1 Next generation wireless systems

Wireless systems have already been a transformative impact on the way of interacting and communicating and how information and data is exchanged. Thereby, the transformation is accelerated by technological drivers such as Artificial Intelligence (AI) and the massive switch to automation and deployment of intelligent wireless communication.

In this ongoing process emerging requirements for high data rates, Quality of Service (QoS), ultra-low latency and ultra-high reliability arise to enable scenarios such as digital twins, connected robotics, high-fidelity holographic projections and the Industrial Internet of Things (IIoT) [1, 2]. Especially in the sector of Internet of Things (IoT), Wireless Sensor Networks (WSN) and Wireless Body Area Networks (WBAN) are arising technologies to enhance quality of life not only in the context of medical applications but also in the security domain [3, 4].

Besides the requirements to quality, are those to quantity: the International Telecommunication Union (ITU) estimated that the total amount of Mobile Broadband (MBB) subscribers worldwide will reach 17.1 billion by 2030 [5] and the Machine-to-Machine (M2M) terminals will reach about 100 billion—this is 14 times over that of 2020—by the same period of time [5]. But, although the Fifth Generation (5G) wireless networks are in the global realization, there is no single enabling technology to satisfy these requirements [6].

This is why the focus already switched, to developing Beyond 5G (B5G) and Sixth Generation (6G) wireless systems. Among others, these 6G research areas include the application of AI as it will be integrated into the air interfaces and become the basis for signal detection, channel estimation, modulation, coding and synchronization, distributed processing, Visible Light Communication (VLC), Ultra-Massive Multiple Input Multiple Output (UM MIMO), but also pushing the communication to higher frequency bands such as mmWave and (sub)terahertz (THz) with ideas of ultra-high throughput applications such as tactile Internet, Extremely Dense Networks (EDNs) or Internet of Nano-Things (IoNT) [7]. Each of them can positively affect the subject of Physical Layer Security (PhySec) [8].

There is also another “promising and revolutionizing”  [1] technology to improve the spectral, and energy efficiency of the radio channel: Reconfigurable Intelligent Surface (RISs). RISs or Intelligent Reflecting Surface (IRS), respectively, are said to boost wireless communication in terms of coverage, energy efficiency, and localization and are foreseen to play an important role in future 6G controllable beam steering profiles. But, in addition, as security & privacy are 6G key design criteria as well, there is another application area for Reconfigurable Intelligent Surface (RIS) is the security aspect. Besides different approaches to building working surfaces [9], the aspect of simulations ranging from smart algorithms for the “Intelligence” inside of the surfaces to the physical behavior of the working hardware is an important connected field of research.

This work highlights two different important aspects regarding efficient simulations within the scope of setting up, developing, and building a functional RIS, and the emphasis of the necessity of intrinsic security features regarding RIS.

Furthermore, different use cases in which RISs contribute to the security of wireless systems are discussed. The possibility of actively influencing beamforming and -splitting prevents eavesdropping, and constructive and destructive superimposition contributes to the mitigation of jamming attacks. In particular, due to the mentioned ability to “control” the characteristics of the propagation environment, this opens up capabilities for PhySec and the Secret Key Generation (SKG). If the channel properties can be controlled, this directly affects the quality of the generated cryptographic primitives.

The remainder of this work is organized as follows. Section 2 provides an insight in RISs in general, describes the structure and the idea of RISs and motivates fields of application. Simulations of the beamsplitting and beamforming properties of the RIS are discussed in Sect. 3. How RIS can contribute to PhySec is proposed in Sect. 4. Corresponding RIS use-cases are discussed in Sect. 5. Finally, Sect. 6 concludes this work and draws an outline to future work.

2 Reconfigurable intelligent surfaces: concept, design and applications

With special intelligent surfaces, incident signals can be directed in a specific direction or even focused on a specific solid angle. Therefore, these surfaces consist of many sub-wavelength wide elements which can be controlled independently. The specific change of the characteristic allows for an incoming wave signal to be split up into multiple beams that are reflected in the desired directions [1].

