Received 4 June 2021; revised 9 July 2021; accepted 4 August 2021.

Date of publication 10 August 2021; date of current version 17 August 2021.

Digital Object Identifier 10.1109/OJCOMS.2021.3103735

Physical-Layer Security in 6G Networks

LORENZO MUCCHI 1 (Senior Member, IEEE), SARA JAYOUSI1 , STEFANO CAPUTO1 ,
ERDAL PANAYIRCI 2 (Life Fellow, IEEE), SHAHRIAR SHAHABUDDIN 3 (Member, IEEE),
JONATHAN BECHTOLD4 , IVÁN MORALES5 , RAZVAN-ANDREI STOICA4 ,
GIUSEPPE ABREU 5 (Senior Member, IEEE), AND HARALD HAAS 6 (Fellow, IEEE)
1 Department of Information Engineering, University of Florence, 50139 Firenze, Italy

2 Department of Electrical and Electronics Engineering, Kadir Has University, 3408 Istanbul, Turkey

3 Nokia Mobile Networks, 90650 Oulu, Finland.

4 WIOQnet GmbH, 28717 Bremen, Germany

5 Department of Electrical Engineering and Computer Science, Jacobs University Bremen, 28759 Bremen, Germany

6 LiFi Research and Development Centre, Department of Electronic and Electrical Engineering, University of Strathclyde, Glasgow G1 1XW, U.K.

CORRESPONDING AUTHOR: L. MUCCHI (e-mail: lorenzo.mucchi@unifi.it)

This work was supported in part by the European Union’s Horizon 2020 Research and Innovation Programme under Grant 872752; in part by the European
Telecommunications Standard Institute (ETSI) SmartBAN; in part by the Technical and Research Council of Turkey (TUBITAK) through the 1003-Priority Areas
Project under Grant 218E034; in part by the Academy of Finland 6Genesis Flagship under Grant 318927; in part by the by COST (European Cooperation in
Science and Technology) through COST Action NEWFOCUS; and in part by the EPSRC Established Career Fellowship Grant EP/R007101/1.

ABSTRACT The sixth generation (6G) of mobile network will be composed by different nodes, from
macro-devices (satellite) to nano-devices (sensors inside the human body), providing a full connectivity
fabric all around us. These heterogeneous nodes constitute an ultra dense network managing tons of
information, often very sensitive. To trust the services provided by such network, security is a mandatory
feature by design. In this scenario, physical-layer security (PLS) can act as a first line of defense, providing
security even to low-resourced nodes in different environments. This paper discusses challenges, solutions
and visions of PLS in beyond-5G networks.

INDEX TERMS 6G, physical-layer security, MIMO, IRS, visible light communications, authentication,
key distribution.

I. INTRODUCTION propositions of mobile edge computing, but also the grow-

HE 6TH GENERATION (6G) communication networks
T are portrayed to form a full connectivity fabric, with
a high degree of operational flexibility and autonomy [1],
ing requirements of “infinite-like” connectivity as well as
the decreased link/end-to-end latency requirements of a per-
vasive context-aware next-generation Internet, will motivate
[2]. The network nodes may furthermore span from satellite the B5G technologies deployment.
links to intra-body communications, while the core traffic These advanced holistic network functions are expected
is expected to still be undertaken by what is traditionally to be researched and implemented based on optimized,
known as the cellular network that 5G still deploys. distributed and autonomously established communication
The distributed thinking paradigm taken to the core of links under new access schemes and network protocols
the radio heads and network deployment sparkled thus far leveraging upcoming trends of machine learning (ML) and
by 5G will only intensify with the upcoming technologies artificial intelligence (AI), but also modern signal process-
beyond 5G (B5G) (e.g., cell-free multiple-input multiple- ing techniques (e.g., matrix completion, random finite matrix
output (MIMO), intelligent reflective surfaces (IRS) and algebra, compressive sensing or simulated annealing). Under
self-aggregating networks, predictive resource management this disruptive connectivity paradigm, attack vectors will
& link processing, etc.). The new services and value-added naturally increase exponentially.

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/

VOLUME 2, 2021 1901

MUCCHI et al.: PLS IN 6G NETWORKS

Furthermore, the advances of quantum computing enabling

quantum processing and search algorithms (e.g., Grover’s
algorithm, Shor’s algorithm [3]) will similarly contribute and
widen the latter threat surface. The progress in this area
of computing will inadvertently exploit the discrete loga-
rithm problem that current cryptographic mechanisms such
as elliptic-curve cryptography, Diffie-Hellman key exchange
(DHKE), elliptic-curve Diffie-Hellman (ECDH) protocol,
transport layer security (TLS) / datagram transport layer
security (DTLS) heavily rely on [4]. As a result, if not post-
quantum amended, the latter security protocols are expected
to be rendered obsolete, and so, deprecated for secure usage
in B5G and 6th generation (6G) networks [4].
Within these expectations, the security of ultra-dense
networks of heterogeneous nodes becomes paramount to
provide truly scalable, adaptive, quantum-safe security solu-
tions towards 6G connectivity. These aspects motivate a
bottom-up approach in leveraging all the available secu- FIGURE 1. 6G needs to solve unprecedented security threats.
rity planes over the generic communication stack, and to
this end, one key candidate technology is the PLS [5]. or satellites. If 5G will enable the IoT paradigm, 6G is envi-
PLS has been often forgotten in this context of security, sioned to speed it up and to give it uniform performance
despite its intrinsic contextual and entropic richness. 5G anytime anywhere any-device any-environment (land, sea,
implementation does not include PLS technology, keep- air, space, etc.). To address security in such a high heteroge-
ing still commercially unexplored the potentiality of the neous network, plenty of data coming from devices with high
security at physical layer. This status quo needs not to con- heterogeneous resource capabilities, PLS is envisioned to be
tinue and in the context of B5G should be disrupted to a high important technique to assure an uniform security
opportunistically leverage the available secrecy capacity and level all over the network.
universally secure the communication links at low costs as
needed. Therefore 6G should implement PLS to cope with A. STATE OF THE ART ON PHYSICAL-LAYER SECURITY
the new security challenges derived from advanced appli- The history of PLS is long. From early ’50s when Shannon
cation scenarios (e.g., ultra dense heterogeneous networks studied the concept of perfect secrecy to ’70s when Wyner
characterized by different capable devices with multiple derived the role of channel noise (randomization source)
mobility levels). Abstractly, PLS can be reduced to an in providing security. After that period, there was a long
advantage for system designers who may use the physical interval without publications on PLS, due to the unpractical
model and environment to gain a security advantage over implementation of PLS to real communication networks. The
active and passive attackers [6]. In terms of communication situation changed in the first decade of XXI century, when
systems, these advantages are plenty and rely heavily on the wireless networks started to spread around. Advances in
the channel propagation models, channel reciprocity charac- multi-antenna systems, adaptive coding and signal process-
teristics, spatial diversity, antenna diversity, geometric and ing have brought new possibilities to design asymmetries in
positional secrecy, cooperative beamforming/jamming etc., channel quality between legitimate and enemy nodes.
as illustrated in Fig. 1. Wide acceptance of PLS as a concrete security mechanism is
Thus, all of these may be embedded into future proto- still ongoing, but surely PLS is recognized as an additional level
cols to create secure by design communication links, even of security, complementary to cryptography. While the security
for very low complex devices/networks. The physical layer level of cryptography depends on the (limited) computational
in 6G will play an important role to support higher band- power of the enemy, PLS assumes an asymmetry in signal
widths, higher carriers, lower latencies, all with lower energy quality reception by legitimate and enemy nodes.
consumption. Security cannot be left apart, and should be Many tutorial papers have been published on PLS, whose
a basic key performance indicator (KPI) of future wireless main representative ones are the followings: [8], [9], [10],
networks. This paper discusses how 6G can benefit from the [11], [12], [13], [14], [15], [16], [17], [18], [19], [20],
use of PLS. [27]. In [9], fundamentals of PLS are given, as well as
Before evaluating the state of the art, it is important to a vision on PLS in single- and multi-antenna, multiuser
point out that all the PLS techniques can be applied to and relay systems. In [10], a comprehensive overview of
5G and 6G indifferently. From PLS point of view, any- security threats in wireless communications is given for dif-
way, there are differences between 5G and 6G. In particular, ferent layers, including PLS. In [11], an overview of PLS
6G foresees a deeper integration of heterogeneous networks, for user authentication and device identification is provided.
from nano-devices into the body to high altitude platforms In [12], PLS is foreseen to provide handover security for

