Securing 6G: Building a Trustworthy and Quantum-Resilient Mobile Future
Looking Ahead: Securing the Future of Mobile Connectivity
As we envision the next generation of mobile connectivity, it's essential to evaluate how our security strategies must evolve to meet new demands.
As we envision the next generation of mobile connectivity, it's essential to evaluate how our security strategies must evolve to meet new demands.
- Innovations in connectivity, computing, and AI are opening new frontiers, but they also introduce fresh vulnerabilities that require stronger safeguards to protect our digital lives.
- As a global leader in wireless technology, our mission is to build a secure, reliable, and forward-thinking mobile ecosystem—capable of addressing today’s issues and anticipating future risks.
- We are actively working to develop a trust-centric security framework for 6G, building upon the strong foundation laid by 5G. This new infrastructure is designed to be resilient, flexible, and secure enough to handle increasingly sophisticated cyber threats.
Security in mobile networks has come a long way since 3GPP Release 15 introduced the first 5G security standards. Each subsequent release has reinforced the integrity of our current networks. However, emerging technologies like AI, quantum computing, and large-scale parallel processing bring with them new forms of cyber threats—making it more critical than ever to secure all elements of communication, computation, and connectivity.
With development efforts for 6G gaining traction under 3GPP, now is the right moment to focus on shaping a secure mobile future.
Welcome to the seventh article in our 6G Foundry series, where we delve into the essential building blocks for secure 6G development—exploring native security features, quantum-resilient technologies, and robust trust models.
Native 6G Security Enhancements
1. Securing Control Signals in the Access Network
A core element of 6G will be reinforcing the confidentiality and authenticity of control messages. While 5G currently protects RRC and user plane data at the PDCP layer, lower-layer protocols like MAC still lack such protection. This creates vulnerabilities where tampering with timing advance or transmission configuration messages could impact link performance or leak sensitive mobility information.
6G can strengthen these areas by introducing security mechanisms directly at the MAC layer, offering comprehensive protection of both control and user data traffic.
2. Improved Security During RAN Mobility
Enhancing key management during handovers is another focus area. Current 5G systems use RRC signaling and the Xn interface for key transfers between gNBs, which may delay or weaken key isolation. In 6G, we propose an improved key hierarchy that offers forward and backward security during mobility events. By allowing multiple RAN nodes to prepare keys concurrently, we increase both the security and flexibility of handover operations.
3. Flexible User Plane Security Endpoints
Security for user plane data could be made more granular in 6G by supporting multiple independent termination points. In 5G, a single user device might be linked to several CU-UPs without sufficient key separation, increasing the risk of compromise. Furthermore, binding UP security keys to the control plane can result in excessive signaling, especially for devices with limited capability.
Our proposal for 6G includes introducing key separation based on network design, user mobility, and service requirements—offering tailored configurations without compromising UE protocol consistency.
4. Stronger Privacy for User Identities
Protecting temporary identifiers like the C-RNTI is critical. Persistent identifiers may allow passive tracking and profiling of users. While 5G introduced periodic reallocation of some IDs, 6G could further strengthen this by reallocating C-RNTIs more frequently without triggering full re-authentication.
Also, permanent IDs (like SUPI) currently use ECIES for concealment. With quantum computing on the horizon, 6G must transition to post-quantum cryptographic methods. However, PQC brings overhead challenges. A potential solution is using symmetric-key encryption, leveraging USIM credentials to minimize data sizes while maintaining strong identity protection.
Building Trust Frameworks for 6G
1. Isolated Security Contexts Across Network Functions
In current 5G architectures, the AMF handles NAS security for UEs, but this creates single points of failure and limits end-to-end protection. There’s also a lack of secure UE-HPLMN communication while roaming.
Future 6G systems should support independently anchored security at various network functions—enabling secure NF relocation and roaming configurations. By decoupling SEAF from the AMF and enabling distributed key management, UE communication can remain secure and isolated across the network.
2. Integrating Zero Trust Architecture (ZTA)
Zero Trust principles, as defined by NIST, assume no implicit trust within the network. While some efforts have been made to implement ZTA in 5G Core and RAN components, broader adoption is still limited.
6G can advance this by introducing new architectural elements to continuously assess security states and enforce access policies. A unified approach spanning both 3GPP and O-RAN systems would enable comprehensive security management throughout the mobile ecosystem.
3. Strengthening Pre-Security Message Integrity
Critical system broadcasts and initial RACH or RRC messages remain unprotected in 5G, leaving the system vulnerable to spoofing or relay attacks. Although digital signing of system messages has been proposed, the overhead from PQC-based signatures is considerable.
As a more efficient alternative, 6G could implement a message digest mechanism, similar to TLS transcript hashing. This would verify message integrity without significant overhead and enhance security during early protocol exchanges.
Quantum-Resistant Security
With quantum computing threatening traditional cryptographic systems, the transition to post-quantum security becomes vital. Shor’s algorithm undermines public key schemes based on factorization or discrete logs, and Grover’s algorithm weakens symmetric encryption by halving its effective security.
To address this, future mobile systems must adopt quantum-resistant algorithms. AES-256, SNOW5G, ZUC-256, and AEAD schemes will play essential roles, as will NIST-endorsed PQC algorithms for key exchange and identity protection.