2.1 Introduction to RIS

Reconfigurable Intelligent Surface, designated as flat-surfaced, can reconfigure their properties so that an incoming beam can be reflected in a given spatial angle. There are several approaches how to create a fitting surface, but in general, they are classified into antenna-array based [9] and meta-surface based structures [1]. In this work, a method for meta-surface based systems is provided, whereby this structure is used to simulate and highlight the different security aspects. In contrast to a metallic surface, a RIS has to consist of many small elements which can reconfigure the local phase with a high resolution. By changing the impedance of these elements, the surface phase profile is tuned. In contrast to an antenna-array based system, the surface properties of a meta-material based structure change due to physical and mechanical changes in the elements.

With first developed structures, it is possible to tune the phase about \(180^{\circ }\) by applying a certain voltage onto an element [10].

Fig. 1
figure 1

RIS architecture and unit cell design (inset)

Full size image

The basic architecture of a meta-surface RIS is illustrated in Fig. 1, a meta-surface is a two-dimensional structure with unit cells of subwavelength size and distance considering the wavelength \(\lambda \) of the incident electromagnetic waves. The unit cell dimensions a are typically in the range of \(a \le \frac{\lambda }{4}\). For the example of Fig. 1, each unit cell consists of a metallic patch and a Direct Current (DC) bias network, loaded with a Positive Intrinsic Negative (PIN) diode. Within each unit cell, the PIN diode can be switched between the conducting and insulating state by application of a DC voltage (the DC line is not depicted in Fig. 1). As a result, linearly polarized incident electromagnetic waves are reflected with a phase shift of \(180^{\circ }\) from biased unit cells, whereas they experience zero phase shift when reflected from an unbiased one. By voltage control of the spatial phase shift pattern, the beam direction and shape of the reflected wave can be deliberately manipulated [11, 12]. A more detailed theoretical description of beam forming via phase shift tailoring can be found in [13].

Fig. 2
figure 2

Simulation setup, \(d_x\) is the movement variable in x-direction, \(d_y\) respectively in y-direction of the receiving IoT device

Full size image

2.2 Conceivable applications and use-cases for RISs

RIS-enabled technologies provide the potential to investigate various applications with respect to enhancing signal coverage, maximization of signal-to-noise ratio, optimizing beam splitting/forming, massive MIMO systems, Terahertz, as well as VLC [14]. Recently, they gained much attention in the research of IoT devices that provide the benefit of short-range communication with the required parameters of optimizing latency, energy, and performance, which can be further enhanced with RIS systems. The PhySec of the IoT networks are exposed to the broad surface of attacks such as jamming, tampering, eavesdropping, and man-in-the-middle attacks.

In addition to the mentioned application areas, RISs are a promising technology for cellular networks, B5G. In the cover of optical communication and indoor communication, the use of RIS could solve the indispensable problems that will appear through the use of high frequencies, which can be blocked easily. It can be used to cover shadowed areas for future smart cities and solve reliability problems that are necessary for unmanned systems or autonomous vehicles. Also, it could deliver the needed power and security for future IIoT devices and networks.

To understand the effect of transmitted power performance of RIS, an experimental setup, as shown in Fig. 2, is constructed in a simulated environment based on the reference simulations provided by [15]. A 3GPP Urban Micro (UMi) model from [16] is used, which operates with a carrier frequency of 3 GHz. The channel antenna gains for the source and RIS is 5 dBm, while destination is assigned with 0 dBm. The RIS operates with 256 elements with a reflection coefficient of 1. A wave signal-use-case in a rectangle of 25 m to 100 m is used to calculate the required transmit power shown in Fig. 3 to achieve a bit rate of 2 bit/s/Hz. The unique color of the plots indicates the transmitted power of the system.

In Fig. 3a a signal-offering source is used at the origin of this rectangle and destination is a movement variable in \(d_x\) and \(d_y\) directions. In plot 3b a RIS-structure in a distance of 100 m is implemented in addition to the source and varying destination position.

