A Review of Zero Trust Security Research in Industrial Internet of Things

With the growing security threats faced by the Industrial Internet of Things (IIoT), traditional perimeter-based security models can no longer address the increasingly complex demands. Zero trust, as an emerging security model, is based on the core principle of "never trust, always verify" and has gained significant attention. However, the research and application of zero trust in IIoT are still in their early stages, requiring more comprehensive and systematic exploration. This paper provides a systematic review of recent developments and applications of zero trust in the industrial sector, filling gaps in current research. Firstly, it introduces the basic concepts and principles of industrial zero trust, establishing a theoretical foundation for subsequent discussions. Then, it describes the migration and evaluation of industrial zero trust architecture, systematically summarizing key technologies, including identity authentication, software-defined perimeter, micro-segmentation, secure communication channels, and trust evaluation. These technologies collectively form the core support of industrial zero trust. Next, the critical role of access control in zero trust is discussed, emphasizing its value for fine-grained permission management. Following this, the application of zero trust in typical IIoT scenarios, such as industrial control systems, ubiquitous electric IoT, and vehicular IoT, is analyzed, demonstrating its adaptability and advantages. Finally, the existing challenges and future development directions of industrial zero trust are analyzed.