment [151]. This technology is appealing
for enabling important applications and use cases related to
helthcare innovations in the context of 6G.
Threat Landscape: This kind of communications will han-
dle highly sensitive information with several security and
privacy challenges on the communication, authentication and
encryption process.
Possible Solutions: It is extremely important to tackled
security issues in MC from the very early stages of its practical
development in order to guaranteed the promising benefits of
this technology, thus PLS mechanisms would have an impact
on providing security for MC. For instance, the notion of
biochemical cryptography was introduced in [152], where a bi-
ological macro-molecule composition and structure are used as
a medium to achieve information integrity. Moreover, in [153],
the fundamental benefits and limits of PLS are investigated for
diffusion-based channels, where the secrecy capacity is derived
to obtain insights on the number of secure symbols that can
be transmitted over a diffusion-based channel.
V. PRI VACY
The faster the world is moving towards a digital reality,
the higher the risk people may put their privacy, which is
more precisely called digital privacy. The data is collected for
many applications to improve their service performance. Such
processed data or the information leakage always create huge
privacy issues which require well balanced privacy preserving
techniques. When more and more end devices tend to share
local data to the centralized entities, the storage and processing
of this data pile with the added privacy protection mechanisms
will be difficult. As 6G systems may have simultaneous
connectivity up to about 1000 time greater than in 5G, privacy
protection should be considered an important performance
requirement and a key feature in wireless communication in
the envisioned era of 6G [9]. However, in the current process
of data collection and analysis, privacy protection has not
received the enough attention and priority level. Therefore,
there are many research opportunities for finding the correct
balance between increasing data privacy and maintaining them
with lower computation load which may reduce the speed and
accuracy of the computation. In Figure 10, we describe illus-
trate a summary of 6G privacy with respect to privacy types,
privacy violation, privacy protection, and related technologies.
The issue in 6G with data privacy will be more challenging
when the number of smart devices are increasing and tracking
every move of a person with lack of transparency about
what is exactly collected. Specially, in the big data era of
decentralized systems, adding privacy protection mechanisms
will further increase the communication and computational
costs which already show a rapid growth [154].The current Eu-
ropean Union’s General Data Protection Regulation (GDPR)
for privacy assurance should be also subject to change with the
evolving 6G applications and specifications. Mainly, there are
three key challenges that encounter while protecting privacy
in 6G:
The extremely large amounts of data exchange require
in 6G may impose a greater threat on peoples’ privacy
with an extensive attention attracted by the governmental
and other business entities. This may occur as a large
number of small chunks of data accumulations. The easier
the data is accessible and collectable in the 6G era, the
greater risk they may impose on protecting user privacy
and causing regulatory difficulties.
When the intelligence is moving to the edge of the
network, more sophisticated applications will run on
mobile devices are increasing the threats of attacks.
However, incorporating privacy protecting mechanisms in
resource-constrained devices in the edge of the network
will be again challenging. This arises the requirement of
introducing lightweight privacy preserving mechanisms.
Keeping the correct balance between maintaining the
performance of high-accurate services and the protection
of user privacy is also noteworthy. Location information
and identities are required to realize many smart applica-
tions. Therefore, it is necessary to carefully consider data
access rights and ownership, supervision and regulations
for protecting privacy.
17
Fig. 10: Summary of 6G privacy.
Considering privacy in the context of statistical and machine
learning analysis, Differential Privacy (DP) is another budding
privacy-preserving technology which is also likely to appear
in future 6G wireless applications [18], [155]. DP may provide
mathematically provable privacy protection against certain
privacy attacks such as differencing, linkage and resonstruction
attacks. As stated in [155], DP has interesting properties to
enhance privacy protection while analyzing personal infor-
mation: quantification of privacy loss permits comparisons
among different computation techniques; composition allows
the design and analysis of complex privacy enhancing al-
gorithms starting from simple building blocks; allow group
privacy; immunity to post-processing of the privacy concerned
algorithms. Rather than using conventional data encryption
methods, novel mechanisms can be incorporated with the
development of lightweight privacy preserving techniques such
as using homomorphic encryption (HE) [156].