The model operating with SISO without RIS from Fig. 3a requires higher transmitted power with a bigger distance from the source. While in the model with RIS from Fig. 3b, the all in all transmitted power can be reduced. Also, this plot shows that the transmitted power is the lowest, in between of source and RIS, which rises as expected with a bigger vertical distance of the destination antenna. This shows that the RIS deployed networks could provide a higher signal strength with significantly lesser power consumption, which can be further optimized for PhySec application and enabling the wireless communication to operate with higher security.

Fig. 3
figure 3

3D-Colorplots of the simulated Transmitted Power of IoT devices for a rectangle of 100 m to 25 m. a Shows the Transmitted Power of a fixed source through a Non-Line-of-Sight (NLoS), b shows the transmitted power for a fixed source and a fixed RIS-structure of 256 elements with the setup shown in Fig. 2

Full size image

3 Efficient far field pattern simulation of RIS

As described in Sect. 2, a RIS is a device capable of controlling the shape of an electromagnetic wave after being reflected at its surface. This ability is used for example to split the incoming wave into multiple beams, that are targeted towards several devices. For this task, it is imperative to know the correlation between the phase shift pattern of the RIS and the far field of the reflected radiation. In the past, this correlation was already calculated analytically [17]. This approach, however, comes with several disadvantages. First, it is not possible to take boundary effects into account and the quality of the approximation depends on the size of the unit cells. Second, the model can only accurately describe the far field of the reflected radiation, while the characterization of a RIS is often performed in the near field.

For a more detailed analysis of the RIS’ effect on an incoming electromagnetic wave, full wave simulations are performed using the software CST Microwave Studio [18]. Yet, these simulations are complex and require a lot of resources. For large-scale RIS with a size up to \(1 \times 1\) meter, a full wave simulation performed with a time domain solver can consume several weeks even on modern hardware. If, for instance, the results are used to train the control software of a RIS, hundreds of simulations with different unit cell patterns would be required, implying an even higher time consumption. Therefore, an alternative approach to characterize a RIS by using impedance surfaces is investigated. Instead of calculating the interaction between an electromagnetic wave and the microstructured surface, a homogeneous, effective impedance is assigned to each unit cell interacting with the incoming radiation. CST Microwave Studio allows for the definition of this type of effective material. The surface impedance itself depends on the geometry of the unit cells and can be derived from their S-parameters, calculated by the frequency domain solver. This method has proven to be at least an order of magnitude faster on the used hardware. The results for both simulation methods are compared in the following section.

In the first approach, a hardwired design as shown in Fig. 4a was used instead of utilizing a diode to control the phase shift. Because no vias and DC lines are needed for such a passive RIS, the complexity of the simulation and thus the simulation time is decreased. The unit cells of the passive RIS consist of a 510 µm thick RT/duroid®5880 substrates and a patch antenna at the front of the RIS, as well as an unstructured ground plane at the backside of the substrate. The antenna has the shape of two loops that can either be completely separate or connected in the middle of the unit cell. The phase shift between these two states is \(180^{\circ }\) for a design frequency of 27.4 GHz. The simulated surface consists of \(28 \times 28\) unit cells with a width and height of 2.8 mm (\(\approx \frac{\lambda }{4}\)) each. They are arranged in the shape of a checkerboard, where \(4 \times 4\) unit cells with the same phase shift build one square of the board.

Fig. 4
figure 4

Unit cell design and full-wave simulations for a passive RIS

Full size image

Figure 4b shows the far field surface plot of the reflected radiation as calculated by the full wave simulation on the structured surface and on the model of an effective impedance surface. In both simulations, the wave is back-scattered from the RIS and shows four symmetric sidelobes. In the case of the impedance surface, the amplitude of the main lobe is strongly reduced. This is the desired behavior of the RIS, because only the direction of the sidelobes can be altered by the phase shift pattern to target single users. Yet, the full wave simulation performed on the structured surface has displayed a less suppressed main lobe. This is caused by the insufficient resolution of the simulation. The width of the loops, that define the patch antenna, is in the area of \(\frac{\lambda }{100}\), thus the size of a single mesh cell used in the time domain solver should be at least in the order of \(\frac{\lambda }{1000}\) to accurately describe the surface. However, to keep the simulation time reasonably low, the mesh cells had a size of \(\frac{\lambda }{100}\) leading to a larger error and therefore a higher main lobe amplitude compared to the impedance surface. The cross-sectional electric field distribution of the sidelobes in Fig. 4c allows a direct comparison of both simulation models. It can be seen that the sidelobes show a deflection angle close to \(30^\circ \) in both cases. The shape and magnitude of the sidelobes are also nearly identical for both methods, with their magnitude being about \(10\,\%\) smaller for the structured surface. It is again suspected, that this difference stems mostly from the resolution of the simulation and should vanish for infinitesimally small mesh cells.