1902 VOLUME 2, 2021

heterogeneous 5G networks. In [13], challenges and oppor- B. OUR CONTRIBUTION
tunities on the use of physical-layer parameters to obtain Despite the huge amount of papers published on PLS, includ-
device fingerprinting are given. An overview of threats and ing tutorials and overviews, there is no paper which provides
challenges in cyber-security can be found in [14], while a specific vision of the application of PLS in 6G.
an overview of PLS techniques and applications can be Abstractly, PLS can thus be reduced to any advantage
found in [15]. The use of PLS for authentication is dis- system designers may take of the physical model and
cussed in [16], including real implementation difficulties. environment to gain a security advantage over active and
An overview of PLS techniques with imperfect channel passive attackers [6]. In terms of communication systems,
information is given in [17]. A review of applications of these advantages are plenty and rely heavily on the chan-
PLS to the Internet of Things (IoT) context is given in [18]. nel propagation models, channel reciprocity characteristics,
An overview of multiple input multiple output (MIMO) tech- spatial diversity, antenna diversity, geometric and positional
niques for PLS is in [18], while [19], [20] provide a review secrecy, cooperative beamforming/jamming etc., as illus-
of error-coding for PLS. The issue of active eavesdrop- trated in Fig. 1. Thus, all of these may be embedded into
per or multiple eavesdroppers in heterogeneous networks future protocols to create security by design communica-
is addressed in [21], [22], [23], [24], while the issue of tion links, even for very low complex devices/networks. The
pilot spoofing in MIMO systems is considered in [25], [26]. physical layer in 6G will play an important role to support
In [27] an overview of PLS techniques is discussed, including higher bandwidths, higher carriers, lower latencies, all with
open research points and future directions in next generation lower energy consumption.
wireless networks. PLS is the first line of defense, and it can provide security
The PLS approaches can be then categorized using the even to low complex nodes in different scenarios. This paper
following classes: discusses about the challenges, solutions and visions of PLS
• Secrecy rate: The maximum transmission rate at which in beyond-5G systems from several aspects.
the eavesdropper is unable to recover any information The remaining sections are organized as follows. Section II
about the message by analysing the received signal. any introduces the security requirements and threats in 6G
technique which produces a signal-noise-ratio (SNR) networks, while Section III highlights the possible imple-
advantage over the eavesdropper increases this rate. mentations of PLS. Section IV concludes the paper and gives
Main general drawback: it requires to know the position future directions.
of the eavesdropper.
• Physical Authentication: The reciprocity of the legiti- II. SECURITY REQUIREMENTS AND THREATS IN 6G
mate wireless link is exploited to produce a common NETWORKS
shared secret. This approach can be used to let the legit- A. SECURITY THREATS IN 6G NETWORKS
imate nodes extract a (common) cipher key by analysing 6G is envisioned as a hyper-connected fabric surrounding
the channel. In general, PLS authentication techniques hyper-dense networks of heterogeneous nodes. This revolu-
can exploit randomnesses of the wireless channel in tionary feature asks for hyper-security, since (personal) data
time, in frequency and in space domains [15]. is acquired anytime-anywhere seamlessly, even from small
• Beamforming: Use of multiple directional antennas to objects (a bottle of water, etc.) individuals interact with. 6G
randomize the transmitted information stream or to has thus to be designed as a network with embedded trust
inject noise in the direction of the eavesdropper. Main in Internet of Everything (IoE) and artificial intelligence
general drawbacks: it requires to know the position (AI) era. Both data acquisition points and computational
of the attacker; it increases the interference over other points in the overall network will be largely distributed.
legitimate links. 6G network should not only provide efficient and usable
• Spectrum spreading: One of the most used technique services, but also secure. This implies that all the astonished
is the hopping of the signal over multiple frequencies, KPIs of 6G should be considered taking into account that all
following a pre-determined sequence, like in Frequency services must comply with security and privacy requirements.
Hopping Spread Spectrum (FHSS). Main general draw- Specifically, security questions in 6G networks are:
backs; the cipher sequence has to be known in advance • how threats can be detected in ultra-dense het-
and thus shared over a secure channel. It is important erogeneous networks with different levels of nodes
to highlight that the FHSS is not usually inserted in the complexity?
PLS-based techniques in literature. Anyway, it actually • how confidentiality and integrity can be maintained
acts at the physical-layer. without decreasing the user’s experience?
• Cooperation: Friendly nodes send noisy signals towards • how same level of security can be assured over multiple
the eavesdropper in order to deteriorate its link. Main trust domains?
general drawbacks: it requires to know the position of • how security can be met in dense networks composed
the eavesdropper; it increases the interference of the by millions of very low complex devices?
system; more energy is needed to provide security of a • will the extensive use of AI-based networks open the
single link. door to new threats?

VOLUME 2, 2021 1903

MUCCHI et al.: PLS IN 6G NETWORKS

• pushing intelligence towards the edge of the network one key feature of the future mobile communica-
will open additional security threats? tion network. Understand the surrounding situation and
In this context, stronger protection can be achieved by imple- localize precisely the users is a key-enabler of future
menting security at the physical layer. Integrating physical 6G services, but on the other hand it opens new security
layer with cybersecurity is the key to face security challenges issues, since sensing can also be target of attacks, and
of future 6G networks. An overview of security and privacy it can be the way to distort the communication. PLS
threats and challenges in 6G networks can be found in [28]. can be very helpful in the protection of the sensing
capabilities of 6G nodes.
6. Edge computing and learning: The data from users will
B. PLS TECHNIQUES
be more and more computed as nearest as possible to
PLS provides security at the very first layer (physical), acting
the users, which produce and consume data/information.
as a first line of defense, trying to make attackers’ job harder.
The edge computing together with federated learning
It provides confidentiality without assuming a limited com-
technique will be an enabler of future 6G wireless
putational power of the hostile node, by exploiting unique
services for mobile users, but this opens also new secu-
characteristics of the wireless channel. In the quantum com-
rity threats: malicious end-user devices can attack edge
puting and AI era applied to networks, it is important not to
node or provide adversarial training which could distort
rely on unfair assumptions about the attackers for providing
the learning model. PLS can be one important actor in
security.
protecting the edge nodes as well as the user equipment
Some of the main PLS techniques consist of: i) signal
by exploiting features such as the fingerprinting authen-
processing (noisy modulations); ii) coding (wiretap codes);
tication or the fast cipher key generation by means of
iii) artificial noise injection (friendly/cooperative jamming);
channel reciprocity.
iv) MIMO/IRS (beamforming destructive signal); v) HetNets
(user/BS association to provide larger area of security); vi)
visible light communications (VLC) (spatial confinement of III. IMPLEMENTATIONS OF PLS
signals) and vii) cipher-Key generation. In this section examples of implementation of PLS are
An overview of PLS techniques and applications is illustrated.
provided by [15].
A. PLS FOR LOW-RESOURCED DEVICES
C. PLS IN 6G SCENARIOS Many of the approaches described in Section I are based
In order to highlight what PLS can do for 6G and on assumptions that make them not easily implementable
how the previously listed PLS techniques can be mapped in a real world: some of those require that a common a
into different application contexts, four main scenarios are priori secret is shared by the legitimate users or exchanged
defined: in the start-up phase through insecure channels, and some
1. Low-resourced devices: It includes both dry and wet others assume to know that an eavesdropper is present and
nano-scale devices and the adoption of signal process- where it is located. As a matter of fact, almost all existing
ing and coding PLS techniques represent a promising results on secret channel capacity are based on some kinds of
solution to be considered. Dry and wet devices refer assumptions that appear impractical. It has been a challenge
to biological or artificial nano-scale machines. For in information theory for decades to find practical ways to
example, synthetic biology can design and implement realize information-theoretic secrecy.
biological particles (wet) to interact with the natural First proposals deal with the exploitation of the wireless
cells following a programmed plan. Similarly, artifi- channel between legitimate users in order to extract a key to
cial nano-scale robots (dry) can be designed to provide be used for encrypting the message [29]. The information-
actions inside the human body. theoretical secrecy ensures that if the extraction is made
2. Massive deployed devices with mobility: The exploita- under the assumption to have an advantage over Eve’s chan-
tion of Massive Cell-Free MIMO and Intelligent reflect- nel, the key is not recoverable by Eve in any way. An
ing surfaces (IRS) shall be taken into account to satisfy exhaustive review of cross-layer techniques for enhancing the
the security requirements of such context. security can be found in [29]. In [30], the security issues and
3. Indoor environments: The spatial confinement that vis- solutions are reviewed for what concerns the IoT topic area.
ible light communications offers can be very useful to The physical-layer security anyway is not taken into account
guarantee indoor secure communications. as information-theoretical secrecy. An overview of the chal-
4. Opportunistic/self-organizing networks: Fast generation lenges facing physical-layer security is reported in [31]. A
of PhySec-based crypto-key for symmetric encryption review of cooperative techniques for enhancing the security
can represent a completely decentralized solution for can be found in [32].
key creation. Moving beyond the 5G technology, 6G will enhance the
5. Integrated sensing and communication: Radar as well key performance indicators of 5G, enabling the definition
as high-resolution localization capabilities will be of more demanding applications, ranging from augmented

