Abstract

The global race toward sixth-generation (6G) networks isn't just a competition for speed; it's a geopolitical conflict for control over the world's future information infrastructure. The strategic goal is "Ubiquitous Connectivity" (泛在连接 - fànzài liánjiē), meaning universal, uninterrupted access for all devices, everywhere. This ubiquity is achieved by fusing terrestrial and satellite networks (Space-Terrestrial-Air-Sea Integration).

This integration exposes the entire network to critical vulnerabilities, especially in the satellite component, which is essential for national security and the expansion of dual-use capabilities. For global powers, 6G security is a strategic imperative to guarantee armed forces communications and support command and control systems in any scenario.

The core problem is that current threats (AI-driven attacks, DDoS) and future threats (Quantum Computing) surpass traditional perimeter defenses. China (中国 - Zhōngguó) is responding to this challenge with the "Intelligent Endogenous Security Architecture" (智慧内生安全架构 - zhìhuì nèishēng ānquán jiàgòu), aiming to incorporate security "from birth" (built-in). The objective is to build a system that doesn't just react to attacks, but predicts them and self-defends elastically, ensuring the integrity and resilience of all nodes, including the satellites crucial for military security.

I. Geopolitical Context and The Evolution of Mobile Security

A. The Historical Evolution of Mobile Security (1G to 5G)

To understand the scope of the 6G strategy, it's essential to frame the persistent security challenges and breakthroughs of prior generations.

1. 1G and 2G (The Dawn of Encryption): Early generations relied on basic encryption for voice communication. The 2G system used authentication triplets and the A5 series of encryption algorithms. However, it only offered unidirectional authentication (the network authenticated the user, but the user did not authenticate the network). This lack of mutual verification left the system vulnerable to fake base station attacks.

2. 3G and 4G (Strengthening Cryptography): These generations introduced bidirectional authentication (mutual authentication) between the user and the network, significantly enhancing system security. They adopted stronger encryption algorithms (such as Snow 3G, AES, and ZUC) and added data confidentiality and integrity protection mechanisms. The 4G system added a mutual trust mechanism between the Radio Access Network (RAN) and the Core Network.

3. 5G (The Architectural Revolution): The 5G architecture brought profound changes, primarily introducing the Service-Based Architecture (SBA) and Network Slicing. While SBA increased network flexibility, it introduced new attack surfaces for inter-network function communication. Network Slicing allowed for customized networks for specific sectors, but created the risk of inter-slice security breaches. 5G notably improved privacy by encrypting the Subscription Permanent Identifier (SUPI) before transmission.

   
   

B. The Leap to 6G: Unresolved Challenges and the Endogenous Defense

Despite 5G’s progress, persistent issues—such as signaling DoS attacks, energy exhaustion attacks, and user tracking—remain unresolved and will continue to affect 6G security. Furthermore, 6G introduces new challenges:

• Massive Heterogeneity: The fusion of terrestrial, air, and space networks blurs security boundaries and introduces diverse stakeholders.

• AI-Driven Threats: The use of AI by attackers makes threats more intelligent, concealed, and automated.

• Quantum Threat: The imminent threat from quantum computers necessitates a complete cryptographic overhaul.

To counter this, China, through research institutions like Beihang University (北京航空航天大学), has defined the Intelligent Endogenous Security Architecture (智慧内生安全架构 - zhìhuì nèishēng ānquán jiàgòu), designed to be a fundamental security mechanism built upon the foundation of 5G architecture^.

II. Detailed Focus: Technologies and Defense Strategies

A. Artificial Intelligence (AI) and Operational Resilience

The AI (人工智能 - Rénzàogōngnéng) is the central brain enabling the network to predict and self-manage.

1. AI Large Models and Proactive Immunity: AI Large Models (AI大模型 - AI dà móxíng), with massive reasoning and processing capabilities, are used to overcome the limitations of signature-based defenses. They enable Threat Prediction (Proactive Immunity) by simulating complex attacks (like APTs) before they occur, shifting defense from reactive matching to threat prediction. This allows for the dynamic generation of defensive strategies.

2. Distributed Learning and AI Challenges: AI capabilities are distributed across the network via Distributed Machine Learning. Federated Learning (FL) (联邦学习 - liánbāng xuéxí) is crucial for Distributed Collaboration. It allows multiple operators to train a common security model without sharing sensitive raw data (the principle being "the model moves, the data stays put"). However, the practical application of AI faces critical security issues:

   • Adversarial Attacks: AI models are vulnerable to attacks that bypass detection.

   • Explainability and Trust Crisis: AI models suffer from poor interpretability (可解释性不足 - kějiěshì xìng bùzú). A system generating defense strategies without full human verification can lead to a "trust crisis".

   • Training Vulnerability: AI is susceptible to data poisoning attacks, where corrupted data compromises the model's integrity.

DTN and Verification

The Digital Twin Network (DTN) (数字孪生网络 - shùzì luánshēng wǎngluò) is the key technology for the Digital Twin Driven principle.

• Verification Function: The DTN acts as a "risk-free simulation laboratory". Researchers can launch simulated attacks and verify the effectiveness of countermeasures (e.g., optimizing resource allocation and security policies) before deploying them on the live network. This process is essential for closing the "Perception-Decision-Verification-Optimization" defense cycle.

  
  

B. Trust Architecture, Authentication, and Quantum Security

1. Trust Framework and Quantum Resilience: The Unified Self-Sovereign Identity (U-SSI) (统一自我主权身份 - tǒngyī zìwǒ zhǔquán shēnfèn), proposed by the Beijing University of Posts and Telecommunications (北京邮电大学 - Běijīng Yóudiàn Dàxué), ensures the user or device controls its own identity data. The U-SSI framework is designed with modular cryptographic interfaces (模块化密码接口 - mókuài huà mìmǎ jiēkǒu) to allow a smooth transition to Post-Quantum Cryptography (PQC) algorithms (e.g., CRYSTALS-Kyber) , guaranteeing security against quantum threats.