By integrating these solutions, we lay the groundwork for communication networks that are secure even in the quantum era.
Security as a Cornerstone of Connectivity
The rapid advancement of AI, compute, and mobile networks offers boundless potential—but also demands vigilance. Our commitment is to design a mobile ecosystem where security and trust are embedded by default.
Through innovations across the RAN, protocol stack, and trust architecture, we are helping define a secure and resilient future with 6G.
Stay tuned for more insights from the 6G Foundry series as we continue to shape the next decade of connectivity.
With development efforts for 6G gaining traction under 3GPP, now is the right moment to focus on shaping a secure mobile future.
Welcome to the seventh article in our 6G Foundry series, where we delve into the essential building blocks for secure 6G development—exploring native security features, quantum-resilient technologies, and robust trust models.
Native 6G Security Enhancements
1. Securing Control Signals in the Access Network
A core element of 6G will be reinforcing the confidentiality and authenticity of control messages. While 5G currently protects RRC and user plane data at the PDCP layer, lower-layer protocols like MAC still lack such protection. This creates vulnerabilities where tampering with timing advance or transmission configuration messages could impact link performance or leak sensitive mobility information.
6G can strengthen these areas by introducing security mechanisms directly at the MAC layer, offering comprehensive protection of both control and user data traffic.
2. Improved Security During RAN Mobility
Enhancing key management during handovers is another focus area. Current 5G systems use RRC signaling and the Xn interface for key transfers between gNBs, which may delay or weaken key isolation. In 6G, we propose an improved key hierarchy that offers forward and backward security during mobility events. By allowing multiple RAN nodes to prepare keys concurrently, we increase both the security and flexibility of handover operations.
3. Flexible User Plane Security Endpoints
Security for user plane data could be made more granular in 6G by supporting multiple independent termination points. In 5G, a single user device might be linked to several CU-UPs without sufficient key separation, increasing the risk of compromise. Furthermore, binding UP security keys to the control plane can result in excessive signaling, especially for devices with limited capability.
Our proposal for 6G includes introducing key separation based on network design, user mobility, and service requirements—offering tailored configurations without compromising UE protocol consistency.
4. Stronger Privacy for User Identities
Protecting temporary identifiers like the C-RNTI is critical. Persistent identifiers may allow passive tracking and profiling of users. While 5G introduced periodic reallocation of some IDs, 6G could further strengthen this by reallocating C-RNTIs more frequently without triggering full re-authentication.
Also, permanent IDs (like SUPI) currently use ECIES for concealment. With quantum computing on the horizon, 6G must transition to post-quantum cryptographic methods. However, PQC brings overhead challenges. A potential solution is using symmetric-key encryption, leveraging USIM credentials to minimize data sizes while maintaining strong identity protection.
Building Trust Frameworks for 6G
1. Isolated Security Contexts Across Network Functions
In current 5G architectures, the AMF handles NAS security for UEs, but this creates single points of failure and limits end-to-end protection. There’s also a lack of secure UE-HPLMN communication while roaming.
Future 6G systems should support independently anchored security at various network functions—enabling secure NF relocation and roaming configurations. By decoupling SEAF from the AMF and enabling distributed key management, UE communication can remain secure and isolated across the network.
2. Integrating Zero Trust Architecture (ZTA)
Zero Trust principles, as defined by NIST, assume no implicit trust within the network. While some efforts have been made to implement ZTA in 5G Core and RAN components, broader adoption is still limited.
6G can advance this by introducing new architectural elements to continuously assess security states and enforce access policies. A unified approach spanning both 3GPP and O-RAN systems would enable comprehensive security management throughout the mobile ecosystem.
3. Strengthening Pre-Security Message Integrity
Critical system broadcasts and initial RACH or RRC messages remain unprotected in 5G, leaving the system vulnerable to spoofing or relay attacks. Although digital signing of system messages has been proposed, the overhead from PQC-based signatures is considerable.
As a more efficient alternative, 6G could implement a message digest mechanism, similar to TLS transcript hashing. This would verify message integrity without significant overhead and enhance security during early protocol exchanges.
Quantum-Resistant Security
With quantum computing threatening traditional cryptographic systems, the transition to post-quantum security becomes vital. Shor’s algorithm undermines public key schemes based on factorization or discrete logs, and Grover’s algorithm weakens symmetric encryption by halving its effective security.
To address this, future mobile systems must adopt quantum-resistant algorithms. AES-256, SNOW5G, ZUC-256, and AEAD schemes will play essential roles, as will NIST-endorsed PQC algorithms for key exchange and identity protection.
By integrating these solutions, we lay the groundwork for communication networks that are secure even in the quantum era.
Security as a Cornerstone of Connectivity
The rapid advancement of AI, compute, and mobile networks offers boundless potential—but also demands vigilance. Our commitment is to design a mobile ecosystem where security and trust are embedded by default.
Through innovations across the RAN, protocol stack, and trust architecture, we are helping define a secure and resilient future with 6G.
Stay tuned for more insights from the 6G Foundry series as we continue to shape the next decade of connectivity.
Companies