The role of Blockchain in 6G may have pros and cons in
terms of privacy aspects. On one hand, data privacy in 6G will
likely involve Blockchain for the ultra-massive and ultra-dense
networks. For instance, Blockchain technology can be used
as a key candidate for privacy preservation in content-centric
6G networks. Having a common communication channel in
blockchain may allow network users to be identified by pseudo
names instead of direct personal identities or location infor-
mation. Moreover, blockchain can be improved by introducing
new block header structures to protect privacy in high sensitive
tasks and actors. On the other hand, since Blockchain is a
DLT which is intrinsically transparent, it may disclose private
information to all participants by creating privacy violations.
When the 6G is expected to host a zero trust architecture that
assure embedded trust in the devices and the network. While
Blockchain is gaining higher reputation to ensure trust among
highly decentralized and distributed applications, it also brings
the biggest issue on data privacy and advanced connectivity.
As pointed out in [157], such privacy risks can be addressed by
solutions including, risk signatures, zero-knowledge augments
and coin mixing.
The fast growing AI technology in the 6G vision has a close
associative with ML technology where privacy is showing
a greater impact in two ways [19]. In one way, the correct
application of AI/ML can protect privacy in 6G. In another
way, privacy violations may occur as AI/ML attacks. Different
ML types (e.g., neural network, deep learning, supervised
learning) can be applied for privacy protection in terms of
data, image, location, and communication (e.g. Android, intel-
ligent vehicles, IoT). As summarized in [19], privacy attacks
can occur ML models while training (e.g., poisoning attack)
and testing phases (e.g., reverse, membership interference,
adversarial attacks). When AI is used to emulate human brain
capability with collaborative/cooperative robots (cobots), they
use learning tools to train those digital entities. However, the
question is, whether the cobots will be ethical, transparent
and accountable for preserving privacy concerns while using
data sets during this constant learning and real-time decision
making process.
While developing more robust and efficient privacy preser-
vation solutions, the properties of quantum mechanics can be
also exploited for high security and high efficiency levels. Such
approaches will be very much useful in a post-quantum era
of 6G networks in the long run. For instance, in [158] the
authors propose an encryption mechanism based on controlled
alternate quantum walks for privacy preserving of healthcare
images in IoT. Moreover, the work in [159] presents a lattice-
based conditional privacy preserving authentication mech-
anism for post-quantum vehicular communication. Adding
quantum noise to protect quantum data will lead the security
concept of DP towards quantum differential privacy. In [160]
the author demonstrate this by including depolarization noise
in quantum circuits for classification.
18
On the other hand, critical applications and massive sce-
narios expected in 5G/6G have raised the importance of novel
privacy-related requirements, such as anonymity, unlinkability,
and unobservability of the nodes in a network. Thus, from
the information theoretic point of view, a common approach
to guarantee privacy is based on the perturbation of data
attained by means of a privacy mechanism that performs a
randomized mapping to control private information leakage.
Quantifying this information leakage is important in order
to limit this. Different notions of privacy leakage have been
proposed to capture the capacity of adversaries to estimate pri-
vate information, for example, Shannon’s mutual information,
differential privacy, among others [161], as well as different
leakage measures. In that sense, privacy can, under careful
control, tolerate some leakage to get some utility. There is
no a general privacy vs. utility trade-off, thus the amount of
leakage required to get some utility depends on the application
[162].
VI. SECURITY STANDARDIZATION AND PROJECTS
As a critical aspect of next generation networks and digital
services, the security domain has a very active standardization
and project landscape. In this section, we highlight and de-
lineate the key research projects and standardization efforts
which have a prospective impact on 6G security1. At the
end of the section we present Table V to show the summary
of contribution of global-level ongoing projects, initiatives,
associations and SDOs on 6G.
A. Standardization
Various Standards Developing Organizations (SDOs) which
are relevant to 6G security as shown in Figure 11.
1) ETSI: As a multi-pronged effort, ETSI has launched
multiple Industry Specification Groups (ISG) to examine 5G
component technologies, including NFV (ETSI NFV), AI
(ETSI ISG Securing Artificial Intelligence-SAI, ETSI ISG
Experiential Network Intelligence - ENI) and network au-
tomation (ETSI ISG Zero touch and service management -
ZSM). NFV-SEC is a WG under ISG NFV that produces
industry specifications on security-related matters of NFV
technology. Since 2014, the NFV SEC WG has produced
multiple Group Specifications (GS) and Group Reports (GR).
Work during releases 3 and 4 of ETSI NFV has increased the
focus on security specifications as the scope and features of
NFV platforms are expanding.