1904 VOLUME 2, 2021

 the main 6G key features that the enabling communication
technologies should meet in term of low energy consumption
and long battery life, high affordability and full customiza-
tion and distributed artificial intelligence architectures. It is
worth mentioning that ETSI SmartBAN group is working
on the standardization of security and privacy for the future
body area networks, and physical layer security is one candi-
date to handle the confidentiality of in- and on-body devices
with typically low resources available. This is important also
when 6G will include in- or on-body nodes as part of the
Network (Fig. 2).
Physical layer security addresses one of the most important
application of 6G: the human-centric mobile communica-
tions. In this framework, an increasing interest of scientific
research has been oriented to wireless body area network and
in particular to on-body and in-body nano-devices, including
FIGURE 2. Human body as part of the global network. biochemical communications. In the next future, the human
body will be part of the network architectures, it will be
reality and holographic projection to ultra-sensitive appli- seen as a node of the network or a set of nodes (wearable
cations. In this context, a holistic approach of security is devices, implantable sensors, nano-devices, etc.) that collect
required to cope with the plethora of different systems and sensitive information to be exchanged for multiple purposes
platforms. The large amount of the world data collected by (e.g., health, statistics, safety, etc.). By coping with the high
networks of sensors (environmental, human-body, etc.) and security and privacy requirements and the energy and minia-
the mobility features of most scenarios ask for advanced turization constraints of the new communication terminals,
security techniques that take into account new constraints the Physical layer security techniques can represent efficient
in terms of device capabilities, network environment and solutions for securing the most critical and less investigated
network dynamic topology [33]. PLS, moving the security network segments which are the ones between the body
strategy at physical layer, might be one of the confidentiality sensors and a sink or a hub node.
enablers in 6G connectivity. Its features, combined with the Two interesting potential application scenarios for phys-
advances in artificial intelligence algorithms and the trend of ical layer security in 6G context are Human Bond
distributed computing architectures, can be exploited either Communication [35] and Molecular Communication [36]. The
to enhance the classical cryptographic techniques or to meet former requires a secure transmission of all the five human
the security requirements when dealing with simple but sen- senses for replicating human biological features, allowing dis-
sitive devices which are unable to implement cryptographic ease diagnosis, emotion detection, biological characteristics
methods, e.g., devices and nano-devices of the Internet of gathering and human body remote interaction. While the latter,
Things and bio-nano-things where the human inner bodies based on the shifting of the information theory concepts in the
become nodes of the future Internet [5] (Fig. 2). biochemical domain (communications among biological cells
Computational and energy resources of a network node inside the human body) requires advanced low-complexity
can be reduced by adapting the security algorithm to the envi- and reliable mechanisms for securing intra-body communi-
ronmental context where the communication occurs, leading cations and enabling trustworthy sensing and actuation in a
to the definition of a context-aware security approach. The challenging environment as the human body is (e.g., secure
dynamic context in terms of mobility, network nodes density, Internet of Bio-Nano Things) [36]. As en example of PLS
frequency spectrum utilization and technology heterogene- applied to in-body communications with ultra-low complex
ity which is envisaged in 6G scenarios should be taken into devices, Fig. 3 shows two in-body nano-machine (e.g., parti-
account in the definition of security communication strategies cles) which communicate thought molecules diffusion. How
both for the identification of the level of security countermea- to protect this link from nano-machine based eavesdropping?
sure needed in a specific moment and for the exploitation of Secrecy capacity is defined as
these environmental characteristics in the security algorithm
Cs = max{0, CB − CE } (1)
definition. Environmental and operational intelligent physical
layer security also based on the adoption of AI algorithms where CB and CE is the capacity of Bob’s and Eve’s channel,
may lead to a the definition of new techniques that can respectively, and represents the maximum secure data rate
early detect the need of enhanced security mechanism to that can be achieved over the legitimate communication link.
be dynamically activated (e.g., based on the battery level of Fig. 4 shows the secrecy capacity map of a communication
the involved devices or the degree of trustworthiness of the between two legitimate particles through molecules diffusion.
specific context) and do not considerably affect the transmis- Other recent interesting techniques, which do not rely on
sion spectral efficiency [34]. This approach complies with any knowledge about the attacker, spread from the use of

VOLUME 2, 2021 1905

MUCCHI et al.: PLS IN 6G NETWORKS

FIGURE 3. Molecular communications scheme with eavesdropper. FIGURE 5. Secret Key Generation resilience against key sniffing.

wireless channel to co-generate cryptographic keys for

symmetric encryption. This strategy is particularly use-
ful for latency-constrained communications and resource-
constrained radios, where the secrecy enhancing traditional
techniques become impractical. This is usually the case
for high device densities under opportunistic self-organizing
network formation paradigms or upcoming autonomously
communicating device-to-device (D2D) nodes. Opportunistic
self-organizing networks as well as autonomous D2D com-
munications are two example scenarios where the traditional
security strategy cannot be easily applied.
Standardized encryption ciphers are often considered unas-
sailable for data confidentiality and integrity since they
are just deterministic mathematical operations that are as
secure as the shared random secrets they rely on. Therefore,
the main focus for the future ubiquitous wireless con-
FIGURE 4. Secrecy capacity map of in-body particles communication thought
molecules diffusion. nectivity and digitization relates to authentication and key
distribution. Which by the broadcast nature of wireless com-
munications, are inherently vulnerable to eavesdropping,
watermarking to the use of channel noise to modulate the range extension and informational non-intrusive yet effective
information. In [37], the fading experienced by the channel man-in-the-middle (MITM) attacks.
between two legitimate nodes is used to dynamically create PHY-based key generation, compared to traditional solu-
a common secret. In [38], game theory is used to jointly tions, is completely decentralized and does not rely on fixed
optimize the reliability and secrecy of legitimate nodes. parameters designed by a specific entity [6]. Instead, it uses
In [39], a watermark is inserted into the host signal to pro- the shared wireless channels as a distributed entropy source
duce security at physical layer. In [40], the thermal noise to arrive at a shared secret that is not directly dependent
of the legitimate nodes is used to modulate the information on deterministic operations. Preliminary results in Fig. 5
exchanged. The latter is demonstrated to have an intrinsic show that the shared wireless channel can be used as a dis-
unbreakable security, no matter the computational power or tributed entropy source which is highly correlated between
the position of the attacker is. Unfortunately, only low data parties trying to establish a common secret, but is much
rate can be supported (voice and text services). less correlated for a malicious device trying to access this
information. These results were generated using off-the-
B. DISTRIBUTED AND COOPERATIVE PLS PROTOCOLS shelf MCUs communicating over a min latency Bluetooth
PLS can not only be used to provide keyless and innately Low Energy established connection, and two cooperating
secure communications by maximizing the secrecy rate, but eavesdroppers with full knowledge of the key generation
also to co-generate cipher keys for symmetric encryption procedure and parameters were placed within half a wave-
by exploiting the propagation characteristics of the wire- length of the generating parties respectively. Furthermore,
less channel at the physical layer (PHY) layer. Transcending this data is representative of static and dynamic scenar-
the provisioning of keyless and innately secure communi- ios where the distance between terminals changed with a
cation by secret rate maximization, PLS may also exploit rate matching that of a pedestrian, and produced 95% key
the intrinsic physical propagation characteristics of the agreement between terminals, with <1% of these keys being

1906 VOLUME 2, 2021

FIGURE 6. MITM tested scenario.

sniffed by the eavesdroppers. To capture this entropy towards

key generation, channel sensing must be performed beyond
the currently available radio channel metrics for application
layer development. FIGURE 7. MITM detection using SDR as Amplify and Forward relays.

