Rejoinder forthcoming in April.
In the fifth generation (5G) of wireless, the introduction of public key encryption–based authentication for private 5G networks brought wireless security protocols even closer to those predominantly used in the core network. At the same time, new use cases were introduced to accommodate emerging verticals, such as smart factories, autonomous vehicles, and smart cities. The introduction of massive machine type communications (mMTC) and of critical Internet of things (IoT) applications under the umbrella of ultra-reliable low latency communications (URLLC) was in fact the precursor of a new wave of intelligent devices and (sub)networks that will be part of the 5G and beyond. Autonomous agents such as robots, drones, vehicles, and so on, are loaded with sensors and running advanced artificial intelligence (AI) algorithms (embedded or on the edge) to drive their autonomous operation. In this new emerging reality, the fiber of networking also changes, moving toward a network of subnetworks. In view of these fundamental changes, the question arises: in this emerging reality of dynamic, largely decentralized, heterogeneous systems of intelligent agents and things, will the standard, static, crypto-based security controls of previous generations be the way forward?
5G security enhancements present a significant improvement with respect to long-term evolution (LTE), with the use of public key encryption (PKE)–based protocols for authentication and key agreement (AKA), in addition to message integrity checks, and so on. However, as the complexity of the application scenarios increases with the introduction of URLLC, mMTC and more generally intelligent IoT related verticals, novel security challenges arise that seem difficult to address with the classic complexity-based cryptography. Below, we attempt to provide an overview of the challenges as well as the opportunities ahead and comment on some of the potential emerging paradigms.
Low-latency, low-footprint, scalable security. Operating under aggressive latency constraints, in massive connectivity regimes, with low-energy footprint and low-computational effort, while providing explicit security guarantees for networks of autonomous agents, is challenging. Persistently, the massive scale deployment of low-end IoT nodes, often manufactured with nonhomogeneous production processes, poses pressing questions on the long-term IoT security (note that IoT traffic is largely unprotected).
Quantum resistance. Furthermore, future-proof security systems will necessarily rely on quantum-resistant primitives and schemes. With respect to the recently standardized post-quantum cryptographic algorithms by NIST (National Institute of Standards and Technology; Avanzi et al., 2019; Bai et al., 2021), computational complexity remains substantial for very simple devices (low-end IoT)—despite the fact that the chosen lattice-based algorithms are among the alternatives with the shortest key lengths. There is a clear need for novel, lightweight quantum-resistant solutions oriented specifically to low-end IoT devices.
Artificial intelligence and machine learning. At the same time, the extensive introduction of AI and machine learning will further increase the attack surface of 6G systems; it is currently understood that defenses are needed against adversarial AI (e.g., to protect against data poisoning; Jagielski et al., 2018), the energy footprint needs to be contained to sustainable levels (green AI), the outputs of AI algorithms need to be explainable and unbiased (XAI; Belle & Papantonis, 2021). Hand in hand with these challenges, new opportunities arise, for example, with respect to decentralized and democratized learning and computing (e.g., using federated learning; Kang et al., 2020) and the possibility to perform context and semantics distillation that can enable the use of new technologies, such as physical layer security (PLS) and distributed inference (Segura et al., 2022), as discussed below.
Quality of security (QoSec). Looking at the big picture, a sustainable and secure future calls for adaptivity to make the most out of limited resources. In this direction, adaptive security algorithms and protocols can be envisioned that dynamically adjust their configuration and parameters according to inputs from several layers and more generally from semantics and contexts. To provide scalable solutions for massive IoT and networks of cyber-physical systems, QoSec could provide a flexible security framework for future networks, introducing different security and trust levels.
Physical layer security. In the framework of adaptive AI-enabled security, it is envisioned that PLS solutions (Chorti et al., 2022; Shakiba-Herfeh et al., 2021), which exploit physical phenomena to provide security, can complement post-quantum cryptographic schemes and strengthen the overall trust and resilience of 6G. PLS can be used to provide keyless exchange of confidential or private messages, as well as to generate and distribute symmetric keys by exploiting the propagation characteristics of the wireless channel. In 6G, channel engineering and controllability (e.g., with the use of meta-surfaces, drones for multi-hop networks and very narrow beamforming) will allow exploiting such opportunities in a systematic manner. In addition, authentication at PHY (physical) and hardware layers, for example, using physical, un-clonable functions and localization as a second factor of authentication, can be introduced to enable a quick and potentially continuous verification of legitimate users, even without upper-layer processing.
The introduction of sensing and high precision localization in 6G. In 6G, positioning and radar sensing will be default services (3GPP, 2022). On one hand, this provides novel opportunities for the use of positioning and sensing for integrity and consistency checks and anomaly detection accounting for the physical behavior devices. Such a processing can be generalized with the use of distributed statistical inference. Positioning and sensing integrity will be of great importance; currently, angle of arrival (AoA) in conjunction to ranging, camera depth estimations, and so on, are studied to render positioning unforgeable. Several protocols have already been proposed that incorporate positioning information as a second" soft authentication factor, while Sybil cyberattacks in robotic systems have been identified using AoA (Gil et al., 2017). Overall, positioning will be an important parameter for evaluating the trustworthiness of autonomous agents in 6G. At the same time, privacy concerns arise.
