The vision for 6G extends beyond mere communication, incorporating sensing capabilities to facilitate a diverse array of novel applications and services. However, the advent of joint communication and sensing (JCAS) technology introduces concerns regarding the handling of sensitive personally identifiable information (PII) pertaining to individuals and objects, along with external third-party data and disclosure. Consequently, JCAS-based applications are susceptible to privacy breaches, including location tracking, identity disclosure, profiling, and misuse of sensor data, raising significant implications under the European Union's General Data Protection Regulation (GDPR) as well as other applicable standards. This paper critically examines emergent JCAS architectures and underscores the necessity for network functions to enable privacy-specific features in the 6G systems. We propose an enhanced JCAS architecture with additional network functions and interfaces, facilitating the management of sensing policies, consent information, and transparency guidelines, alongside the integration of sensing-specific functions and storage for sensing processing sessions. Furthermore, we conduct a comprehensive threat analysis for all interfaces, employing security threat model STRIDE and privacy threat model LINDDUN. We also summarise the identified threats using standard Common Weakness Enumerations (CWEs). Finally, we suggest the security and privacy controls as the mitigating strategies to counter the identified threats stemming from the JCAS architecture.

翻译：6G愿景超越单纯通信范畴，引入感知能力以支持多样化的新型应用与服务。然而，通信与感知融合（JCAS）技术的出现引发了对敏感个人可识别信息（PII）处理、外部第三方数据及信息披露等隐私问题的担忧。基于JCAS的应用易遭受位置追踪、身份泄露、画像分析及传感器数据滥用等隐私侵害，对欧盟《通用数据保护条例》（GDPR）及其他适用标准提出重大挑战。本文严格审视新兴JCAS架构，强调6G系统中需部署网络功能以实现隐私特性。我们提出增强型JCAS架构，通过新增网络功能与接口，支持感知策略管理、知情同意管理、透明度准则执行，并集成感知专用功能及感知处理会话存储模块。同时，运用安全威胁模型STRIDE与隐私威胁模型LINDDUN对所有接口进行系统性威胁分析，并采用通用弱点枚举（CWE）标准归纳已识别威胁。最后，针对JCAS架构引发的威胁，提出安全与隐私控制对策作为缓解策略。