Abstract:
The industrial Internet of things (IIoT) faces increasingly severe security threats, and traditional perimeter-based security models are no longer adequate to address evolving and complex demands. Zero trust, an emerging security model centered on the core principle of “never trust, always verify,” has gradually gained attention. However, the research and application of zero trust in the IIoT domain are still in their early stages, necessitating more comprehensive and systematic exploration. We provide a systematic review of the development and applications of zero trust in the industrial sector, with a focus on analyzing its core technologies and practical scenarios while identifying current research trends and future directions. We introduce the basic concepts and principles of industrial zero trust, establishing a theoretical foundation for subsequent discussions. We then systematically outline the migration strategies and evaluation methods for industrial zero trust architectures and summarize key technologies, including authentication, software-defined perimeters, micro-segmentation, secure communication channels, and trust evaluation, collectively forming the core supporting framework of industrial zero trust. Furthermore, we delve into the critical role of access control within the zero trust model and its value in fine-grained permission management. By examining typical IIoT application scenarios, we further explore the practical advantages of zero trust in complex environments. Finally, we identify existing challenges in industrial zero trust and discuss potential future development directions.