ETSI ISG ENI was also launched in 2017 to define a
Cognitive Network Management architecture, using AI tech-
niques and context-aware policies to adjust offered services
based on changes in user needs, environmental conditions,
and business goals. The ISG has produced a set of use
cases, including network security, where the ENI system can
detect various attacks and trigger a reaction by the network.
Another group, ETSI ISG SAI, was formed in 2019 and
aims to develop technical specifications to alleviate threats
1Please note that although there is a much wider spectrum of Beyond 5G
or 6G projects and standardization activities, we focus on the ones with a
significant security component or impact.
Recommendations
and
vision
Core Internet
Protocols
Technical
specifications
Privacy and
security
specifications
Security risks
and KPIs
Security
architecture
E2E
architecture
Quantum
communications
Standardization
drivers for
6G security
Fig. 11: Standardization landscape relevant for prospective 6G
security standards.
emerging from deploying AI and threats targeting AI systems
originating from other AI systems and typical attack sources.
This ISG has undertaken the tasks of defining AI threats,
provide relevant use cases, recommend mitigation measures
against such threats, and propose possible recommendations
regarding data sharing.
2) ITU-T: At a global level, ITU has established the ITU-
T Focus Group on ML for Future Networks (FG-ML5G)
working on technical specifications for machine learning for
future networks, including interfaces, network architectures,
protocols, algorithms, and data formats [163]. ITU-T FG-
NET2030 Focus Group on Technologies for Network 2030 is
elaborating on new drivers, requirements and gaps to propose
use cases for applications including augmented and virtual
reality and holograms. The developments will also have an
impact on security aspects of 6G networks [164].
3) 3GPP: Similarly, 3GPP has already addressed the use
of AI/ML in the 5G Core Service Based Architecture (SBA),
by introducing the Network Data Analytics Function. This
function provides analytics and notifications to other network
functions regarding the users’ behavior and the network’s
status. 3GPP SA3 is currently working on a draft TR by
identifying the security issues, requirements, and solutions
regarding Network Slicing and the use of the Network Data
Analytics Function in selected use cases [165].
4) NIST: Standardization of post-quantum cryptographic
algorithms is performed by National Institute of Standards
and Technology (NIST) [166]. The ongoing work by NIST’s
Post-Quantum Cryptography Program is working to solicit
candidates and then specify quantum-resistant algorithms each
19
for digital signatures, public-key encryption and cryptographic
key-establishment. The process is now at Round 3 following
the completion of the second round in July 2020. The selected
algorithms will constitute the first standard developed to
counter threats due to quantum decryption.
5) IETF: On the IETF front, IETF Security Automation
and Continuous Monitoring (SACM) Architecture RFC de-
fines an architecture enabling a cooperative SACM ecosys-
tem based on entities, or components, which communicate
by sharing information [167]. One or more components are
consumers of information in a given flow while some are
providers of information. A key component is an orchestrator
which facilitates the automation of various functions such as
configuration, coordination, and management for the SACM
components. There can be also various repositories such as
policy repositories, vulnerability definition data repositories,
and security information repositories.
6) 5G PPP: 5G PPP has established 5G PPP Security Work
Group as a joint effort on tackling 5G security risks and
challenges and providing insights into 5G security and how
it should be addressed [168]. It elaborates on 5G security
architecture and how it fits with that of the 3GPP, access
control, privacy, trust, security monitoring and management
and standardisation on 5G security. Although it has a focus
on 5G, the outcomes of the group have direct implications
on Beyond 5G networks such as intelligent network security,
security KPIs, emerging risks, threats and countermeasures.
7) NGMN: NGMN 5G End-to-End Architecture Frame-
work v4.3 (2020) describes the requirements in terms of
network entities and functions for the capabilities of an end-to-
end framework which also includes security [169]. It considers
the security for the end-to-end protection of the various net-
work features and enabling capabilities in a forward-looking
5G service paradigm.
8) IEEE: IEEE P1915.1 Standard for Software Defined
Networking and Network Function Virtualisation (SDN/NFV)
Security works to provide a framework to build and operate se-
cure SDN/NFV environments. It aims for different stakehold-
ers such as end users, network operators, and service/content
providers. To this end, it specifies a security framework
for SDN/NFV with related system models, analytics, and
requirements [170]. Similarly, IEEE P1917.1 Standard for
Software Defined Networking and Network Function Virtu-
alisation Reliability focuses on reliability requirements and
develops a framework for reliable SDN/NFV service delivery
infrastructure [171].
