5G indoor positioning faces severe security threats from location spoofing and adversarial signal manipulation. Method: This paper proposes a robust localization architecture integrating physical-layer domain knowledge with deep learning. It jointly models multi-anchor channel impulse response (CIR) fingerprints, time-difference-of-arrival (TDoA) features, and anchor geometric constraints. We introduce a novel CNN–multi-head attention coupling network to dynamically model geometric consistency and suppress anomalous signals. Furthermore, we formally define an adversarial threat model for 5G positioning—enabling graceful degradation under attack. Contribution/Results: Experiments show a mean localization error of 0.58 m under benign conditions, rising only to 0.81 m under attack—a 4–5× improvement over baselines. Single-shot inference takes just 1 ms on CPU. The implementation is open-source, and all results are fully reproducible.

Emerging 5G millimeter-wave and sub-6 GHz networks enable high-accuracy indoor localization, but security and privacy vulnerabilities pose serious challenges. In this paper, we identify and address threats including location spoofing and adversarial signal manipulation against 5G-based indoor localization. We formalize a threat model encompassing attackers who inject forged radio signals or perturb channel measurements to mislead the localization system. To defend against these threats, we propose an adversary-resilient localization architecture that combines deep learning fingerprinting with physical domain knowledge. Our approach integrates multi-anchor Channel Impulse Response (CIR) fingerprints with Time Difference of Arrival (TDoA) features and known anchor positions in a hybrid Convolutional Neural Network (CNN) and multi-head attention network. This design inherently checks geometric consistency and dynamically down-weights anomalous signals, making localization robust to tampering. We formulate the secure localization problem and demonstrate, through extensive experiments on a public 5G indoor dataset, that the proposed system achieves a mean error approximately 0.58 m under mixed Line-of-Sight (LOS) and Non-Line-of-Sight (NLOS) trajectories in benign conditions and gracefully degrades to around 0.81 m under attack scenarios. We also show via ablation studies that each architecture component (attention mechanism, TDoA, etc.) is critical for both accuracy and resilience, reducing errors by 4-5 times compared to baselines. In addition, our system runs in real-time, localizing the user in just 1 ms on a simple CPU. The code has been released to ensure reproducibility (https://github.com/sec5gloc/Sec5GLoc).