In fact, with the advance of virtualization, it is expected

that newly developed or existing communication protocol
implementations should expose the PHY attributes from all lightweight implementations of such techniques, which are
exchanges, such as channel state information (CSI), received not always viable. Therefore, ML is the true potential for
signal strength (RSSI), carrier frequency offset (CFO), etc., threat detection, where massive amounts of high level phys-
to the upper logic layers of the communications system. As ical attributes can be utilized to instruct ML models for
a result, such physical channel data will become widely pattern recognition, classification and monitoring. ML-based
available for analysis and encourage the development of networks can exploit channel attributes to enable real-time
PHY-based security and authentication solutions. In such PHY-monitoring and knowledge-based detection, leading AI
a future, the wireless physical characteristics become the companies to develop security-as-a-service (SecaaS) watch-
root of trust enabling data confidentiality, integrity and dogs. An example showing the potential of ML techniques
link level authentication. During this process, physically for threat detection is seen in Fig. 7, where the classifier was
co-generated symmetric dynamic secrets will enhance the trained to distinguish between a direct peer to peer commu-
value of fast, resource-friendly symmetric ciphers, provid- nication scenario and the attack scenario displayed in Fig. 6,
ing promising guarantees towards future perfect secrecy. where off-the-shelf MCUs and the Bluetooth Low Energy
Consequently, communication can become more resilience to PHY stack was leveraged. In this system, the legitimate trans-
existing DHKE vulnerabilities and the real-time (quantum) mitter modulates pilot signals broadcasted to the receiver to
computing attacks [4]. accentuate the channel effects introduced by the compound
These issues will become more prominent in future channel characteristic of a relay attack. The receiver then
networks given the introduction of D2D communications extracts a small set of features which in this case were used
in 3GPP Releases, which open the door to proximity-based in a very simple Logistic Regression model, alternatively
services (ProSe) [41]. Coupling these services with the cur- in the case of bidirectional communications, the same fea-
rent trends towards autonomous intelligent nodes capable ture set can be extracted on both terminals and compared to
of cooperation will open new low-level attack vectors at assess the authenticity of the communication link.
the PHY-layer. Such vulnerabilities are exploitable by mali- The topology of the network will influence largely the
cious relaying and proxying that can spoof distances between deployment of SecaaS applications. For example, networks
devices, like extension/reduction attacks. Contrary, to popu- including nodes which actively route local packets can detect
lar belief, encryption alone is not effective against low-level active threats by using the latter as physical aggregators.
signal manipulations [7], as adopting more secure ciphers Similarly, an edge server (passive observer) with high com-
will not resolve the vulnerabilities in side channel attacks at putational power can enhance the embedded D2D threat
the PHY-layer which don’t try to compromise the system real-time revealing capabilities of the network by acting
by directly interpreting or manipulating the transmitted data. as the aggregator of packets and PHY data in SecaaS
An example of such a scenario is the MITM relay attack in applications.
Fig. 6, where a first eavesdropper captures the broadcasted The higher the number of diversified and independently
signal, up-converts it to a faster channel for transmission generated threat revealing models at each aggregator/node,
over the air, and is then received, down-converted and the larger the security paradigms that can eventually be
rebroadcasted by a second eavesdropper node. extracted from these. Enabling transfer learning techniques
Classical signal processing techniques can be used to to be developed depending on the diversity of such mod-
implement countermeasures, e.g., by identifying anomalies els. Allowing adjacent networks and subnetworks to share
in the PHY attributes of the received signals or in the packet learned parameters between one another and better monitor
exchanges. However, resource-constrained devices require and detect novel malicious attacks.

VOLUME 2, 2021 1907

MUCCHI et al.: PLS IN 6G NETWORKS

C. CELL-FREE MASSIVE MIMO AND IRS contamination attack can be severely detrimental for pro-
The most successful PHY technology for 5G networks is visioning PLS in cell-free massive MIMO systems. They
massive MIMO. A massive MIMO base station (BS) sup- compared co-located massive MIMO and cell-free massive
ports a large number of antennas that cover a large number MIMO, and the results revealed that cell-free systems are
of terminals [42]. Massive MIMO technology is popular less resilient to pilot contamination attacks than conventional
among network vendors due to their superior spectral effi- massive MIMO systems.
ciency and throughput. Network vendors adopted massive The research on PLS for cell-free massive MIMO system
MIMO for pre-5G products which have been displayed is at a very early stage and the existing literature on this
on numerous trials in last few years. For example, Nokia topic is scarce. In [45], the security aspects of the cell-
and Sprint demonstrated massive MIMO with 64 anten- free systems are studied. The authors consider the problem
nas connected for both uplink and downlink through their of maximizing achievable data rate of the attacked user.
AirScale products in Mobile World Congress (MWC) 2017. The corresponding problems of minimizing the power con-
Ericsson and Huawei also have similar products for massive sumption subject to security constraints are also considered.
MIMO such as AIR 6468 and Huawei AAU, respectively. In [46], a secure communication in multigroup multicasting
The research community have already shifted their focus cell-free systems with active spoofing attack is investigated.
on post-5G networks and PHY technologies that grabbed A distributed conjugate beamforming with normalized power
most attention for 6G are: 1) Cell-free massive MIMO and constraint policy is exploited for downlink secure transmis-
2) IRS. They are currently the two strongest candidates sion. Similar works can also be found in [47], [48]. These
for physical layer of sixth generation (6G) communication papers propose PLS exploiting information theory and signal
systems. Both are currently strong candidates for PLS in 6G processing rather than traditional higher-layer cryptographic
networks. techniques.
The biggest security issue associated with a cell-free mas-
sive MIMO is the exposed location of the antennas. It is
1) CELL-FREE MASSIVE MIMO
easier to get physical access to cell-free system through
The biggest drawback of conventional massive MIMO is the exposed antennas and cables compared to a remotely
their distance from users, which cause large variations of located massive MIMO BS. Hence, it is easier to inject
received signal strength between different users. Distance malicious software and configuration parameters by direct
from users is the biggest drawback of conventional mas- wiretapping. The attacker could change the configuration of
sive MIMO, since different users experience large variations beamforming parameters so that the antenna arrays focus
of received signal strength. Typically, a bulky and expen- their signals towards an unwanted user. This also enables a
sive massive MIMO BS is placed in an elevated location to passive attacker to get access on user-specific keys, short-
increase the cell radius and to cover a large number of users. term session keys and authentication keys. The requirement
The cell/coverage radius is usually increased by placing a of a cell-free system dictates that the fronthaul circuitry
bulky and expensive massive MIMO BS in an elevated loca- connected with the antenna stripes should be simple. It is
tion. Cell-free massive MIMO eliminates this drawback by not possible to accommodate sophisticated encryption meth-
having antennnas distributed among different locations. The ods between the fronthaul and baseband unit. Thus, if an
baseband functionalities are performed by a centralized base- antenna stripe is compromised, it is very challenging to pro-
band processing unit which is connected to all the antennas vide data confidentiality of the baseband transmissions or
through cables [43]. This concept was displayed by Ericsson receptions. The cell-free systems are also vulnerable to phys-
at MWC 2019, where they developed antenna stripes as small ical attacks due to their exposed location and miniature size.
as matchbox and can be integrated in an adhesive tape to It is much easier to destroy antenna stripes and disrupt the
place in any locations. Ericsson, at the MWC 2019, dis- communication of a cell-free system than a remotely located
played this concept: a matchbox-size antenna stripes were bulky massive MIMO BS. It is much harder to destroy a
integrated into an adhesive tape which can be placed in any remotely located bulky massive MIMO BS than an antenna
location. stripes, and thus disrupt the communication of a cell-free
As cell-free systems are also based on large number of system.
antenna systems, the cell-free systems are also inherently
robust against passive eavesdropping [19]. Cell-free massive
2) INTELLIGENT REFLECTIVE SURFACE
MIMO systems provide PLS for passive eavesdropping with-
out any extra effort. However, the eavesdropper can pretend Intelligent Reflective Surface (IRS) is novel concept which
to be a legitimate user and launch an active attack by send- provides an alternative path of transmission and can be
ing a pilot sequence of his own. This pilot contamination used to change amplitude, phase and frequency of incident
attack is more challenging for a cell-free systems, because signals [49], [50], [51]. IRS is a new technique provid-
an amount of pilot contamination pre-exists in a cell-free ing alternative path of transmission by changing amplitude,
systems. In [44], the authors have shown with mathemat- phase and frequency of incident signals. It is particularly use-
ical analysis and Monte-Carlo simulations that active pilot ful for high frequency communication which suffers from