For the quantum communications, IEEE P1913.1 (Draft)
Standard for Software-Defined Quantum Communication
(SDQC) defines the SDQC protocol that enables configuration
of quantum endpoints in a communication network [172]. It
allows dynamic creation, modification, or removal of quantum
protocols or applications in a software-defined setting. This is
possible with the availability of a well-defined interface to
quantum communication devices, which can be reconfigured
to implement a variety of protocols and measurements. The
SDQC protocol functions at the application layer and com-
municates over TCP/IP. The protocol design considers future
integration with network softwarisation related standards.
B. Key Projects
1) 6G Flagship: The 6G Flagship [48] is a 8-year research
project for “6G-Enabled Wireless Smart Society and Ecosys-
tem” and funded by the Academy of Finland. 6G Flagship
aims at the development of the new 6G standard for future
digital societies. It will target security and privacy among
other areas to develop essential technology components of 6G
mobile networks. The research will focus on communication
between people, devices, processes and objects, which implies
a multitude of security and privacy questions. This will con-
tribute to enabling a highly automated, smart society, which
will penetrate all areas of life in the future. Finally, 6G flagship
project will also carry out the large pilots with a test network
with the support of both industry and academia.
2) INSPIRE-5Gplus: INSPIRE-5Gplus as an EC H2020
Research and Innovation (RIA) project aims to improve se-
curity of 5G and Beyond networks for various aspects such
as the security vision, novel enablers, security assets, and
learning models [39]. It will develop an integrated security
management architecture using relevant frameworks, ZSM
paradigm, Trusted Execution Environment (TEE), and address
the key security challenges of vertical applications such as con-
nected mobility, smart energy and aerial networks. Moreover,
it will integrate trustworthiness and liability into the developed
security approach for a holistic architecture [173].
3) 5GZORRO: 5GZORRO is an EC H2020 RIA project
which will develop solutions for a system level architecture
combining zero-touch automation and DLT in distributed
multi-stakeholder environments. It will use Smart Contracts for
intelligent resource discovery, brokerage and selection (e.g.,
spectrum and pervasive virtualized CDN services) and enable
required agility [174]. Accordingly, it has a specific focus on
security in future wireless networks.
4) Hexa-X: The Hexa-X project [175] targets to develop
novel key enablers in 6G for
radio access technologies at high frequencies
high-resolution localization and sensing
connected intelligence through AI-driven air interface
6G architectural elements for network disaggregation and
dynamic dependability
For the security perspective, Hexa-X focuses on trustwor-
thiness, namely the confidentiality and integrity of end-to-
end communications, and guaranteed security, data privacy,
and operational resilience. The final E2E Hexa-X architecture
will include the developed security architecture and relevant
security guidelines.
5) AI@EDGE: The AI@EDGE project aims to develop
general-purpose frameworks for the creation, utilization, and
adaptation of secure, reusable, and trustworthy AI/ML models.
Those frameworks will support flexible and programmable
pipelines and will be wielded for closed-loop network au-
tomation. Moreover, the project will work on a converged
connect-compute platform for creating and managing resilient
and secure network slices for various AI-enabled network
applications [176].
6) ATIS/Next G Alliance: The Next G Alliance is an
initiative formed for 6G development with for North American
20
preeminence considering an evolutionary 5G path [177]. It
has stemmed from the ATIS’ ”Call to Action Promoting U.S.
Leadership on the Path to 6G”. Therefore, the prospective
6G ecosystem will be key to defining the Next G vision.
Therefore, the Next G Alliance has determined three initial
strategic actions to focus:
Development of a 6G national roadmap that will lead
North America to a global leader position in R&D, stan-
dardization, and manufacturing of Next G technologies
while addressing the changing competitive landscape
Alignment of the North American technology industry by
converging on a core set of priorities to influence public
policies and funding for 6G
Identification of the early steps and strategies for rapid
commercialization of Next G technologies across new
markets and business sectors while promoting widescale
adoption domestically and globally
7) South Korea MSIT 6G research program: The govern-
ment of South Korea expects 6G services could be commer-
cially available in Korea between 2028 and 2030 [178]. First
deployment of 6G networks will be available in 2028 and
mass scale commercial deployment will happen in 2030. The
preliminary goal of their strategy includes launching a 6G
pilot by 2026. Five major areas (digital healthcare immersive
content, self-driving cars, smart cities and smart factories) are
identified for these pilot projects.