Additionally, an active RIS with a diode in each unit cell was simulated (Fig. 5a). The unit cells were enlarged to a width and height of 5.3 mm (\(\approx \frac{\lambda }{2}\)) to have enough space for the used PIN-diodes and their corresponding vias and DC lines to fit inside and at the same time avoid crosstalk between the circuits. To maintain a reasonable computation time when simulating the structured surface with this more complex design, the number of unit cells was reduced to \(10 \times 10\). Because of the DC lines on the backside of the RIS, the substrate is split up into two layers that are separated by a copper ground plane. The top layer of the substrate is simulated with a thickness of 760 µm, and the bottom layer with a thickness of 270  µm.

The phase of the incoming wave is shifted depending on the state of the PIN diode for each unit cell. By changing the DC voltage applied to the diode, it is possible to gradually tune the impedance of the diode and thus the electrical properties of the unit cell. Therefore, a range of different phase shifts could be generated. For simplicity, however, only two different possible voltage states of the diode were considered. Similar to the passive RIS, the difference in phase shift between these two states is \(180^\circ \) at a working frequency of 26.4 GHz. The diodes are also wired in a way that only allows for a columnwise switching. For full control over the switching state of each single unit cell, additional electrical components and a more complex layout of the transmission line would be necessary, leading to an even more complex simulation. Therefore, a periodic stripe shape instead of a checkerboard was investigated. Each stripe consists of two columns of unit cells with the same phase shift. Figure 5b again shows the surface plot of the reflected radiation for both simulation methods. Because of the changed symmetry of the surface, only two sidelobes appear in this case. Similar to the passive RIS, the main lobe is nearly fully suppressed for the effective impedance model, while being more prominent in the full-wave simulation of the microstructured surface. Because of the even more complex structure, this behavior was expected. Especially the electromagnetic response of the vias needs to be simulated with an extremely high resolution, which is not the case when using an effective impedance surface. This discrepancy also becomes obvious from the cross-sectional amplitude distribution of the electric field of the two sidelobes and the main lobe shown in Fig. 5c.

For both simulation models, the sidelobes show the same direction and overall shape, yet the electric field is now nearly \(25\,\%\) smaller for the effective impedance surface. This highlights once more, that much smaller mesh cells would be required to obtain an accurate result in the time domain simulation, which can be circumvented by using the effective impedance surface model.

Fig. 5
figure 5

Unit cell design and full-wave simulations for an active RIS

Full size image

Independent of the simulation model, it becomes clear that the proposed RIS can be used to send information to a multitude of users simultaneously by changing the phase shift pattern and thus by generating sidelobes with a certain shape and deflection angle. Both simulation models deliver nearly the same deflection angles, but the impedance surface allows for a vastly decreased simulation time and also suffers from fewer artifacts that are typically caused by insufficient spatial resolution in the resource-consuming full-wave simulations of the detailed microstructured surface. The results of the simulations are also used in Sect. 4 to evaluate different impacts onto PhySec.

4 RIS-based physical layer security

The 6G wireless systems will be about intelligence delivery, implying the handling of huge amounts of (privacy-sensitive) information. Besides, 6G will have the capability to impact the physical world. Either one raises security concerns more seriously than ever before. But the task is complicated by numerous Reduced Capacity (RedCap) devices for example industrial sensor networks or Body Area Networks (BANs)—which are part of the networks-, unsuitable for conventional computationally intensive cryptography. Yet, for precisely those requirements Physical Layer Security scenarios offer a promising solution [19]. By utilizing inherently available information and influences, minimal additional overhead is required to still incorporate a sufficient level of security.