1908 VOLUME 2, 2021

 introduces additional complexity of the overall system. IRS
requires to perform other signal processing techniques to
track user location, estimate channel between user and IRS,
and detect the incoming symbol vectors from the user.
Without sophisticated algorithms, the signals can not be
accurately beamformed towards intended user and the entire
system becomes vulnerable to security threats. IRS platform
security also has to be addressed for 6G PLS since attackers
could physically access the IRS controller and modify con-
figuration parameters. Finally, an attacker can place itself
near the IRS and utilize the correlated channel to eavesdrop
the incoming signals. Thus, it is of utmost importance to
introduce mechanisms which can conceal the location of the
IRS and its controller.
In a recent development, a variant of the IRS for full
FIGURE 8. Intelligent reflecting surface (IRS) to produce security at physical layer.
dimensional coverage is presented in [57]. A drawback of
the IRS system is the legitimate users has to be located on
the same side of the reflective surface and any user located
high penetration and blockage loss. Instead of transmit- on the opposite side of the metasurface is out of cover-
ting signal directly to an user, the signals are sent towards age. To address this issue, the authors presented intelligent
an IRS, which then reflects a beamformed signal towards omni-surfaces (IOS) in [57] with dual functionality of signal
a user (Fig. 8). Thus, IRS can be used to provide PLS reflection and transmission. The IOS can reflect and trans-
by transmitting only towards a legitimate user through the mit the incoming signals from one side towards mobile users
alternative path [43], [52]. of both sides, respectively. However, the achievable secrecy
In [52], the authors investigated an IRS-aided secure wire- rate analysis of an IOS-based secure communication system
less communication system where a multi-antenna access remains an open problem.
point (AP) sends confidential message in the presence of an
eavesdropper. The authors solved an optimization problem
which maximize the secrecy rate of the system by jointly D. PLS THROUGH OPTICAL WIRELESS
designing AP’s transmit beamforming and IRS’s reflect COMMUNICATIONS
beamforming. The authors demonstrated with simulation 1) DEFINITION OF LIGHT-FIDELITY (LIFI)
results that the IRS-aided communication system increased The exponentially growth in mobile data traffic requires new
secrecy rate significantly by exploiting IRS-enabled power spectrum in 6G. The optical spectrum offers three orders of
enhancement and interference suppression at the legitimate magnitude more bandwidth than the entire radio frequency
receiver and eavesdropper, respectively. Similar to [52], IRS- (RF) spectrum. Wireless networking with light is referred
aided secure communication is also investigated in [53] to as light-fidelity (LiFi) [58]. LiFi supports mobile devices
and [54] for only one legitimate user and one eavesdropper that are randomly oriented. Seamless connectivity by means
with the aid of mathematical optimization. Secure IRS-based of handover and coordinated multipoint (CoMP) transmis-
systems for multiple users and multiple eavesdroppers have sion, multiuser access, bi-directional communication are all
been investigated in [55] and [56]. Both [55] and [56] functions that are supported in LiFi. The key difference
enhanced the transmit beamforming by combining with a to small cell RF communications is that the cells can get
jamming or artificial noise. The reason is the transmitter arbitrarily small giving rise to significantly improved area
lacks sufficient degrees of freedom when the number of users spectral efficiencies. The high density of LiFi access points
is smaller than the number of eavesdroppers. The authors requires a powerful backhaul which can be realized with
verified with simulation results that the achievable secrecy optical wireless communication technologies.
rate is significantly higher with artificial noise injection with Light as a data bearer offers attractive features such as
an IRS. high capacity, robustness to electromagnetic interference, a
Despite the potential of IRS, the achievable secrecy rate high degree of spatial signal confinement and controllabil-
is limited when the legitimate users and eavesdroppers have ity leading to inherent security features. LiFi can be used
highly correlated links [52]. Therefore, IRS requires to con- to build advanced wireless body area networks (WBANs),
structively add beamformed signals towards the intended personal area networks (PANs), wireless local area networks
user and destructively add the towards eavesdropper. IRS (WLANs), vehicular area networks (VANETs) and it seam-
has high security potential, but it requires that the signal lessly blends into existing heterogeneous wireless networks.
towards the legitimate node must be beamformed construc- Light-based wireless communications will also enable the
tively, while destructively towards the eavesdropper. Such creation of wireless networks underwater where RF cannot
signal processing techniques is not always trivial and it be used except for ultra-short distances.

VOLUME 2, 2021 1909

MUCCHI et al.: PLS IN 6G NETWORKS

FIGURE 10. Network partitioning and physical layer security enhancements by

FIGURE 9. WiFi VS. LiFi. Light can confine the information where it belongs. exploiting signal confinements made possible by light as a data bearer.

2) UNIQUE OPPORTUNITIES FOR ENHANCE SECURITY

in Fig. 10 which shows a typical floor plan of an office
THROUGH LIFI
environment. There are rooms with different security levels.
PLS will play a vital role in enhancing cyber-security in wire- The network could be partitioned so that it is only possible,
less networks. Moreover, it will also help reduce both the for example, to access the “secret files” wirelessly within
latency and the complexity of novel security standards. The the confined space of a secure file server room using special
provision of user security is distributed across all layers of access rights. Anyone who would attempt to access secret
the open systems interconnect (OSI) model. The integrity and information requires a) access to an account that has granted
confidentiality of information is typically ensured by using this these rights, and b) physical access to the secure file
secret and public key encryption methods. However, the server room. This would be different if the wireless sig-
strength of these techniques may be enhanced by reducing nals would propagate through the walls, in which case it
the attack surface. In this regard, the physical layer exposes would suffice to use account details that may have been
significant vulnerabilities due to the broadcast nature of the acquired maliciously. The same principle could be used to
wireless channel. It is well known that if the eavesdropper is create a “geofence" in any location. This means that a user
equipped with sufficient computational power, protocol secu- would have standard account details such as “user name”
rity can be compromised. Light does not propagate through and “password”, but in addition would have a ’location spe-
opaque objects such as walls. It is also very directional – cific password’ - a second gate. This would then mean that
think of a laser beam in the extreme case. Hence, light access to the user’s account details would physically only
beams can be formed without the need of excessive signal be possible at the user’s current location (the serving access
processing efforts. Lenses and other optical components can point is indicated with a red circle in Fig. 10.
be used to shape a beam. It is, therefore, possible to signif- For anyone outside the “geo-fenced" area access to users,
icantly reduce the possibilities of man-in-middle attacks in the account would physically be impossible – even if they
LiFi compared to WiFi (Fig. 9). had maliciously acquired “user name” and “password".
On the other hand, fundamentals and techniques of This means that man-in-the-middle attacks are substantially
PLS, developed for RF channels involving wire-tap cod- mitigated – if not eliminated.
ing, multi-antenna, relay- cooperation, and physical layer In addition, MIMO and wavelength division multiplexing
authentication, cannot be applied directly to VLC chan- (WDM) can be employed to enhance physical layer security.
nels. This is mainly because many standard specifications In this context, spatial modulation (SM) exhibits advanta-
in transmission protocols and modulation schemes of VLC geous features due to its property to use the propagation
systems are quite different from RF systems. Besides, light channel for information transmission. In SM, the information
can easily be confined spatially and, since there is no fading is carried by the transmitted symbols, as well as by the
because the wavelength is significantly smaller than the size indices of an active transmit unit [58], [59]. It is important
of the detector, the VLC channels become more determin- to note that SM-based MIMO transmission exploits the ran-
istic. These properties can be used for precise localization. dom switching among the antennas (LEDs) that generate
All of these features of light can be harnessed to enhance a strong and friendly jamming signal, which is invalu-
security beyond PLS. For example, the movement patterns able for PLS applications. MIMO and MIMO-SM-based
of users can be recorded. Subsequently, this data can be physical layer security systems were studied extensively in
used to perform data analytics such as anomaly detection. research and development work widely presented in the
LiFi allows orders of magnitude improvements in data den- literature. They are mostly based on techniques such as
sity when compared to RF-based systems. It is possible to jamming, mapping of transmitted symbols, precoding, and
change access rights in such dense wireless networks almost subset selection, as well as combinations of these techniques.
at a centimeter precision level. Assume an office as shown In particular, one of the precoding approaches, namely,