The South Korean Ministry of Science and ICT (MSIT)
has also formed the ”6G R&D Strategy Committee” which
consists of the three major mobile network operators, small
and large scale equipment manufacturers, government agencies
and public universities in South Korea. It will be responsible
for management of 6G related projects. The 6G research
program is also calling for proposals (led by 5G forum and 6G
TF) to perform pilot projects to realize 6G vision. The goals
of the 6G research program are 1)to reach the rate of 1 Tbps,
2)to reduce the wireless latency up to 0.1ms, 3)to extend the
connectivity coverage range up to 10 km from the ground, 4)to
utilize AI with entire network to cover all the segments, and
5) to use Security by design concept to protect the network.
8) Japan 6G/B5G Promotion Strategy: The Japanese gov-
ernment initiated Japan 6G/B5G promotion strategy in 2020
to promote research and development on 6G wireless commu-
nications services [179]. The Japanese government creates a
fund to support the research and development and to build a 6G
test-bed facility for academia and companies for testing their
TABLE V: Contribution of global-level ongoing projects, initiatives, associations and SDOs on 6G.
6G Architectural/ Technological/ Security Aspects 6G Applications
Intelligence Radio and RAN-Core Convergence
Edge Intelligence and Cloudification
Specialized 6G Networks
Blockchain/DLT
AI Security
Intelligence Network Management/ Orchestration
Privacy
Consumer end (terminal and users)
Quantum Security
UAV based Mobility
Holographic Telepresence
Extended Reality
Collaborative Autonomous Driving
Smart Grid 2.0
Industry 5.0
Digital Twin
Intelligent Healthcare
6G Projects
6G Flagship X X X X X X X X X X
Hexa-X X X X X X X X
INSPIRE-5Gplus X X X X X
5GZORRO X X X
AI@EDGE X X X X X X
ATIS/Next G Alliance X X X X X X X X X X X
South Korea MSIT 6G X X X X X X X X X X
Japan 6G/B5G Strategy X X X X X X X X X X X X
SDOs and Associations
ETSI X X X X X X X X X X X
NGMN X X X X X X X X X X X
NIST X X X
IETF X X X X X
5G PPP X X X X X X X X X
IEEE X X X X X X X X X
3GPP X X X X X X X X X X X X X X
ITU-T X X X X X X X X X X X X X X
21
developed technologies. This funding scheme also plans to
improve the collaboration between public-private sectors in 6G
research and development. The 6G vision includes ultra-low
power consumption, ultra-security and reliability, autonomy,
and scalability, in addition to the further advancement of 5G’s
characteristic features such as high speed and high capacity,
low latency, and multiple simultaneous connections. Moreover,
this 6G/B5G promotion strategy is aiming to establish and
showcase the core technologies for the 6G system by 2025
and put the new technologies into practical use by 2030.
VII. DISCUSSION
There is obviously a long journey to get to 6G, while current
5G will continue to evolve over the next few years. Every
new generation brings a big leap with respect to previous
generation. However, in the long run 6G will be a revolution
rather than an evolution due to the self managing networks and
will drive towards a more sustainable and trustworthy society.
The goal of 6G networks is to fulfill the connectivity
requirements of the 2030s and beyond human society. 6G
will be the key communication infrastructure to satisfy the
demands of future needs of hyper-connected human society
in the 2030 and beyond [25]. The development of new
technologies such as smart surfaces, zero energy IoT devices,
advance AI techniques, possible quantum computing systems,
AI-powered automated devices, AI driven air interfaces, hu-
manoid robots, self sustained networks, and future trends of
digital societies’ such as massive availability of small data,
increasing elderly population, convergence of communication,
sensing, and computing, gadget-free communication will de-
mands new applications. Thus, 6G will support new appli-
cations such as UAV based mobility, Connected Autonomous
Vehicles (CAV), Smart Grid 2.0, Collaborative Robots, Hyper-
Intelligent Healthcare, Industry 5.0, Digital Twin and Extended
Reality.
In this paper, we have identified mainly four key technolog-
ical domains which may bring the highest impact on 6G secu-
rity and privacy. In Table VI we summarize the benefits and
challenges with using Blockchain/DLT for security, quantum
security, distributed AI/ML security, and PLS. The security,
surveillance, accountability, and governance of the network
can be implemented through blockchain and DLT in general.