This Section first describes the current state of research on RIS-based PhySec, followed by the description of five specific use cases in which RISs can be deployed in terms of security. These are illustrated concisely in Fig. 6.

Fig. 6
figure 6

Security relevant RIS application scenarios

Full size image

4.1 Current work on RIS-based PhySec

RISs being a very active field of research. The applicability of metamaterials in particular, but also the possibilities of multi-antenna systems, have driven development in this area. Accordingly, there are approaches in the literature covering RISs in relation to individual PhySec scenarios.

Although the authors of these works are considering various scenarios such as wiretap channel models, linear antenna arrays as well as Multiple Input Single Output (MISO) and Multiple Input Multiple Output (MIMO) systems, the main application is the same: RIS enabled beamforming, anti-jamming and optimizing the secrecy rate. For instance Lu et al. propose a solution to minimize the signal leakage towards an eavesdropper and focus the reflecting beams towards legitimate users [20]. Furthermore, Chen et al. [21] describe how to optimize these beams by adjusting the reflecting coefficients. Feng et al. are also dealing with the optimization of the beams, in particular by optimizing the phase shifts of the reflected signals [22].

Due to the broadcast nature of wireless communication systems, they are inherently prone to interfering noise and jamming attacks. Lyu et al. are for instance considering the attacker’s point of view by highlighting how RISs can be applied as “green jammers” [23] in order to attack communication without the need of any internal energy. In contrast to that, Yu et al. propose to add RIS-assisted artificial noise to the system to actively jam eavesdroppers and attackers and only allow legitimate users to transmit signals [24].

The optimization of the secrecy rate in terms of entropy and capacity is another frequently discussed aspect. For instance, Chu et al. consider the power consumption of the system with respect to the secrecy rate by optimizing the transmit power and the reflected phase-shift [25]. Whereas Shen et al. are dealing with the secrecy rate maximization, also by adjusting the signals phase shifts [26]. Other than this, the work of Staat et al. [27] is dealing with RIS-enhanced SKG. Similar to the approach discussed below, they describe how RISs can contribute to the key generation by actively influencing the characteristics of the wireless channel.

Besides, there is work about PhySec RIS aided wireless communication systems by Cao et al. investigating the passive presence of an eavesdropper for IoT application [28]. A comprehensive survey on the RIS-assisted PhySec for future wireless communication is given by Almohamad et al. [29].

RIS-related PhySec in context of vehicular networks is examined by Makarfi et al. Thereby, they are considering two aspects, specifically Vehicular-to-Vehicular (V2V) communication and the adoption of a vehicular adhoc network (VANET) [30].

An overview about the usage of RIS in VLC at the transmitter to focus the information towards legitimate users is given by Aboagye et al. [31]. Similar to Radio Frequency (RF) as presented in [32] a VLC-RIS could be used for jamming to decrease the signal at the receiver.

But, in contrast to the literature mentioned, this work highlights in Sect. 4.2 five different use-cases of RISs with respect to Physical Layer Security. This is the first paper describing various use-cases including such as SKG by manipulation the channel characteristics and using the particular RIS-specific characteristics for authentication of the particular RIS.

4.2 Proposed RIS-based PhySec use-cases

Though some of the RIS use-cases have already been mentioned, all conceivable PhySec-relevant RIS applications are clearly described here. In addition to the beamforming possibilities mentioned, this also covers approaches to consciously and unconsciously add contextual information which can be used, for example, for the authentication of a RIS and actively manipulating the wireless channel and thus the SKG.

4.2.1 RIS-enabled beamforming and -splitting

A fundamental attribute of wireless systems is their broadcast characteristics. Electromagnetic waves are transmitted and propagated in different modes depending on the given antenna characteristics. Tighter beams up to pencil-sharp beamforming, as indicated in Fig. 6a, can change the properties of the radio channel from a pure broadcast medium to targeted communication. Thus, as shown in Fig. 6a, the targeted beams make it more difficult for an attacker to eavesdrop on content.