1910 VOLUME 2, 2021

zero-forcing precoding (ZFP), is preferred widely in most
applications due to its simplicity. Through the channel state
information at the transmitter (CSIT) of the legitimate user,
the precoding matrix coefficients are constructed through
some optimization techniques so that the confidential mes-
sage is perceived by the legitimate user clearly while the
eavesdropper’s bit error rate (BER) performance is degraded
substantially [60], [61], [62], [63], [64]. On the other hand,
a well-known method based on generating a friendly jam-
ming signal creates an artificial noise, which lies in the null
space of the legitimate user. After combining the confidential
information with the jamming signal at the transmitter side,
only the eavesdropper will experience destructive effects
from the jamming signal [27], [65], [66], [67], [68]. The
secrecy enhancement techniques, based on enhancing the
secrecy rate by transmitting symbol mapping, the secrecy is
realized by an encryption key for the given modulation. The FIGURE 11. RF/optical wireless hybrid system model.
same key is used at the legitimate user’s side to decode the
confidential message [62], [69], [70]. Another PLS enhance-
ment technique, called transmitter subset selection, is based
on choosing a specific subset of transmitting entities accord-
ing to the radiation patterns of the transmitting units. The
design of confidential signal sets is based on maximizing
the minimum Euclidean distance or SNR at the legitimate
user. Thus, it is clear that the eavesdropper’s achievable
performance would be lower than that of the legitimate
user [71], [72], [73], [74].
Finally, the hybrid design of VLC and RF systems was
expected to improve the user experience, substantially, since
VLC systems can support reliable high data rates in specific
areas and RF systems can provide coverage when a line-
of-sight link is not available [75]. In Fig. 11 a hybrid VLC FIGURE 12. The CDF of WiFi and LiFi secrecy throughput. Four different types of
LiFi deployment are evaluated: point Poisson process (PPP), Matérn hard core point
and RF system is illustrated. They can coexist, operating in process (HCPP), regular square topology, and regular hexagonal topology (HEX). The
the same environment, without causing any interference. It is parameter c [m] denotes the minimum radius of the HCPP.
also possible that both systems share the same physical layer
techniques and medium access control (MAC) algorithms
such as authentication and encryption. Recent transmission be combined for hybrid RF/Optical PLS systems. On the
techniques such as spatial modulation (SM), spatial shift key- other hand, high quality of Service (QoS) is provided by
ing (SSK), OFDM-index modulation, transmitter precoding the convergence of heterogeneous networks (HetNets). They
have been applied for PLS successfully in both optical and usually involve different access technologies such as macro-
RF communications, separately. They have the capability cell, microcell, femtocells, and attocell, consisting of RF and
reduce inter-channel interference while providing high power optical wireless-based networks [78], [79], [80]. Since hybrid
efficiency and detection simplicity. Recently, a new channel VLC/RF systems have both VLC and RF components alto-
coding technique has been proposed to improve the error gether in the system, physical layer security for such systems
correcting capability by creating redundancy in the spatial should be jointly investigated due to the broadcast nature of
domain [76]. In [60], [61], optical spatial constellation design both technologies [81]. A recent survey paper [82], as well
techniques are presented with generalized space shift key- as in the literature specified therein, covers almost all aspects
ing signaling for single-user and multi-user PLS where the of PLS for VLC.
received spatial constellations are optimized through a novel Fig. 12 shows a comparison between the secrecy through-
precoding scheme, which minimizes the BERs at legitimate put that can be achieved by WiFi and by LiFi in a 20×103
users and significantly worsens eavesdroppers’ BER. It has m room. The WiFi system uses a single access point (AP),
been shown that a similar PLS technique could also be while LiFi system is assumed to follow different deployment
employed in RF communications [77]. Relay-aided secure schemes [83]: point Poisson process (PPP), Matern hard core
broadcasting for VLC was also investigated. A transmit- point process (HCPP), regular square topology, and regular
ter luminaire communicates with the legitimate receivers in hexagonal topology (HEX). A single LiFi transmitter is com-
the presence of an external eavesdropper [65], which can posed by 18 individual transmitters (LEDs) arranged on a

VOLUME 2, 2021 1911

MUCCHI et al.: PLS IN 6G NETWORKS

semishpere. The semispheres, which act as access points, [7] A. Francillon, B. Danev, and S. Čapkun, Relay Attacks on Passive
are assumed to be placed on the ceiling of the room. The Keyless Entry and Start Systems in Modern Cars, IACR, Lyon, France,
2011. [Online]. Available: https://eprint.iacr.org/2010/332.pdf
distribution of the APs on the ceiling of the room follows [8] Y.-S. Shiu, S. Y. Chang, H.-C. Wu, S. C.-H. Huang, and H.-H. Chen,
the deployment schemes mentioned above. “Physical layer security in wireless networks: A tutorial,” IEEE
Three different radii of HCPP deployment are assumed: Wireless Commun., vol. 18, no. 2, pp. 66–74, Apr. 2011.
1 m, 1.7 m and 2.4 m. Legitimate users and eavesdrop- [9] A. Mukherjee, S. A. A. Fakoorian, J. Huang, and A. L. Swindlehurst,
“Principles of physical layer security in multiuser wireless networks: A
pers are assumed to be distributed as 2-D homogeneous survey,” IEEE Commun. Surveys Tuts., vol. 16, no. 3, pp. 1550–1573,
PPPs in the room. As it can be seen in Fig. 12, LiFi trans- 3rd Quart. 2014.
mitter with HEX deployment with 18-element transmitters [10] Y. Zou, J. Zhu, X. Wang, and L. Hanzo, “A survey on wireless security:
Technical challenges, recent advances, and future trends,” Proc. IEEE,
can achieve over 8 times secrecy throughput improvement vol. 104, no. 9, pp. 1727–1765, Sep. 2016.
compared to WiFi. The 18 LED elements generates nar- [11] K. Zeng, K. Govindan, and P. Mohapatra, “Non-cryptographic authen-
rower light beams which can strongly reduce the SINR of tication and identification in wireless networks,” IEEE Wireless
Commun., vol. 17, no. 5, pp. 56–62, Oct. 2010.
eavesdroppers.
[12] X. Duan and X. Wang, “Authentication handover and privacy pro-
tection in 5G HetNets using software-defined networking,” IEEE
Commun. Mag., vol. 53, no. 4, pp. 28–35, Apr. 2015.
IV. CONCLUSION AND FUTURE DIRECTIONS [13] Q. Xu, R. Zheng, W. Saad, and Z. Han, “Device fingerprinting in wire-
This paper envisioned the use of physical-layer secu- less networks: Challenges and opportunities,” IEEE Commun. Surveys
rity in future 6G networks. The unique characteristics of Tuts., vol. 18, no. 1, pp. 94–104, 1st Quart., 2016.
[14] M. Husák, J. Komárková, E. Bou-harb, and P. Čeleda, “Survey of
PLS can help in facing the significant security challenges attack projection, prediction, and forecasting in cyber security,” IEEE
raised by ubiquitous ultra-dense heterogeneous networks. Commun. Surveys Tuts., vol. 21, no. 1, pp. 640–660, 1st Quart., 2019.
The security features as well as practical implementations [15] J. M. Hamamreh, H. M. Furqan, and H. Arslan,
“Classifications and applications of physical layer security techniques
of PLS for 6G networks are discussed. Massive MIMO, for confidentiality: A comprehensive survey,” IEEE Commun. Surveys
IRS, LiFi or distributed and cooperative protocols are Tuts., vol. 21, no. 2, pp. 1773–1828, 2nd Quart., 2019.
seen as possible PLS techniques to meet the 6G security [16] X. Wang, P. Hao, and L. Hanzo, “Physical-layer authentication
requirements. for wireless security enhancement: Current challenges and future
developments,” IEEE Commun. Mag., vol. 54, no. 6, pp. 152–158,
Open problems are still present: from the complete inte- Jun. 2016.
gration of PLS and higher-layers security protocols to the [17] A. Hyadi, Z. Rezki, and M. Alouini, “An overview of physical layer
integration with AI, which is one of the main driver of security in wireless communication systems with CSIT uncertainty,”
IEEE Access, vol. 4, pp. 6121–6132, 2016.
6G. The pervasive use of AI will surely provide bene- [18] L. Sun and Q. Du, “A review of physical layer security techniques
fits from security point of view, it also opens additional for Internet of Things: Challenges and solutions,” Entropy, vol. 20,
challenges since new threats could be opened, not known no. 10, p. 730, Sep. 2018.
nowadays. PLS is envisioned to address the security threats [19] D. Kapetanovic, G. Zheng, and F. Rusek, “Physical layer security for
massive MIMO: An overview on passive eavesdropping and active
coming from future 6G network. By applying AI technology, attacks,” IEEE Commun. Mag., vol. 53, no. 6, pp. 21–27, Jun. 2015.
the PLS paradigm can be further improved compared with [20] W. K. Harrison, J. Almeida, M. R. Bloch, S. W. McLaughlin, and
conventional security technologies. J. Barros, “Coding for secrecy: An overview of error-control coding
techniques for physical-layer security,” IEEE Signal Process. Mag.,
In 5G the security-by-design approach has started to be vol. 30, no. 5, pp. 41–50, Sep. 2013.
considered, but the same treatment has not been given to the [21] W. Wang, K. C. Teh, K. H. Li, and S. Luo, “On the impact of adaptive
privacy. In a 360◦ security approach, as 6G is foreseen to eavesdroppers in multi-antenna cellular networks,” IEEE Trans. Inf.
Forensics Security, vol. 13, no. 2, pp. 269–279, Feb. 2018.
provide, not only security-by-design has to be considered,
[22] K.-W. Huang, H.-M. Wang, Y. Wu, and R. Schober, “Pilot spoofing
but also privacy-by-design should be addressed. attack by multiple eavesdroppers,” IEEE Trans. Wireless Commun.,
vol. 17, no. 10, pp. 6433–6447, Oct. 2018.
[23] X. Zhou, B. Maham, and A. Hjorungnes, “Pilot contamination for
REFERENCES active eavesdropping,” IEEE Trans. Wireless Commun., vol. 11, no. 3,
[1] M. Latva-Aho and K. Leppänen, “Key drivers and research challenges pp. 903–907, Mar. 2012.
for 6G ubiquitous wireless intelligence,” Oulu, Finland, 6G Res. Vis., [24] Y. Wu, R. Schober, D. W. K. Ng, C. Xiao, and G. Caire, “Secure mas-
Univ. Oulu, White Paper, 2019. sive MIMO transmission with an active eavesdropper,” IEEE Trans.
[2] R. A. Stoica and G. T. F. de Abreu, “6G: The wireless communica- Inf. Theory, vol. 62, no. 7, pp. 3880–3900, Jul. 2016.
tions network for collaborative and AI applications,” 2019. [Online]. [25] W. Wang, N. Cheng, K. C. Teh, X. Lin, W. Zhuang, and X. Shen, “On
Available: arXiv:1904.03413. countermeasures of pilot spoofing attack in massive MIMO systems:
[3] P. Botsinis et al., “Quantum algorithms for wireless communica- A double channel training based approach,” IEEE Trans. Veh. Technol.,
tions,” IEEE Commmun. Surveys Tuts., vol. 21, no. 2, pp. 1209–1242, vol. 68, no. 7, pp. 6697–6708, Jul. 2019.
2nd Quart., 2018. [26] Q. Xiong, Y.-C. Liang, K. H. Li, and Y. Gong, “An energy-ratio-
[4] I. Ahmad, S. Shahabuddin, T. Kumar, J. Okwuibe, A. Gurtov, and based approach for detecting pilot spoofing attack in multiple-antenna
M. Ylianttila, “Security for 5G and beyond,” IEEE Commun. Surveys systems,” IEEE Trans. Inf. Forensics Security, vol. 10, pp. 932–940,
Tuts., vol. 21, no. 4, 3682–3722, 4th Quart., 2019. 2015.
[5] T. Pecorella, L. Brilli, and L. Mucchi, “The role of physical layer secu- [27] Y. Liu, H.-H. Chen, and L. Wang, “Physical layer security for next
rity in IoT: A novel perspective,” MDPI Inf., vol. 7, no. 3, pp. 49–66, generation wireless networks: Theories, technologies, and challenges,”
2016. IEEE Commun. Surveys Tuts., vol. 19, no. 1, pp. 347–376, 1st Quart.,
[6] S. Severi, G. T. F de Abreu, P. Gianni, and D. Dardari, “A secret 2017.
key exchange scheme for near field communication,” in Proc. IEEE [28] M. Ylianttila et al., “6G white paper: Research challenges for trust,
Wireless Commun. Netw. Conf. (WCNC), 2014, pp. 428–433. security and privacy,” 2020. [Online]. Available: arXiv:2004.11665.

