Security, Privacy and Trust in 6G Networks

Security, privacy, trust…  These three concepts are closely related and all three will be critically important to the uptake and acceptance of 6G communication. This article takes a short look at the difference between the three concepts, and then discusses the research challenges related to these for the development of 6G.

IT security or cybersecurity is an overarching principle in IT and computer science. Cybersecurity manages cyber risks to data, processes, users and assets. It includes not only control of data and access to data, but also processes as well as physical and virtual assets. IT security practices include, for example, endpoint security that controls the display of data on a smartphone, or “data in use” measures to protect network data and infrastructure from hacking or cyberattacks. Privacy is related to security but is a different issue. Privacy is about the individual’s rights to own the data generated by his/her activities, to restrict the flow of that data, to determine who may have access to that data, and to determine how the data may be used. Privacy in IT systems is there to protect a human being’s personal information. IT mechanisms that ensure security also benefit privacy, but security alone is insufficient. For example, government agencies may ensure that the data they collect is secured via encryption, but that data may not protect an individual’s privacy or could even violate personal privacy. In many discussions about cybersecurity, the focus is on digital security, while the digital privacy of users is ignored or even violated. As such, software and system architects must take privacy into account throughout their entire engineering process. Approaches such as Privacy by Design and Digital Rights Management support this goal.   Which brings us to trust. What is trust in a wireless network? In a data network, trust is about the expected outcome when communicating remotely with a 3rd party in a session, when clicking on a link, or when opening an email. The possible outcomes could be the expected, positive ones (e.g. reading the message in an email) or could be negative (e.g. being hacked, cheated or tricked in some way). Trust at the networking level includes addressing questions such as:

• Can this host communicate with another host without being hacked in the process?
• Could this interaction lead to a loss of data or loss of privacy?
• Is it possible that the addresses in the data packets are spoofed?

Trust includes both tangible and intangible elements, all of which must be present to establish trust. Trust is built upon both security and privacy as tangible elements, but also upon an intangible “feeling” of trust that can come, e.g., from word-of-mouth recommendations or a professional user interface. In a mobile or wireless network, trust includes the additional element of health: is the radiation from antennas or handsets harmful or innocuous? Should I be concerned about the long-term effects of living near an antenna tower or leaving my phone on the night table?

Security, Privacy and Trust Challenges for 6G

While security, privacy and trust are important to all forms of data networking, 6G brings some additional challenges that need to be addressed. The 6G network will be used as a ubiquitous sensor, blurring the line between the physical and digital worlds. As such, a breach in the security of the 6G network could lead to a loss of information, loss of control over your devices, loss of money, loss of property, or even physical danger to people. In a worst-case scenario, cyber warfare could wreak havoc in the physical world, with a direct effect on national security. To address all these concerns, the level of trust, privacy and security in 6G networks must be significantly higher than current state-of-the-art in today’s data networks, which necessitates research in many different areas. 

Challenges in trusted networking:

• The openness of the Internet and lack of enforceable regulation
• Scalability across heterogeneous devices, heterogeneous usage patterns, heterogeneous network types, heterogeneous cloud deployments, …
• Trust management across multiple domains, including the adoption of zero-trust technologies
• Building software with fewer (ideally no) vulnerabilities across the entire value chain
• Standardisation of trust models (e.g., how to establish trust, how to measure trust, different service scenarios …), at least for the tangible aspects of trust
• Intangible trust and perception concerns such as radiation and health

Challenges in new network architectures:

• Challenges in a post-quantum world, e.g., standardisation of post-quantum cryptography, to ensure quantum-safe encryption
• Software- and AI-defined security: the combination of security functions based on software, virtualization, machine learning and artificial intelligence will lead to proactive security which can identify attacks and optimally respond to those attacks. At the same time, attackers will use the same tools to create better attacks, leading to an “arms race”
• The increase in cloud computing and offloading functionality to the cloud introduces security threats related to data confidentiality, data integrity, platform integrity and user privacy. This could be mitigated by developing or improving authentication at the remote endpoints, hardware trust anchors, trusted execution environments, certifying platforms, and supporting remote attestation.

Challenges at the physical security layer:

• Physical security for 6G addresses one of the most important applications for 6G: humancentred mobile networking, such as wireless body area networks, including on-body and in-body devices. As such, the human body becomes a part of the network architecture. And, as such, security becomes absolutely critical.
• There are multiple research areas in physical security that will need to be combined to ensure security and privacy in 6G, for example:
  1. The development of distributed, cooperative security protocols
  2. Preventing attacks using cell-free MIMO and intelligent reflective surfaces
  3. Visible light communication (VLC) as a complementary technology
  4. How to ensure platform security when antennas are distributed in multiple locations?
  5. Jamming protection to detect and mitigate against jamming

Challenges for privacy protection:

• How to measure levels of personal protection required or provided?
• Define thresholds for personally identifiable information
• How to empower users to easily define what data they are willing to share, and with whom, in an understandable manner

The decisive impact that security, privacy and trust will have on the acceptance of 6G and the use cases which rely upon 6G cannot be understated. The advantages and promise of 6G cannot be fulfilled until the challenges listed above are resolved. If you are a researcher in this area or are interested in contributing to security, privacy and trust for 6G, we invite you to join Thinknet 6G. We will be organizing round table discussions and working groups in this domain soon. More details will be available on this page shortly and in our newsletter.