As DLT allows to store immutable and transparent logs for
each event which can be utilized in the auditing of events, it
may introduce trust among unknown entities in the system.
However, DLTs may introduce lots of issues with the user
and data privacy and extra computation and storage overhead
when they try to achieve this trust level. With quantum security
algorithms and their implications in network protocols and
related security procedures, such as post-quantum cryptog-
raphy and quantum key distribution, should be considered
in the design of next-generation networks. AI/ML has two
aspects regarding security: It can enable security as well as
suffer from threats and vulnerabilities as a founding element
of 6G networks. In 6G, AI/ML will be pushed closer to
the source of data for ultra-low latency while distributing
ML functions over the network to attain performance gains
due to optimized models and ensemble decision making.
However, overcoming practical constraints of some network
elements (e.g., IoT) will be challenging with AI security. PLS
mechanisms are expected to advocate and develop relying on
the unique characteristics and properties of wireless channels
to secure wireless communication. This may include the list
of security operations such as authentication, encryption, and
key exchange.
As described in Section III, 6G applications will support
different stakeholders and demand different levels of network
requirements including security. Since these applications are
arising with 6G and pre-6G security models will not be
applicable or sufficient enough to provided required level of
security for 6G applications. Moreover, a new set of security
attacks can be arises via these new applications. Therefore,
6G networks have to address the security issues due to
novel 6G applications. The main security threats and possible
defense mechanisms related to key 6G technologies and 6G
applications which are discussed in the previous sections are
summarized in Table VII.
VIII. CONCLUSION
In parallel to the deployment of 5G wireless systems, the
scientific community is setting the stage for next wireless
evolution towards 6G. Driving the vision of 6G security
TABLE VI: Solutions and Technologies.
Technology Benefits and utility for security Challenges
Blockchain/ DLT for secu-
rity
- Provisioning of transparency
- Allow trustless trading among unknown entities
- Preserving privacy
- High overhead
Quantum security - Provide unbreakable quantum-safe security - Lack of existing processing power with current
networking devices.
- Marginal availability of standardization.
Distributed AI/ML security - Higher accuracy
- Autonomous security management
- Optimized security enforcement
- Omnipresent operation - Feasibility
- Scalability
- Distribution management
- Securing of models and data pipes
- Computational infrastructure protection
- Explainability
Physical layer security - Provides a first line of defense
- Requires little or no additional computing resources, and
does not rely on the computational robustness of attackers
- Particularly attractive for umMTC and eURLLC
- Integration with higher layer solutions
- Trade-off between security performance, energy
efficiency, latency, and reliability
- Regulatory and standardisation aspects are still to
be addressed
22
TABLE VII: Summary of security attacks and their impact on 6G architecture, key technologies and applications.
6G architectural blocks Key 6G applications
Security attacks Possible defense mechanisms
Int. Radio/RAN-Core Convergence
Edge Intelligence and Cloudification
Specialized 6G Networks
Int. Net. Management/ Orchestration
Consumer end (terminals and users)
UAV
Holographic Telepresence
Extended Reality
Connected autonomous vehicles
Smart Grid 2.0
Industry 5.0
Hyper-intelligence health
Digital Twin
AI/ML
Poisonous attacks Moving target defense/ Input validation X X X X X X X X X
Evasion attacks Defensive distillation/ Adversarial training X X X X X X X X X
Infrastructure physical attacks
& communication tampering
Use tamper-proof hardware X X X X X X X X X X X
Compromise of AI frame-
works
Security solutions for software, firmware
and hardware.
X X X X X X X X X X X X
ML API-based Attacks Control information provided by ML APIs X X X X X X X
Model inversion attacks Noise injection X X X X X X X
Model extraction attacks Control information provided by ML APIs/
Noise injection
X X X X X X X X
Adversarial attacks Defensive distillation/ Adversarial training/
Input validation
X X X X X X X
Privacy attacks Differential privacy/ Homomorphic en-
cryption.
X X X X X
Blockchain
Majority/ 51% attack Select proper DLT architecture. X X X X X X X X X
Double-spending attacks Protect transactions. X X X X X X
Re-entrency attack Use security check tools. X X X X X X
Sybil attacks Use strong authentication and access con-
trol mechanisms.
X X X X X X X X X X X X
Authentication access control
attacks
Use robust authentication and access con-
trol mechanisms.