1912 VOLUME 2, 2021

[29] S. Mathur et al., “Exploiting the physical layer for enhanced security [50] S. Hu, F. Rusek, and O. Edfors, “Beyond massive MIMO: The poten-
[security and privacy in emerging wireless networks],” IEEE Wireless tial of data transmission with large intelligent surfaces,” IEEE Trans.
Commun., vol. 17, no. 5, pp. 63–70, Oct. 2010. Signal Process., vol. 66, no. 10, pp. 2746–2758, May 2018.
[30] W. Trappe, R. Howard, and R. S. Moore, “Low-energy security: Limits [51] NTT DoCoMo and Metawave Announce Successful Demonstration
and opportunities in the Internet of Things,” IEEE Security Privacy, of 28GHz-Band 5G Using World’s First Meta-Structure
vol. 13, no. 1, pp. 14–21, Jan./Feb. 2015. Technology. Accessed: Jul. 7, 2019. [Online]. Available:
[31] W. Trappe, “The challenges facing physical layer security,” IEEE https://www.marketwatch.com/press-release/ntt-docomo-and-
Commun. Mag., vol. 53, no. 6, pp. 16–20, Jun. 2015. metawave-announce-successful-demonstration-of-28ghz-band-5g-
[32] R. Bassily et al., “Cooperative security at the physical layer: A using-worlds-first-meta-structure-technology-2018-12-04
summary of recent advances,” IEEE Signal Process. Mag., vol. 30, [52] M. Cui, G. Zhang, and R. Zhang, “Secure wireless communication via
no. 5, pp. 16–28, Sep. 2013. intelligent reflecting surface,” IEEE Wireless Commun. Lett., vol. 8,
[33] G. Chisci, A. Conti, L. Mucchi, and M. Z. Win, “Intrinsic secrecy no. 5, pp. 1410–1414, Oct. 2019.
in inhomogeneous stochastic networks,” IEEE/ACM Trans. Netw., [53] X. Yu, D. Xu, and R. Schober, “Enabling secure wireless commu-
vol. 27, no. 4, pp. 1291–1304, Aug. 2019. nications via intelligent reflecting surfaces,” in Proc. IEEE Global
[34] L. Mucchi, L. Ronga, X. Zhou, K. Huang, Y. Chen, and R. Wang, Commun. Conf., Dec. 2019, pp. 1–6.
“A new metric for measuring the security of an environment: The [54] H. Shen, W. Xu, S. Gong, Z. He, and C. Zhao, “Secrecy
secrecy pressure,” IEEE Trans. Wireless Commun., vol. 16, no. 5, rate maximization for intelligent reflecting surface assisted multi-
pp. 3416–3430, May 2017. antenna communications,” IEEE Commun. Lett., vol. 23, no. 9,
[35] E. Del Re, S. Morosi, L. Mucchi, L. Ronga, and S. Jayousi, “Future pp. 1488–1492, Sep. 2019.
wireless systems for human bond communications,” Wireless Pers. [55] X. Guan, Q. Wu, and R. Zhang, “Intelligent reflecting sur-
Commun., vol. 88, no. 1, pp. 39–52, May 2016. face assisted secrecy communication: Is artificial noise helpful or
not?” IEEE Wireless Commun. Lett., vol. 9, no. 6, pp. 778–782,
[36] L. Mucchi, A. Martinelli, S. Jayousi, S. Caputo, and M. Pierobon,
Jun. 2020.
“Secrecy capacity and secure distance for diffusion-based molecular
[56] D. Xu, X. Yu, Y. Sun, D. W. K. Ng, and R. Schober, “Resource
communication systems,” IEEE Access, vol. 7, pp. 110687–110697,
allocation for secure IRS-assisted multiuser MISO systems,” in Proc.
2019.
IEEE Global Commun. Conf., Dec. 2019, pp. 1–6.
[37] S. Xiao, W. Gong, and D. Towsley, “Secure wireless communication
[57] S. Zhang, H. Zhang, B. Di, Y. Tan, Z. Han, and L. Song,
with dynamic secrets,” in Proc. IEEE INFOCOM, San Diego, CA,
“Beyond intelligent reflecting surfaces: Reflective-transmissive meta-
USA, 2010, pp. 1–9.
surface aided communications for full-dimensional coverage exten-
[38] A. Garnaev, M. Baykal-Gursoy, and H. V. Poor, “A game theoretic sion,” IEEE Trans. Veh. Technol., vol. 69, no. 11, pp. 13905–13909,
analysis of secret and reliable communication with active and passive Nov. 2020.
adversarial modes,” IEEE Trans. Wireless Commun., vol. 15, no. 3, [58] H. Haas, L. Yin, Y. Wang, and C. Chen, “What is LiFi?” J. Lightw.
pp. 2155–2163, Mar. 2016. Technol., vol. 34, no. 6, pp. 1533–1544, Mar. 15, 2016.
[39] S. Soderi, L. Mucchi, M. Hamalainen, A. Piva, and J. Iinatti, “Physical [59] T. Cogalan, H. Haas, and E. Panayirci, “Optical spatial modulation
layer security based on spread-spectrum watermarking and jam- design,” Philosoph. Trans. Royal Soc. A, vol. 378, no. 2169, pp. 1–18,
ming receiver,” Trans. Emerg. Telecommun. Technol., vol. 28, no. 7, Feb. 2020.
pp. 1–13, Jul. 2017. [60] A. Yesilkaya, E. Basar, F. Miramirkhani, E. Panayirci, M. Uysal,
[40] L. Mucchi, L. Ronga, and L. Cipriani, “A new modulation for and H. Haas, “Optical MIMO-OFDM with generalized LED index
intrinsically secure radio channel in wireless systems,”Wireless Pers. modulation,” IEEE Trans. Commun., vol. 65, no. 8, pp. 3429–3441,
Commun., vol. 51, no. 1, pp. 67–80, Oct. 2009. Aug. 2017.
[41] M. Höyhtyä, O. Apilo, and M. Lasanen, “Review of latest advances [61] E. Panayirci, A. Yesilkaya, T. Cogalan, H. Haas, and H. V. Poor,
in 3GPP standardization: D2D communication in 5G systems and its “Physical-layer security with generalized space shift key-
energy consumption models,” Future Internet, vol. 10, no. 1, p. 3, ing,” IEEE Trans. Commun., vol. 68, no. 5, pp. 3042–3056,
Jan. 2018. May 2020.
[42] T. L. Marzetta, “Noncooperative cellular wireless with unlimited num- [62] N. Su, E. Panayirci, M. Koca, A. Yesilkaya , H. V. Poor, and H. Haas,
bers of base station antennas,” IEEE Trans. Wireless Commun., vol. 9, “Physical layer security for multi-user MIMO visible light commu-
no. 11, pp. 3590–3600, Nov. 2010. nication systems with generalized space shift keying,” IEEE Trans.
[43] E. Björnson, L. Sanguinetti, H. Wymeersch, J. Hoydis, and Commun., vol. 69, no. 4, pp. 2585–2598, Apr. 2021.
T. L. Marzetta, “Massive MIMO is a reality—What is next? Five [63] S. R. Aghdam and T. M. Duman, “Physical layer security for space
promising research directions for antenna arrays,” Digit. Signal shift keying transmission with precoding,” IEEE Wireless Commun.
Process., vol. 94, pp. 3–20, Nov. 2019. Lett., vol. 5, no. 2, pp. 180–183, Apr. 2016.
[44] S. Timilsina, D. Kudathanthirige, and G. Amarasuriya, “Physical layer [64] Y. Chen, L. Wang, Z. Zhao, M. Ma, and B. Jiao, “Secure
security in cell-free massive MIMO,” in Proc. IEEE Global Commun. multiuser MIMO downlink transmission via precoding-aided spatial
Conf. (GLOBECOM), Abu Dhabi, United Arab Emirates, Dec. 2018, modulation,” IEEE Commun. Lett., vol. 20, no. 6, pp. 1116–1119,
pp. 1–7. Jun. 2016.
[45] T. M. Hoang, H. Q. Ngo, T. Q. Duong, H. D. Tuan, and A. Marshall, [65] F. Wu, R. Zhang, L.-L. Yang, and W. Wang, “Transmitter precoding-
“Cell-free massive MIMO networks: Optimal power control against aided spatial modulation for secrecy communications,” IEEE Trans.
active eavesdropping,” IEEE Trans. Commun., vol. 66, no. 10, Veh. Technol., vol. 65, no. 1, pp. 467–471, Jan. 2016.
pp. 4724–4737, Oct. 2018. [66] A. Arafa, E. Panayirci, and V. H. Poor, “Relay-aided secure broadcast-
[46] X. Zhang, D. Guo, and K. An, “Secure communication in multigroup ing for visible light communications,” IEEE Trans. Commun., vol. 67,
multicasting cell-free massive MIMO networks with active spoofing no. 6, pp. 4227–4239, Jun. 2019.
attack,” Electron. Lett., vol. 55, no. 2, pp. 96–98, 2018. [67] Z. Huang, Z. Gao, and L. Sun, “Anti-eavesdropping scheme based on
[47] X. Zhang, D. Guo, K. An, Z. Ding, and B. Zhang, “Secrecy quadrature spatial modulation,” IEEE Commun. Lett., vol. 21, no. 3,
analysis and active pilot spoofing attack detection for multigroup pp. 532–535, Mar. 2017.
multicasting cell-free massive MIMO systems,” IEEE Access, vol. 7, [68] F. Wang, R. Li, J. Zhang, S. Shi, and C. Liu, “Enhancing the
pp. 57332–57340, 2019. secrecy performance of the spatial modulation aided VLC systems
[48] M. Alageli, A. Ikhlef, F. Alsifiany, M. A. Abdullah, G. Chen, and with optical jamming,” Signal Process., vol. 157, pp. 288–302,
J. Chambers, “Optimal downlink transmission for cell-free SWIPT Apr. 2019.
massive MIMO systems with active eavesdropping,” IEEE Trans. Inf. [69] L. Yin and H. Haas, “Physical-layer security in multiuser visible
Forensics Security, vol. 15, pp. 1983–1998, 2019. light communication networks,” IEEE J. Sel. Areas Commun., vol. 36,
[49] C. Huang, A. Zappone, G. C. Alexandropoulos, M. Debbah, and no. 1, pp. 162–174, Jan. 2018.
C. Yuen, “Reconfigurable intelligent surfaces for energy efficiency [70] Y. Yang and M. Guizani, “Mapping-varied spatial modulation for
in wireless communication,” IEEE Trans. Wireless Commun., vol. 18, physical layer security: Transmission strategy and secrecy rate,” IEEE
no. 8, pp. 4157–4170, Aug. 2019. J. Sel. Areas Commun., vol. 36, no. 4, pp. 877–889, Apr. 2018.