2. Low-Latency Space-Terrestrial Authentication: The traditional four-step Authentication and Key Agreement (AKA) process is too slow for rapidly moving satellites, introducing latency and vulnerability to DoS attacks.

   
   

   • Core Network On-board Satellite (上星 - shàngxīng): Critical Core Network functions are installed directly on the satellite.

   • UE-led Single Exchange Authentication: The User Equipment (UE) sends the authentication response in a single exchange.

     
     

3. Physical Layer and Quantitative Risk Management

A. Quantitative Risk Management (SRPN)

The SRPN (Satellite Risk Priority Number) model, developed by the Xidian University (西安电子科技大学 - Xī'ān Diànzǐ Kējì Dàxué), quantifies the risk.

• Resource Optimization: The strategy focuses on identifying the marginal balance point on the RPN-Resource Cost curve to maximize security per unit of resource invested.

B. Wireless Physical Layer Security

Security leverages the physics of the radio signal.

• Dynamic Key Generation: The system uses unique and changing radio channel characteristics to create a constantly changing secret key (动态密钥 - dòngtài mìyuè).

• Intelligent Reflecting Surfaces (RIS): RIS (可编程智能反射面 - kě biānchéng zhìnéng fǎnshèmiàn) are used to concentrate signal power on the authorized user and create a "null zone" for eavesdroppers.

C. Critical Wireless Threats

The Space-Terrestrial fusion introduces three critical wireless threat domains: Access Security (接入安全), Inter-Satellite Security (星间安全), and Feeder Security (馈电安全).

III. Implications and Open Challenges

A. Geopolitical Implications and Competition

• Standardization Geopolitics: China is promoting Endogenous Security (内生安全 - nèishēng ānquán) as the fundamental architectural standard for 6G, seeking a normative advantage.

• The Quantum Threat: The PQC-ready architecture and the push for Quantum Key Distribution (QKD) (量子密钥分发 - liàngzǐ mìyuè fēnfā) indicate a clear focus on future military security.

• Dual-Use Advantage: Adopting low-latency, distributed trust authentication (U-SSI/MTA) directly enhances the resilience of communications for tactical air and space operations.

  
  

B. Practical Challenges and Open Obstacles

• AI Explainability and Trust: AI models suffer from poor interpretability (可解释性不足 - kějiěshì xìng bùzú). A system generating defense strategies without full human logic verification presents a potential "trust crisis."

• Cost and Sustainability of Satellite Resources: The DTN, AI Large Models, and Blockchain capabilities require significant computation. The cost of maintaining the MTA and the distributed AI on resource-constrained satellite nodes remains a major practical obstacle.

• Heterogeneous Network Synchronization: Guaranteeing perfect real-time synchronization of all domains (Space, Terrestrial, Air) to close the defense cycle is technically difficult, especially for the DTN.

  
  

Institutional and Research Entities Involved (China)

• Standards/Coordination: IMT-2030 (6G) Promotion Group (IMT-2030 (6G) 推进组)

• Risk/Defense Research: Xidian University (西安电子科技大学) , Beihang University (北京航空航天大学)

• Trust/Blockchain Research: Beijing University of Posts and Telecommunications (北京邮电大学)

• Operators/Industry: China Mobile (中国移动), China Unicom (中国联通), China Telecom (中国电信)

  
  

Bibliography

1. YUAN Chaoying, BAI Jingpeng, YUAN Shumei, HE Guofeng. Endogenous Security Architecture of Next-Generation Cloud-Network for Telecom. China Telecom Research Institute, ZTE technology journal, 2025.

2. LIANG Yacong, XU Hui. Security Requirements and Key Technologies for 6G Integrated Satellite and Terrestrial Network. Datang Mobile Communication Equipment Co. Ltd., Beihang University, ZTE technology journal, 2025.

3. ZHU Fei, CAO Jin, HAN Changlong, YI Wei, LI Hui. A Quantitative Evaluation Model for Satellite System Cybersecurity Based on MITRE ATT&CK Framework. Xidian University, ZTE technology journal, 2025.

4. LI Haoyang, XIAO Shaohe, CAO Bin, PENG Mugen, LI Lixiang, LIU Xinran. Primer for Trustworthy 6G: Unified Self-Sovereign Identifier System. Beijing University of Posts and Telecommunications, ZTE technology journal, 2025.

5. WANG Hanzhou, JIN Zian, WANG Rui, LIU Jianwei. AI Empowered 6G Security: Architecture and Key Technologies. Beihang University, ZTE technology journal, 2025.

6. YANG Hongmei, ZHAO Xun. Challenges and Applications of Empowering Network Security with AI. China Academy of Information and Communications Technology, ZTE technology journal, 2025.

7. SU Li, YAN Ru, MA Yuwei. Operation Mechanism of 6G Network Built-in Security System. The Research Institution of China Mobile, ZTE technology journal, 2025.

8. LUO Hanyi, CUI Baojiang, TONG Xin. Architecture and Key Technologies of 6G Network Security. Beijing University of Posts and Telecommunications, ZTE technology journal, 2025.

9. MA Hongbing, YAO Ge, ZHANG Manjun, XU Lei. Prospect of 6G Network Security Architecture. China United Network Communications Group Co., Ltd., ZTE technology journal, 2025.

10. LIU Jianwei, WANG Jingjing. 6G Network Security Special Topic Guide. Beihang University, ZTE technology journal, 2025.