X X X X X X X X X X X
Security misconfigurations Identify semantic flaws. X X X X X X X X X X
Privacy attacks Privacy by design approach. X X X X X X X X
Quantum computing
Quantum cloning attack Uncloneable encryption mechanisms X X X
Quantum collision attack Quantum resistant encryption solutions X X X
VLC
Authentication/ access control
attacks
Location-based authentication X X X X X
Eavesdropping Artificial noise-assisted visible light MIMO
beamforming
X X X
Jamming and data modifica-
tion attacks
ML techniques to learn the environment in
real time
X X X X
THz
Authentication access control
attacks
Electromagnetic signatures for physical
layer authentication
X X X X X X
Eavesdropping Characterization of the backscatter channel
/ Exploting multipath.
X X X X
Molecular communication
Authentication access control
attacks
Biochemical cryptography. X X X
Privacy attacks Information-theoretic privacy /Camouflage
of DNA-based messages
X X
RIS
Authentication access control
attacks
RIS-assisted secret key generation. X X X X X X
Eavesdropping Controlling of phase shifts of RIS to im-
prove secrecy performance.
X X X X
23
towards a reality has already initiated from the research level.
In this paper, we presented one of the first surveys of 6G
security and privacy which covers all the possible areas that
could be touched with 6G security considerations. It has its
roots in a first white paper written by a group of telecom-
munication security experts. 6G is still in initial phases and
3GPP has not yet started the standardization with deployment
around 2030. Still, this survey tried to identify the relevant
security technologies and threat landscape based on future use
scenarios of 6G. We described security issues related to the
most renowned 6G potential use cases such as Industry 5.0,
digital twin, Unmanned Aircraft and Autonomous Vechicle
control, Extended reality and SmartGrid 2.0. In addition to
that, we discussed the threat landscape and possible solutions
with respect to the key 6G technologies including AI/ML,
DLT, Quantum Computing, VLC and THz communication.
We also presented the significance of privacy in the 6G vision
towards reality. Finally, we summarized the ongoing research
projects on 6G which have the closest alliance with security
and privacy. As a whole, our intention was to compile this
survey to serve as an enlightening guideline for the future
research works on 6G security.
ACKNOWLEDGMENT
This work has been performed under the framework of
6Genesis Flagship (grant 318927) and 5GEAR projects. The
research leading to these results partly received funding from
the European Union’s Horizon 2020 research and innovation
programme under grant agreement no 871808 (5G PPP project
INSPIRE-5Gplus). The paper reflects only the authors’ views.
The Commission is not responsible for any use that may be
made of the information it contains.
REFERENCES
[1] P. Porambage, G. G ¨
ur, D. P. M. Osorio, M. Liyanage, and M. Ylianttila,
“6G Security Challenges and Potential Solutions,” in 2021 Joint
European Conference on Networks and Communications (EuCNC) and
6G Summit. IEEE, 2021, pp. 1–6.
[2] C. de Alwis, A. Kalla, Q. V. Pham, P. Kumar, K. Dev, W. J. Hwang,
and M. Liyanage, “Survey on 6G Frontiers: Trends, Applications,
Requirements, Technologies and Future Research, IEEE Open Journal
of the Communications Society, pp. 1–1, 2021.
[3] X. You, C.-X. Wang, J. Huang, X. Gao, Z. Zhang, M. Wang, Y. Huang,
C. Zhang, Y. Jiang, J. Wang et al., “Towards 6G wireless communica-
tion networks: Vision, enabling technologies, and new paradigm shifts,”
Science China Information Sciences, vol. 64, no. 1, pp. 1–74, 2021.
[4] S. J. Nawaz, S. K. Sharma, S. Wyne, M. N. Patwary, and M. Asaduz-
zaman, “Quantum machine learning for 6G communication networks:
State-of-the-art and vision for the future,” IEEE Access, vol. 7, pp.
46 317–46 350, 2019.
[5] V. Ziegler, H. Viswanathan, H. Flinck, M. Hoffmann, V. R¨
ais¨
anen, and
K. H¨
at¨
onen, “6G architecture to connect the worlds,” IEEE Access,
vol. 8, pp. 173 508–173 520, 2020.
[6] H. Viswanathan and P. E. Mogensen, “Communications in the 6G era,”
IEEE Access, vol. 8, pp. 57 063–57 074, 2020.
[7] S. Wijethilaka and M. Liyanage, “Survey on network slicing for internet
of things realization in 5g networks,” IEEE Communications Surveys
& Tutorials, 2021.
[8]