Privacy in 6G. As mentioned above, radar sensing will be omnipresent. It can be used to count the number of people in a room (e.g., by identifying heartbeats or other related physiological signs). At the same time, the use of wide frequency bands (available at mmWave and sub-THz bands) can allow resolving multipath components and reaching cm-level localization precision with radio frequency signals. As a result, serious concerns arise with respect to privacy of individual users. While federated learning and approaches targeting differential privacy, that is, relying on rate-distortion theory, are promising, there is still a lot of work in terms of privacy-preserving sensing and privacy by design. The trade-off between utility and privacy is potentially a key research topic in 6G security.
Trust and trustworthiness. As a whole, the overall behavior of the devices, agents, and systems should be accounted for when building trust and evaluating trustworthiness. For a trustworthy 6G, multiple layers of trust must be assured. While related discussions are still unfolding, it is common sense that building a trustworthy 6G network necessitates trusting the AI brains and the infrastructure body of the 6G network (including the sensing, communication links, and processing). At a very abstract level, the first anchors of trust boils down to trusting (in a very abstract manner):
The sensing (radar, RF [radio frequency], camera, lidar, etc.) that collects raw or processed data (of particular importance in 6G is high-precision localization information) and drives actuation;
The computation and processing platforms (including for learning and optimization) at different parts of the network (on device, edge, core network);
The communication links that carry the data exchanged and authenticate agents and devices, providing confidentiality, integrity, authentication, and availability guarantees;
The AI algorithms that determine the behavior of the autonomous agents, devices, and systems based on the received data and sensing inputs.
The sixth generation of wireless will be the first AI-native generation and will interconnect intelligent and autonomous cyber-physical systems (robots, vehicles, platoons) and bring to life digital twins of physical objects and the metaverse. The anticipated fusion of the physical, digital, and human worlds marks the beginning of a new era in which the physical properties of interconnected systems are crucial for security. Research into areas such as AI, distributed statistical inference, and physical layer security, among others, are pivotal to enable smart, adaptive security protocols.
Arsenia Chorti has no financial or non-financial disclosures to share for this article.
Avanzi, R. M., Bos, J. W., Ducas, L., Kiltz, E., Lepoint, T., Lyubashevsky, V., Schanck, J. M., Schwabe, P., Seiler, G., & Stehlé, D. (2019). CRYSTALS-Kyber algorithm specifications and supporting documentation. NIST PQC Round, 2(4).
Bai, S., Ducas, L., Kiltz, E., Lepoint, T., Lyubashevsky, V., Schwabe, P., Seiler, G., & Stehlé, D. (2021). CRYSTALS–Dilithium: Algorithm specification and supporting documentation.
Belle, V., & Papantonis, I. (2021). Principles and practice of explainable machine learning. Frontiers in Big Data, 4, Article 688969. https://doi.org/10.3389/fdata.2021.688969
Chorti, A., Barreto, A. N., Köpsell, S., Zoli, M., Chafii, M., Sehier, P., Fettweis, G., & Poor, H. V. (2022). Context aware security for 6G wireless: The role of physical layer security. IEEE Communications Standards Magazine, 6(1), 102–108. https://doi.org/10.1109/MCOMSTD.0001.2000082
Gil, S., Kumar, S., Mazumder, M., Katabi, D., & Rus, D. (2017). Guaranteeing spoof-resilient multi-robot networks. Autonomous Robots, 41(6), 1383–1400. https://doi.org/10.1007/s10514-017-9621-5
Jagielski, M., Oprea, A., Biggio, B., Liu, C., Nita-Rotaru, C., & Li, B. (2018). Manipulating machine learning: Poisoning attacks and countermeasures for regression learning. In 2018 IEEE Symposium on Security and Privacy (SP) (pp. 19–35). IEEE. https://doi.org/10.1109/SP.2018.00057
Kang, J., Xiong, Z., Niyato, D., Zou, Y., Zhang, Y., & Guizani, M. (2020). Reliable federated learning for mobile networks. IEEE Wireless Communications, 27(2), 72–80. https://doi.org/10.1109/MWC.001.1900119
Segura, G. A. N., Chorti, A., & Margi, C. B. (2022). Centralized and distributed intrusion detection for resource-constrained wireless SDN networks. IEEE Internet of Things Journal, 9(10), 7746–7758. https://doi.org/10.1109/JIOT.2021.3114270
Shakiba-Herfeh, M., Chorti, A., & Poor, H. V. (2021). Physical layer security: Authentication, integrity, and confidentiality. In K. N. Le (Ed.), Physical layer security (pp. 129–150). Springer International Publishing. https://doi.org/10.1007/978-3-030-55366-1_6
3GPP. (2022). Study on integrated sensing and communication. Technical Report TR 22.837. www.3gpp.org
©2023 Arsenia Chorti. This article is licensed under a Creative Commons Attribution (CC BY 4.0) International license, except where otherwise indicated with respect to particular material included in the article.