2024 全球6G技术大会 -10.0Q White Paper on Potential Key Technologies for 6G Security

3 5 5 5 6 7II.DistributedTrust 7 7 8 9 11III.UbiquitousTrust 7 13 13 14 15 13 16 16 18 19 20 20 20 22 23VI.SecurityCapability 25 25 25 26 27 25 29 29 30 31VIII.AISecurityManagementandDecision-MakingTech 32 32 32 34 35 37 37 38 38 39 41 42 43 45leadingtofurtherblurringoftraditionalnetworksmethodscontinuetoescalate,futurenetworksend-to-endsecurityandtrustworthinessof6Gnetworks.respondstovariousthreatsansecurityandreliabilityof6GnetworThereconstructionof6Gnetwnetworksecurityshouldhabuilt-inSecurityArchitectureResearchReport"[2]orchestrationandschedulingcapabilities.Intheformofasecurityplane,itprovisecuritygenesfor6Gnetworkstoachievethesecurifromthreelevelsofsecuritycapability,securitycontrol,andsecuritydecision.AmoTechnology,andChapter5technologiesatthesecurityTechnologyandChaptertechnologiesataroundthegoalsoftrustandsecuriI.WirelessPhysicalLayerSecurityInthefuture,thetypeInternetofThings(IoT)deviceswithcomplexsignalingandprocessingoverhead.electromagneticenvironmephysicallayersecurity(PLS)tecchannels,suchasanisotropy,randomvariability,securitycapabilitiesthatcanbeintegratedbutdonotrelyontraditionalsecurByminingandutilizingthebuilt-insecurityattributesofwirelesschannels,PLtheintegrateddesignofcommunicationandsecurity,whichisexpectesecuritycapabilitiesfortheinformationsecurityof6GInendogenousintegrateddesignofcommunicationandutilizingthebuilt-insecurityattributesofwirelesschannels.Underthestimulationocommunication,wirelesmanipulatetheelectromagneticenvironmentmorefinely,thereenvironmentforcombatingwireless(1)PhysicalLayerKThephysicallayerkeygenerationtechnologyutilizesHowever,thenaturalwirelesschannelisuncontrollable.ByusingRISantechnologiesof6G,thewirelessenvirthechannelconditionsofcommunication,andreducingthecorrelationbetweenthelegitimateonthecharacteristicsofwirensurereliabletransmissionofconfidentialiwhileattemptingtotransdifferencebetweenlegitimatechannelsandeavesdroppingchannelicationutifwirelesschannelstorealizetheauthenticationofnodeidentityornincreasesthelengthofthetrustedroot,butalsoexcomparisonandauthenticationmechanismbasedonidentauthenticationofwirelesssignals,resistingunknownwirelessaccessattacks.Wirelessbuilt-insecuritytechnologycansolvesesignaldomain,suchaswirelesseavesdropping,wirthusbuilding6Gairinterfcouldbeintegratedintotheupper-layersecuritycapability,whichcouldprovideasecumeetdifferentiatedsecurityprotectionrequirements.Thewirelessbuilt-insecuricouldprovidesecuritycapabilsecurityandlightweigtheupper-layerkeysystemordistribution/management,andimprovesecuritywhilereducingcomputationalcoAtthesametime,byusing6Gpotentialkeytechnologfinelyperceivethewirelessenvironment,excavateandcustomizinformation,andimprovecommunicationqualitywhileassistinginimpFigure2SchematicDiagramofApplicationConceptsofWirelessPhysicalLayerconstructanewwirelessphysicallayersecuritytechnologywithintelligentnativeintegratUtilizeemerging6Gtechnologiessenhancetheabilityforchamechanismfromsensingcapabilitiescationfphysicallayersecurityandupper-layersecuritymechanismstofurtheof6Gsecurity;experimentalanalysisofrequirements,layingthefoundationforitsengineeringapplicationwirelessendogenoussecurityperformanceevaluationsII.DistributedTrustTechTheopennetworkecologyandheterogeneousintegratednetworkarchitectureocharacteristicsofcross-network,cross-inecology.6Gnetworkswillsuppotamper-proofoperationalmechanismthatcanbuildconsensusamongmultipleparties,addresstrustworthy[5].Ontheotherhand,6Gnetworkssuppoandinstitutionsneedtotelecommunicationsnetfuture,6Gnetworksneedtointroducetrparticipatinginthenetworkusetechftrufmultipleparticipatingparties[6].Blockchainisthefoundationofdecentralizeddatabasetconnectingeachblock.Eachblockcontainsinformationaboutthepreviouslyconnectedblockandusescryptographictechniquessuchashashalgorimbeingtamperedwith.BlockchainhasthecharacteristicsftechnologiestoimplementblockchainAccordingtotheaccesssystemauthorizationmethodofparticipants,blockchainsystemsaccessthesystemwithoutauandparticipantsdonotfullytrusteachother(semi-trusted).Aapplicationscopesofblockchain,thepermissionedconsortiumchainsandprivatechains.Aconsortiumchainisablockchainmultipleinstitutions[6].Inadditiontousingblockchaintobuildatrustbase,authenticationscheme.Theauthenticationofatelecommunicationnoftheoperatororequipmentvendor.Thisisakindofendorsementcross-domaincertificateverification,enhancingthetrustworthinessandreliabilityofCAs.Thesecondistheauthenticationbetweentelecommunictheusersignscontractswiththeoperatormanagedbytheoperator,essentiafThe6Gblockchainisbasedonthe6Gnetwocommunicationnetworknodesastheinfrastructurenodesofblockchain.6Gblockchainproceduresduetotheintroductionofblockchain[7].Accordingtothedifferentrolesofblockchainintelecomnetworks,blockchainisdeployedindifferentpositionsofthenetwork,andtherearethreedeFigure3SchematicDiagramofBlockchainDeploymentthelevelofnetworkelementsornetworkmanagtofthenetwork,andunderfblockchainconstruction,maintenance,andpermissionauthenticationofblockchainnodes.Theblockchaincapabilitiesofaccessnetworksandterminals(inwhichblockchainclientsmaybeprovided)arepre-installedandcanbeunetwork.Theblockchainexistswiththeestablishmediscoveryempoweredby2)Upper-layerblockchainmode:Theblockchainisbuiltontopoftheexistingtelecomnetworkarchitecture,andblockchainfunctionscanbepluggedinorremtorequirements.Theblockchainfunctionalityisdeployedintheformoffunctionsinthecorenblockchaincapabilitiesofaccessnetworksandtermaybeprovided)canbeissuedbythecorenetwork,andtheblockchaincapabilibefreelyconfiguredaccordingtorequiremen3)Hybridblockchainmode:Theblockchainmoduleisdividedibelongingtothebasicfunctionsofthetelecomnetwmode,andonlycontainingbasictrustfunctionspartbelongstotheservicefunctionsofthetelecomnetwork,deployedintheupper-layermode,andadditionalfunctionscanbeaintroducetheDPKItechnologybasedonblockchain.Itwillleveragethebloccharacteristicsofopennetamper-prooftobuildatrustalliance,enablingblockchain-basedcertificateandidentitymanagement,transparentauditing,andcross-domainverification.Thetechnicalapproaches:First,therealvaluesofcertthehashesofcertificatesarestoredintheblockchain.Theblockchainmaintainstheintegrityofthedata,therebypreventingfromthefailureofnodesinthestoragesystemduetoattacks.CAcertificatesrequiredfornetworkoperationsintotheconsoidentifiersontheblockchainneedtobecarried.Third,devicepublickeofdigitalcertificates,simplifyingthecomplexityofkeymanagement[7].Fordistributedauthenticationbetweentelecomnetworkusersandthennetworkswilladoptdigitalidentitytechnoloselectivelysharingspidentitycansupportanonymousidentityverification.UserscanprovidethenecessarinformationwhentheyneedtoverinotonlyuserauthenticationbutalsotheaBlockchainfacestheimpossibletriangleofsecurity,transato6Gnetworks,theexistingblockchainarchitectureusedinandtransactionratefallshortofreqTherefore,researchisneedeofthethreesidesoftheimpossibletriangleisnecessarytoselectthemostsuitableblockchainDistributedauthenticationintroandidentities,bringingnewchallengestothenetwandtransmittingdistributedcertificatesandidentitiespresentsaprocessbeforenetworkentitiesinteractneedstobereconstructed.Newandacryptographictechnologiescanbeutilizedtofcertificatesandidentities,ensuringsecureprotectionandefficientverificationdudistributedstorage.Furthermore,thautomatedauthenticationandpermissioncontrolofcertificatesandidentities,ultimatelyIII.UbiquitousTrustTThe6Gcloud-edge-terminalconveroundaries,requiringcross-domainandconsistentsecuritysolutionsdorchestrationofsecuritypolicies.Atthesametime,thedevelopmentofgenerativeartificialintelligencewillgreatlyreducetheattackthreshTraditionalsecurityprotectisecuritytechnologytinterconnectionandinteroperability.Thistechnolassessmentandprotectionofnetworkassets.Trustedcomputingisatechnologybasedontoprotecttheintegrity,avaunauthorizedaccessandattacks,andprovidethtrustworthinessofcomputersystems.Trustechnologies:secureboot,securemenvironment,andmemory/virtualmachByverifyingtheintegrityandauthenticityofthefirduringthesystembootprocexecuted.Thisfunctioncaneffectivelydefrombeingloadedandevulnerabilities.Theapplicationofsecurebootandtrustedmetriccaserver,thesecuritypostureofallassperformsecurityO&MonAtrustedexecutionenvironmentbeingaccessedbymalicioussoftwareorunauthorizedapplications.Forusetrustedexecutionenvironmentallowsequipincreasesusertrustindevicesandapplications.Therefore,thkapplicationsandprocesssenof6Gnetworkswithahigherlevelofsecurity,andallow6GnetworkmaintainerthesamequalityofserviceAcompletetrustedcomputingsoloperatingsystems,etc.ThefollowingfigureshowsFigure4SchematicDiagramoftheRelationshipBetweenKeyTechnologietrustedfoundation.Securemetricbuildsachainoftrusttoextendtrusttoandapplications.Thetrustedexecutionenvironmentprovidesaseread-onlyareaandtrustetouploadmalicioussoftwareortamperwithapplicaForassetsthathaveappliedtrustedcomdetection/defense,butalsogreatlyreducingtheresourcecconsumptionofsecuritydetection/defense.ForsecurityO&M,trustedcomputingprovidesaunifiedsointeroperability.AssetsthatfallintoFordataproviders,trustedcomputingprovidesanisoSensitive/privatedataistransmittedencryptedandprocesssecureapplicationdeeliminatesthepossibilityofthird-partyUbiquitoustrustedtechnologyincludeprovidesarootoftrustforvarioustrustedmodes.However,applyingtrustedcomputingtnetworksstillfacessomechallenges.Forrestarttime,indirectlyaffectilocatedwithinhardwareOTPresources,oncetherootoftrustedisleaked,thecostofchangingisveryhigh.functionalitiesoftrustedcomputinecessarytoconsiderhowtoimprovethetrustworthinessofexistingsecurityfunctionsbasedonthetrustedcomputingrootoftrust,tobuildatrustedifferentnodesinthewholenetworkandrealizeubiquitoustrustedinthetechnology,itsimportanceinmobilesecurityofpublickeycryptographicalgorithmsdependsonthedifQuantumcomputerscaneffectivelysolvetheseprcryptosystemsbasedontheseassumptionsinsecure.Therefore,sufficientlypowerfulsymmetricandasymmetricalgorithmstcryptographicalgorithmswillbehalved,whilemanycommonlyusedasymmetricalgorithms,willnotprovideanysecuThetwomainstreamquantumsecuritytechnologies(QKD)andPostQuantumCryptography(PQC).Thesetwcharacteristicsandadvantages.Intheinformationsecurityofthepost-quantumcomputingera,withthehelpoftherelatedcharacteristicbepreparedforquantumsecuremechanics.Itsmaingoalistosecurelydistributekeysbetweencosubsequentcommunicationcanbetheoreticallyunbreakable.Similartopublicproventobetheoreticunlimitedcomputingpower.AtypicalQKDnetworkisshowninthefigurebelow:Figure5SchematicDiagramoftheTypicalArchitectureofQKDsecurekeysbetweenanytwodesignatednodesviaappropriatekeyrrnetwork)[8].seeksnewcomplexmathematicalproblequantumandclassicalcomputeprotocolsandnetwoInthesymmetriccryptETSISAGE.Inthe6Gera,ifAES-256isadopted,NISTblaunchedaprocessin2016tosolicit,evaluate,aoneormoreadditionalnon-secret,publiclydiscloseddigitalsignatures,publickeyencryption,andkeyestablishmentalgorithmsthatareavailsensitiveregulatoryinformation.NISTwillpublishamostcriticalissuesselectedthefollowingalgorirecommendedbyNISTasthemaindigitalsignaturea3)FALCON:Anotherdigibutnotasperformantasaccessnetworkandthecorenetwork,andbasedonthesekeystoencryptcommunicationbetweenthetwPQCplaysacriticalroleinthegenernetworkstoensurethesecurityofsystemsordatatranauthenticityofpublickeysusedinquanandDTLScanbedeployedinforwardandreversepathstoQuantum-secureTLScanbedeployedinthecorenetworktoprotectcommunicNFs.deployment