VOLUME 2, 2021 1913

MUCCHI et al.: PLS IN 6G NETWORKS

[71] X. Jiang, M. Wen, H. Hai, J. Li, and S. Kim, “Secrecy-enhancing [78] N. Su, E. Panayirci, H. V. Poor, and M. Koca, “Spatial con-
scheme for spatial modulation,” IEEE Commun. Lett., vol. 22, no. 3, stellation design based generalized space shift keying for physical
pp. 550–553, Mar. 2018. layer security of multi-user MIMO communication system,” IEEE
[72] N. Valliappan, A. Lozano, and R. W. Heath, “Antenna subset modula- Wireless Commun. Lett., vol. 10, no. 8, pp. 1785–1789, Aug. 2021,
tion for secure millimeter-wave wireless communication,” IEEE Trans. doi: 10.1109/LWC.2021.3079875.
Commun., vol. 61, no. 8, pp. 3231–3245, Aug. 2013. [79] G. Pan, J. Ye, and Z. Ding, “Secure hybrid VLC-RF systems with
[73] F. Wang et al., “Secrecy analysis of generalized space-shift key- light energy harvesting,” IEEE Trans. Commun., vol. 65, no. 10,
ing aided visible light communication,” IEEE Access, vol. 6, pp. 4348–4359, Oct. 2017.
pp. 18310–18324, 2018. [80] L. Li, Y. Zhang, B. Fan, and H. Tian, “Mobility-aware load balancing
[74] J. Wang, H. Ge, M. Lin, J. Wang, J. Dai, and M. Alouini, “On the scheme in hybrid VLC-LTE networks,” IEEE Commun. Lett., vol. 20,
secrecy rate of spatial modulation-based indoor visible light communi- no. 11, pp. 2276–2279, Nov. 2016.
cations,” IEEE J. Sel. Areas Commun., vol. 37, no. 9, pp. 2087–2101, [81] M. Kashef, M. Abdallah, and N. Al-Dhahir, “Transmit power
Sep. 2019. optimization for a hybrid PLC/VLC/RF communication system,”
[75] F. Shu, Z. Wang, R. Chen, Y. Wu, and J. Wang, “Two high- IEEE Trans. Green Commun. Netw., vol. 2, no. 1, pp. 234–245,
performance schemes of transmit antenna selection for secure spatial Mar. 2018.
modulation,”IEEE Trans. Veh. Technol., vol. 67, no. 9, pp. 8969–8973, [82] J. Al-khori, G. Nauryzbayev, M. Abdallah, and M. Hamdi, “Physical
Sep. 2018. layer security for hybrid RF/VLC DF relaying systems,” in Proc. IEEE
[76] A. A. Purwita, M. D. Soltani, M. Safari, and H. Haas, “Handover 88th Veh. Technol. Conf. (VTC-Fall), Aug. 2018, pp. 1–6.
probability of hybrid LiFi/RF-based networks with randomly-oriented [83] M. A. Arfaoui et al., “Physical layer security for visible light commu-
devices,” in Proc. IEEE 87th Veh. Technol. Conf. (VTC Spring), Porto, nication systems: A survey,” IEEE Commun. Surveys Tuts., vol. 22,
Portugal, Jun. 2018, pp. 1–5. no. 3, pp. 1887–1908, 3rd Quart., 2020.
[77] E. Panayirci, “Optical index-coded space shift keying [84] Z. Chen and H. Haas, “Physical layer security for optical attocell
(IC/SSK),” IEEE Commun. Lett., early access, May 25, 2021, networks,” in Proc. IEEE Int. Conf. Commun. (ICC), 2017, pp. 1–6.
doi: 10.1109/LCOMM.2021.3082866.

1914 VOLUME 2, 2021