Utz Roedig

Onur Günlü, Stefano Tomasin, João P. Vilela et al.

Integrated sensing and communication (ISAC) is a promising feature of future communication networks. While spatial sensing can improve network performance and enable external services, it also creates privacy challenges that go beyond the confidentiality of communication content. Future networks using millimeter-wave (mmWave) and sub-terahertz (THz) frequencies may collect or infer detailed information about people, devices, bystanders, passive objects, and environments in a sixth-generation (6G) deployment area. Such sensing can reveal location and environment data, support behavioral profiling such as movement or activity recognition, and, in advanced cases, expose physiological information such as breathing frequency or heart-rate-related data. Thus, the capabilities of spatial sensing must be controlled to satisfy privacy requirements. In this work, we organize privacy-sensitive ISAC data into three sensing levels: location and environment data, behavioral data, and physiological data, and use this classification as the organizing principle throughout the paper. Based on this classification, we discuss internal and external ISAC applications, identify privacy challenges related to consent, transparency, data ownership, profiling, bystander exposure, and sensitive sensing data, review representative solution directions, and outline future research directions for privacy-preserving ISAC.

Samuel Punch, Krishnendu Guha, Utz Roedig

Quantum circuit cutting enables near-term quantum devices to execute workloads exceeding their qubit capacity by decomposing circuits into independently runnable fragments. While this extends computational reach, it creates a previously unexplored confidentiality surface: the fragment-level execution transcript observable by a semi-honest cloud provider. We formalise this surface and demonstrate that post-cut transcripts constitute a practical metadata side channel. Operating solely on provider-visible compiled circuit metadata (fragment width, depth, and two-qubit gate count), we evaluate a structured inference attack across six classification objectives spanning algorithm identity, cut mechanism, and coarse Hamiltonian structure. Our corpus comprises 1,200 circuit fragments across eight algorithm families transpiled against three hardware topologies, validated on a 156-qubit production quantum computer confirming that QPU execution time remains invariant across a 25x variation in compiled depth. Under strict instance-disjoint generalisation, our attack recovers algorithm family with 0.960 accuracy (AUC 0.999), cut mechanism with 0.847 accuracy (AUC 0.924), and Hamiltonian k-locality with 0.960 accuracy (AUC 0.998). Connectivity and geometry inference achieve AUC of 0.986 and 0.942 with strong stability under size-holdout. Topology inference remains above chance (AUC 0.666). A matched-footprint control and ablation study confirm leakage is structure-dominated and not explained by scale artefacts. These results demonstrate that circuit cutting is not confidentiality-neutral and that metadata leakage should be treated as a first-class security concern in quantum cloud systems.

Arash Shahmansoori, Utz Roedig

Voice assistants overhear conversations and a consent management mechanism is required. Consent management can be implemented using speaker recognition. Users that do not give consent enrol their voice and all their further recordings are discarded. Building speaker recognition-based consent management is challenging as dynamic registration, removal, and re-registration of speakers must be efficiently handled. This work proposes a consent management system addressing the aforementioned challenges. A contrastive based training is applied to learn the underlying speaker equivariance inductive bias. The contrastive features for buckets of speakers are trained a few steps into each iteration and act as replay buffers. These features are progressively selected using a multi-strided random sampler for classification. Moreover, new methods for dynamic registration using a portion of old utterances, removal, and re-registration of speakers are proposed. The results verify memory efficiency and dynamic capabilities of the proposed methods and outperform the existing approach from the literature.

Mohamed Seliem, Utz Roedig, Cormac Sreenan et al.

The integration of 5G with IEEE 802.1 Time-Sensitive Networking (TSN) is essential for enabling flexible and mobile deterministic communication in industrial automation. The 3GPP Release 16 specification defines a bridge architecture where the 5G system operates as a transparent TSN bridge, incorporating Network-side and Device-side TSN Translators (NW-TT, DS-TT), a TSN Application Function, and QoS mapping between TSN Priority Code Points and 5G QoS Flow Identifiers. However, existing simulation frameworks model only subsets of this architecture, either QoS mapping without time synchronization, or time synchronization without data plane traffic, and none implements the complete QoS pipeline through the 3GPP SDAP layer with per-flow Data Radio Bearer selection. We present nascTime[20], an open simulation framework built on OMNeT 6.3, INET 4.6, and Simu5G that implements the complete 3GPP Release 16 5G-TSN bridge model. The framework provides end-to-end QoS mapping from TSN PCP through to 5G QFI via the SDAP/DRB pipeline, IEEE 802.1AS transparent clock behavior with measured residence time correction through L2-in-GTP-U gPTP transport, and multi-endpoint scaling with bidirectional traffic. The bridge ports integrate with INET's LayeredEthernetInterface and streaming PHY for compatibility with TSN features including Time-Aware Shaping and frame preemption. We validate nascTime with a three-endpoint factory scenario demonstrating near-perfect packet delivery across two traffic classes, correct gPTP synchronization with residence time correction, and zero packet loss. nascTime is the first simulation framework to model the full 5G-TSN bridge data path with SDAP-based QoS differentiation and measured IEEE 802.1AS transparent clock behavior in a multi-endpoint topology.

Peng Cheng, Ibrahim Ethem Bagci, Utz Roedig et al.

We report the first active acoustic side-channel attack. Speakers are used to emit human inaudible acoustic signals and the echo is recorded via microphones, turning the acoustic system of a smart phone into a sonar system. The echo signal can be used to profile user interaction with the device. For example, a victim's finger movements can be inferred to steal Android phone unlock patterns. In our empirical study, the number of candidate unlock patterns that an attacker must try to authenticate herself to a Samsung S4 Android phone can be reduced by up to 70% using this novel acoustic side-channel. Our approach can be easily applied to other application scenarios and device types. Overall, our work highlights a new family of security threats.