Addressing Privacy Concerns in Joint Communication and Sensing for 6G Networks: Challenges and Prospects
Prajnamaya Dass, Sonika Ujjwal, Jiri Novotny, Yevhen Zolotavkin, Zakaria Laaroussi, Stefan Köpsell
TL;DR
This paper addresses privacy challenges in 6G Joint Communication and Sensing (JCAS) by identifying how sensing data can reveal sensitive information and violate regulations such as the GDPR. It proposes an enhanced JCAS architecture that adds a Sensing Policy, Consent, and Transparency Management (SPCTM) layer and a SensingStore to govern sensing policies, consent, and persistent data, integrated with existing NEF, SCF, and SPF components. A comprehensive threat analysis using STRIDE and LINDDUN across all JCAS interfaces identifies risks such as spoofing, tampering, data disclosure, and DoS, and the authors map these threats to CWEs and CAPEC. To mitigate these risks, the paper suggests privacy-enforcing governance via SPCTM/SPF, threat-prioritized security controls, and UE-specific privacy protections, with a plan for future risk assessment and more fine-grained privacy mechanisms. The work advances practical privacy-by-design for 6G JCAS by detailing architectural changes, threat models, and concrete control strategies to balance sensing capabilities with regulatory compliance and user privacy.
Abstract
The vision for 6G extends beyond mere communication, incorporating sensing capabilities to facilitate a diverse array of novel applications and services. However, the advent of joint communication and sensing (JCAS) technology introduces concerns regarding the handling of sensitive personally identifiable information (PII) pertaining to individuals and objects, along with external third-party data and disclosure. Consequently, JCAS-based applications are susceptible to privacy breaches, including location tracking, identity disclosure, profiling, and misuse of sensor data, raising significant implications under the European Union's general data protection regulation (GDPR) as well as other applicable standards. This paper critically examines emergent JCAS architectures and underscores the necessity for network functions to enable privacy-specific features in the 6G systems. We propose an enhanced JCAS architecture with additional network functions and interfaces, facilitating the management of sensing policies, consent information, and transparency guidelines, alongside the integration of sensing-specific functions and storage for sensing processing sessions. Furthermore, we conduct a comprehensive threat analysis for all interfaces, employing security threat model STRIDE and privacy threat model LINDDUN. We also summarise the identified threats using standard common weakness enumeration (CWE). Finally, we suggest the security and privacy controls as the mitigating strategies to counter the identified threats stemming from the JCAS architecture.