5G was just the beginning, what 6G security really looks like

What 5G already changed

5G already broke a few of the 4G assumptions. Massive MIMO and beamforming made spatial multiplexing real. Network slicing made one physical network look like many logical ones. Edge compute became part of the radio access network. Each of those shifts came with security work, and the 5G specs (3GPP Release 15 to 17) absorbed most of it. SUPI confidentiality, slice isolation, secure user-plane integrity, all in.

What 5G did not change: the spectrum model is still mostly statically allocated, the radio is still mostly deterministic, the cryptography is still based on RSA and ECDH (susceptible to harvest-now-decrypt-later).

What 6G changes

Cognitive radio is foundational

5G specifies dynamic spectrum sharing as an option. 6G makes it a baseline. The radio senses, predicts, allocates, and yields, all under partial observability. This is a deep RL controller, not a static configuration. Securing the protocol stack is no longer enough, because the attack surface includes the controller's policy.

Adversarial inputs to the spectrum sensor can poison the learned policy. Reward shaping can be gamed. Exploration policy can leak secondary-user identity. None of these are theoretical, all are well-documented in the adversarial RL literature. See the 6G cognitive radio security topic page for the standing perspective.

Sensing and communication share spectrum (ISAC)

Integrated sensing and communication uses the same waveform for both radar (sensing) and data (communication). It is efficient, since you do not need separate spectrum for radar. It is also a privacy and security minefield. The radar function can map who and what is in the sensed area. That data is sensitive. It travels in the same packets as user data. Cross-channel leakage and misuse are new attack categories.

Terahertz frequencies enter the picture

Terahertz bands offer huge raw bandwidth but terrible propagation: typical range tens of metres, susceptible to weather, obstructed by walls. 6G uses terahertz for very-short-range very-high-bandwidth links, alongside the sub-6 GHz and millimetre-wave bands. Each band has different security properties. Terahertz is hard to intercept beyond line-of-sight, but trivially jammed by physical obstruction. Different threat profile entirely.

Post-quantum cryptography is table stakes

6G specs go to ratification post-2028. By that timeline, NIST PQC has been standardised for 4 to 6 years. There is no plausible reason to design 6G key exchange or device authentication on RSA or ECDH. Hybrid PQC at minimum, native PQC where the constraint envelope permits it. PQ-EDHOC at the IoT edge, hybrid TLS 1.3 with Kyber on the broadband edge.

The new threat model in three lines

1. The radio is a learning agent. The policy is part of the attack surface.
2. The radio is a sensor. Sensing data is sensitive and shares the channel with user data.
3. The cryptographic substrate is harvest-now-decrypt-later vulnerable until PQC is in.

What this means for operators

• Specify PQC support in 6G procurement RFPs from day one. Vendors will not ship it otherwise.
• Treat ISAC sensing data as personal data. Privacy-preserving aggregation matters.
• Plan for adversarial-RL stress testing as part of acceptance criteria for cognitive-radio modules.
• Plan for HSM replacement at the core, since RSA-sized HSMs do not fit Dilithium-2.

What this means for researchers

The interesting open problems are at the intersections. PQC plus cognitive radio, the protected telemetry feeding the controller. Privacy-preserving ISAC, the radar function with cryptographic constraints. Adversarial-robustness for the policy itself. My 2025 work on energy-aware cognitive radio (Green Cognitive Radio) sits at one of those intersections.