The working principle of the SKG is based, among other things, on the fact that an attacker is at a distance greater than \(\frac{\lambda }{2}\) from the transmitter/receiver, since in this range the channel characteristics are significantly different [19]. Therefore, PhySec can benefit from using massive antenna propagation to generate beams that are highly directional. By using RIS-enabled beamforming, the energy of the beam toward the legitimate user can be focused constructively while destructively suppressing the signal quality of the eavesdropper. Thereby, both are possible for beamforming and beamsplitting (Figs. 4 and 5).

4.2.2 RIS-based anti-jamming

The broadcast characteristics mentioned above render wireless systems vulnerable to jamming conscious or unconscious interference with other signals. Thereby different applications are conceivable: (i) RISs enabled targeted constructively and destructively superimposition (Fig. 6b) whereby the interference signals can be mitigated and the communication with the legitimate user supported; (ii) by phase-shifting the reflecting signal it can be ensured that only certain devices receive signals; (iii) by broadband and narrowband (depending on the specific scenario) attackers and eavesdroppers can be jammed to mitigate the information leakage. Furthermore, in combination with other technologies that come along with the development of 6G wireless systems, such as localization and sensing, the (anti)jamming capabilities can enable/disable selective communication.

4.2.3 RIS-enhanced channel profiles

The working principle of PhySec-SKG [19] is based on measuring the characteristics of the wireless channels, arising through scattering, reflections and diffraction of the electromagnetic waves (Fig. 6c). Thereby, different approaches use the Received Signal Strength Indicator (RSSI)/Reference Signal Received Power (RSRP), the Channel State Information (CSI) and the Channel Impulse Response (CIR).

RISs allow to actively influence and manipulate this channel behavior and thereby influence those metrics. By controlling the single RIS-cells one can influence the emitting characteristic which directly influences the channel entropy and thereby the quality of the derived SKG keys.

4.2.4 RIS-individual “Fingerprints”

As described in Sect. 2, RISs are man-made surfaces built of several semiconductors, each equipped with intrinsic manufacturing related physical characteristics. According to the same principle as Physically Unclonable Function (PUF) [33] the combination of many electrically individual semiconductors results in an individual component.

4.2.5 RIS-supported adding of context information

For the purpose of authenticating participants or legitimizing access, the use of context information is being increasingly relied upon. For instance, the plausibility of access from a specific device at a certain time is taken into account, which allows conclusions to be drawn about possible attacks.

If RISs inherently already have individual properties which give them unique fingerprints, it is further conceivable to add additional information, such as deliberately adding certain materials with desired properties to them. As already indicated, such a scenario can be advantageous if only legitimate communication with precise devices is to be allowed. Adding plausibility helps to prevent attackers from gaining access to systems.

4.3 A short introduction: combinating VLC and RIS

VLC is an alternative to RF because of the potential low-cost, high-performance solutions outside the interference spectrum of RF. In contrast to the latter, VLC has the intrinsic security advantage of the necessity of a Line of Sight (LoS) between the transmitter and a potential eavesdropper. Malicious users have to be in plain sight of the source and cannot hide behind walls and obstacles, and therefore are easier to detect. Kumar et al. propose the simultaneous use of VLC and RF technology based on the secrecy rate of the current link.

The LoS requirement is also a major factor regarding the applicability for legitimate users. Here the addition of RISs to create alternative virtual LoS paths tackles this fundamental requirement and simultaneously adds security through beamforming towards known legitimate users. In VLC there are two main types of RISs, Mirror arrays with individual steerable small mirrors and meta-surfaces, made out of graphene, ferrites, or liquid crystals, which allow the manipulation of the phase of an incident by applying external voltages [31]. In general, the exploration of the security potential of RIS in VLC is not far advanced yet and further research is required. Arfaouri et al. report for securing indoor VLC systems with no available CSI only two available PhySec schemes: Artificial noise transmission in the nullspace of the receiver and restricting the illuminated area to certain areas to reduce the danger of eavesdropping as specifications of the basic concepts of friendly jamming and beamforming [34, 35]. In summary, the goal of the mentioned PhySec techniques is always to maximize the difference in signal strength between the legitimate user and an eavesdropper. To solve this maximation problem, a corresponding algorithm to find the optimized direction of a mirror array RIS was proposed by Qian et al. [36].