.OpticalfiberQKDcanbeimplementedonexisHowever,duetophotontransmissionlosses,thephotonsislimited.ThesolutiontothisproblemreliesontrustedrelaynodmultipleQKDsystems.ThissolutionalsoimposeshighAlthoughPQCalgorithcantrulybeappliedincommunicV.PrivacyProtectionTe6Gnetworksrelyontheentiredatalifecycleofmtransmissionandtheunpredictabilityoftransmissionpaths,theownershiintegrityandownership,andtherearerisksofuserprivacybeingeasilyleaked,tDuetotheintegrationofmultipleheterogeneousnetworksin6G,thephysilogicalboundariesareblurred,andusersofdifferentsecuritylevelsfrequecross-domainaccess,whictechnologiescannolongermeettherequirementsofcross-domainaccesscontrolof6Gnetworks.Therefore,itisnecessarytosupportlenvironmentoffrequentcross-domainauthenticationofmassivedata,andensuretransmissionandcontrolledsharingofdataacrossdomains.Throughouttheentirelifecycleofdata,correspondingprivacyFigure6SchematicDiagramofPrivacyProtectionTecmethodsusedtoprotectpersonalprivacyandsensitiveinformation.Anonymizationprocessesatatoremovepersonallyidentifiableinformation.Thrdeletingthepersonallyidentifiableinformsensitivityofdatabyencrypting,replacing,masking,retainingtheanalyticalvalueofthedata.Datade-identificationtechniquesremoveorreplaceindividualidentityiachievedthroughgeneralization,suppression,dissection,permutation,anddisturbancetoprotectprivacywhileallowingeffectivedataaandSM4,whichensurethencryptionhastheadvantrresource-constrainedenvironmentssuchasmobileprotectingdatapriDatamasking,differentialprivacy,anddatade-identifictoprotectpersonalprivacyandsensitiveinformationinthintroducesnoiseintothedatatoensurethatevenifinimpossibletoinfertheinformationofspecificindividuals,therebyprotectingpersonalInthedatausageandshencryptionandSecureMulti-PartprotectedexecutionenvironmentforsensitiCombinedwithfederatedlearningtechnology,distriberealized.ThisenablesdatasharingandutilizationwhileprotectingdataToaddressthesecurityprotectcanbeutilized.Byformulatingeffectiveaccesscontrolpolicies,authenticatsourcesinenvironmentswithfrequentwidelyusedtoprotectuserprivacy.Anonymizationhididentityinformationwithpseudo-identifiers.Maskingsensitivedata,suchaspidentifiableandlocationinformation,topreventleakage.Datade-identificationhidespersonalandhealthmonitoring.Inthefutuensuringthatuserprivacyisno(2)6Gnetworksutilizehigherfrequenciesandwiderandprivacy,providingmoresecureandranddatade-identificationtechnologymaycollaboratprivacytechnologycanbetweenmobiledevicesandcentralservers,providithesensitivityofthedataincreases,datamaskingtechnologycanreducethesensitivityofthedatabymaskingorreplacingsensitiveinforfeffectivenessofdataanalysiswhendatasharingandmodel(4)Datausageandsharingstage.In6Gnetworks,lbandwidthandlowlatency,controlcanbeachieved.Duringthedesignprocessimplementedondatabasedonfactime,thehigh-speedcommunicationandmobileedgecomputingcapabilitiesotasksinsecureprocessorsoandcomputing.Combinedwithfederatedlearningtechnology,supportedtoperformmodeltrainingandparameterupdatesinadistributedenvironment,thusstorage,processing,andsharing.UseandanalysiswhileensuringthattheprivacyandintegrityofthedataareprWiththepopularizationofintelligentapplicationsinthe6Gera,dincreasinglydiversified,involvingmulti-dimensionaldatasuchasDifferentdatatypesandentitieshavedifferentnecessarytoflexiblyapplyvarioustechnologiestocopewiththediversificationofprotectionobjects.Inaddition,toensuredatasecurityandprivacyasystematicframework.Thecomprehprotection.However,thereareadsecurity.Therefore,futureprprotectionpoliciestoensuretheinteroperabilityandeffectivenessofvarioustechnologiesandmethodsindifferentenviVI.SecurityCapabilityService-OrientedTechnolneedsofallusers.Itneedstoprovidedifferentiatedsecuritycapabilitiesreservices,whichbringsgreatsecuritychallengestonetworkmanagement,resourceallocation,anddatatransmission.Asnetworkcscenarios,lightweight,effbecomingtheimportantfeaturesof6Gnetworksecuritycapabilities.Thisrequiresthenetworksecurityarchitecturetohavethecollaboration,andscalability.Itneedstoexpansionofsecuritycapabilitsecurityarchitecture.Therefore,bothfromtheperspectiveofnetworkarchitectureanschedulingandelasticdeploymenttoensuretheThetechnicalfoundationofsecuritycapabilityservitizatatomized,andthetoplayerisunifiedthroughsoftwareprogrammifunctionsandrealizestheservitizationofsecuritycapabilitiestomeetthediverprotectionrequirementsofdifferentservicesandscenarios.Networksecuritycapabilitiesandvihorizontallyscaledaccordingtotherequirementsofcustomers.Thesecurityorchestrationandcsecurityresourcepoolthroughthesoutsystems.Thesecurityorchestrationanthenorthboundandsouthboundinterfacesintonormalizedandstadecision-makingthroughtheintelligentorchestrationmodel.Securitycapabildifferenttypesofusersorthird-partyplatforms.Securityapplicationsdifferentusersecurityrequirements.Thesecurityfunctionsinpoolarecalledbycombiningthetaskschedulingandorchestrationpossibletoachieveflscenariosandservpersonalizedsecurityservicesandsecrequirementsof6Gnetworks.SDStechnologyisappliedinvaritoachievesecurityintelligenceorchestrationandunifiedcollaboraneedstoswitchbetweenmultiplrchestrationandfollow-uptoensuretheconsistencyandconf（2）Whenthenetworkisdynamicallycreatedandprotectionandthecontinuityofthenetwork.differentiatedsecurityprotectiftheentirenetworkforsecurityservices.seamlesslyconvertedwhenthsustainablesecurityservicesfor6securityintelligentcontrolandorchestrationasthecoCombinedwithAImodels,itwillfurtherintelligentizetheorchestrationofcapabilitiesandexternalservicesaccordingtoserequirements.ThiswillplayaroleitopayattentiontotheinsufficientinterpretabilityoftheAIiservitization,andtoensurethesecsecuritycapabilityvice-orientednetworkarchitecturesupportfcapabilityopening,APIs,anddeviceshavebeenformarchitectureof6Gwillfurthersupportstheatomizationofsecuritycapabilitiesandtheservitizationofsecuritycapabilities.ThererVII.MimicDefenseTechnology5Gnetworkshaverealizedservice-orientednetworkfunctionvirtualization,whichcanquicklyintegratethefunctiocomponentizationandservitizationofcomponentsmakeitpossibleforeachcomponlyeavesdropped.fcontinuetousethecloud-basedandservice-orientedarchitectureof5G.Theisnotinplacewillleadtotherisko6Gshouldsupporttraditionalsecuritycapabiltrustworthiness,includingsecurity,safety,securityandtrustworthinessinthegeneralized6Gnetworks.Inpreliablecommunicationscenarios,itisnecessarytosolvecausedby6Gnetworksduetothecloud-basedvulnerabilities,operatingsystemsoftwarevulnerabilities,anclosed-loopiterativemulti-dimensionanamelyDHR,basedonpolicydecisions.Itconsistsoffunctionallyeexecutors,input/outandthemimicdecisiontogetherformanormalizedjudgmentinterface,thecoreofthefeedbackcontrolandtheschedulerconsistsofasetofpre-setschedulingpolisuchasreplacement,migration,cleanoperatingenvironment.ThisprocessisiterativelyexecuteduntiltheabnormalconditimimicdecisiondisappearsortheoccurFigure8AbstractModelDiagramofDynamicHeterogeWiththetrendofcloud-networkintegration,thescaleandcompdevicesarebecomingmorecomplex,involvingthecoll(DHR)constructionconetworkscanbeusedtochangethesimilftypes,andnetworkpathsofnetwohighreliabilityandelasticservicintegrationofDHRandNFVfunctioninformation.Ontheotherhand,DHRcontinuouslymonitorsandanalyzesthenetycanalsobeintegratedintothebuilt-insecurityframfstructuredpolicycontrolmoduleintegratesthemimicdefensepolicy.Accordingtothesecuritydeploymentrequestofthedecision-makinglayer,itconvertstheuser-orientedustmentofnetworkandsofffunctionallyequivalentheterogeneousentities,androtationpoliciesassignedtotheorchestrator.TheorchestratorisresponsiblefornetworkslicingandgeneratingmultipleNFs(includmimicdecisionsatthenetworkfunctio