5 Classification and discussion of the use-cases

As discussed in Sect. 4 and illustrated in Fig. 6, there are several scenarios where RISs contributes to the security of the networks. Among others, the following issues should be discussed: (i) how feasible are these scenarios; (ii) what is the cost/benefit ratio of an implementation; (iii) how secure are the corresponding proposals.

5.1 All that glitters is not gold

Although RISs is a frequently discussed and current field of research, the idea is by no means new. The wireless repeater, for instance, was invented back in 1899, and the relaying technology is supported since the Third Generation (3G) wireless systems. Nonetheless, the possibility of integrating (new) metamaterials, combined with application such as those presented, render it attractive.

Besides, the arguments offered by Bjonson et al. that RISs “can be implemented with reduced energy consumption and cost since the use of printed meta-materials requires no amplifiers” [37] may hold true, but the crucial part will be controlling the individual elements. Especially in terms of time, an adaptation in real time will still require some additional research. As further described by Bjornson et al. the efficiency of a reflected signal scales with the number of elements, but will always be inferior to known relay-based setups without the use of very large reflecting surfaces and hundreds of elements [37, 38]. Among the hundreds of elements, another aspect emerges the financial one. A RIS composed of hundreds of individual PIN diodes can become expensive quite fast, especially if whole house facades are to be equipped with RIS (as planned sometimes).

Moreover, most of the current RIS ideas are theoretical constructs—although the idea is already a very old one, which is however only revived by the 6G development-, an implementation into test/real operation is still pending.

It is evident, certain methodologies delineated herein are not directly or exclusively applicable to RIS. Specifically, the concept of beamforming or beam-splitting is contingent on the antenna characteristics, which influences the resulting beams. Narrower beams inherently increase the difficulty of intercepting legitimate communication. Nonetheless, RIS offers potential advantages in terms of energy efficiency, necessitating the attacker to be in closer proximity to the passive elements rather than the broadcasting channel. In addition, as described by Molero et al., metamaterials open up new possibilities in terms of beamforming/-splitting [39].

5.2 The attacker’s point of view

On the flip side of the coin, if one can actively influence and manipulate channel characteristics with a RIS, the same applies to attackers. It is considered that attackers use RISs to manipulate the channel and derive legitimate SKG keys. For instance, Staat et al. describe such a “wireless environment reconfiguration attack” [32] as a RIS-based jamming attack. Besides, the beamforming/-steering capabilities can be used for jamming attacks as well.

However, a conceivable countermeasure is available in the other use cases mentioned, if each RISs inherently possesses a fingerprint, and on the other hand it is conceivable to influence this fingerprint by deliberate injection of materials, then there may be lists/databases of legitimate RISs and compromise can be prevented. Moreover, the (RIS-based) PhySec is not the only security feature, it should be perceived as a lightweight addition and combination with existing mechanisms.

6 Conclusion and outlook

The development of the Sixth Generation wireless systems, with handling huge amounts of (privacy-sensitive) data, focuses particularly on the security of the networks. This work discusses how one of the promising 6G technologies, Reconfigurable Intelligent Surface, will contribute to security improvement. Therefore, five concrete use-cases are described: RIS-enabled beamforming and -splitting, RIS-based anti jamming, RIS manipulated channel profiles, RIS individual Fingerprints and RIS-supported adding of context information.

First simulations yield good results for beamforming, as well as for actively influencing the channel properties. The use of an effective impedance surface model reduced the simulation time by at least an order of magnitude, while at the same time being less susceptible for errors caused by the given spatial resolution of the simulation. Besides, the results from the field of PUFs indicate that RIS-fingerprinting will also yield promising results.

In addition, to the highlights of possible approaches. The next step is to physically implement RIS elements to confirm with corresponding results. In the first step, the PIN-diode based RIS elements are realized for this purpose, while in a second implementation, different metamaterials are considered. The experimental setups are intended to confirm the functionality of the use cases described here. In particular, the RIS-based fingerprinting and context information are of special interest.