survey

Open access

Industrial Internet of Things Ecosystems Security and Digital Forensics: Achievements, Open Challenges, and Future Directions

Authors:

Victor R. Kebande,

Ali Ismail AwadAuthors Info & Claims

ACM Computing Surveys, Volume 56, Issue 5

Article No.: 131, Pages 1 - 37

https://doi.org/10.1145/3635030

Published: 12 January 2024 Publication History

PDF eReader

Abstract

The Industrial Internet of Things (IIoT) has been positioned as a key pillar of the Industry 4.0 revolution, which is projected to continue accelerating and realizing digital transformations. The IIoT is becoming indispensable, providing the means through which modern communication is conducted across industries and offering improved efficiency, scalability, and robustness. However, the structural and dynamic complexity introduced by the continuous integration of the IIoT has widened the scope for cyber-threats, as the processes and data generated by this integration are susceptible and vulnerable to attacks. This article presents an in-depth analysis of the state-of-the-art in the IIoT ecosystem from security and digital forensics perspectives. The dimensions of this study are twofold: first, we present an overview of the cutting-edge security of IIoT ecosystems, and second, we survey the literature on digital forensics. The key achievements, open challenges, and future directions are identified in each case. The challenges and directions for future studies that we identify will provide important guidance for cybersecurity researchers and practitioners.

1 Introduction

For the past decade, the Internet of Things (IoT) has been embraced as a futuristic concept with a diverse focus cutting across numerous domains of information and communication technology (ICT) [1]. This trend has always been characterized as both a disruptive technology and a major player in the provision of effective services and communication. Indeed, the influence of the IoT has been felt across many application domains [2]. The emergence of Industry 4.0, with its focus on automation and manufacturing technologies, has acted as an enabler of cyber-physical systems (CPS) and the IoT [3, 4]. The major sectors that have benefited as a result of IoT proliferation include transport systems, healthcare, home automation systems, smart cities, and autonomous vehicles [5]. Industry 4.0 has the potential to optimize logistics, automation of equipment, smart manufacturing techniques, the IoT, and cloud systems. Additionally, while the number of IoT devices in use has increased, a more pertinent issue is the integration with CPS, as supported by various vendors and providers of IoT-based platforms. This has led to the development of IoT-based ecosystems that are mainly composed of “things” and service providers who ensure interoperability across IoT-based environments [6].

Leveraging the IoT to realize industrial tasks centered on Industry 4.0 goals such as smart transportation, smart manufacturing, smart energy management, service, and automation, constitutes the Industrial IoT (IIoT). In this context, the domain of the IIoT ranges from machine-to-machine (M2M) applications to the dynamics of industrial communication [7, 8]. Notably, the relevance of exploring IIoT ecosystems and their constituents is intended to propel Industry 4.0 objectives by operationalizing technology across diverse information technology domains [7]. The ultimate goal is for devices to become pervasive, as the majority of IoT-based devices possess powerful computing capabilities.

IIoT ecosystems play a significant role in collaborative communication as a means of achieving the desired Industry 4.0 objectives. For example, IIoT ecosystems have a consistent need for reliable application-centric processes as far as digital connectivity and data decisions are concerned. This is because the realization of day-to-day Industry 4.0 strategies requires a more secure and resilient approach during inter-process communication. It should be noted that IIoT ecosystems have also led to the diffusion of heterogeneous environments over which massive data and applications are exchanged on a daily basis, with little regard to safety and other ramifications.

While the IIoT spectrum has seen significant diversification through the emergence of prolific ecosystems, it is worth noting that critical aspects such as emerging configurations, applications, and resource migration have not been able to match the ever-changing IoT landscape. Regardless, to ensure the security of IIoT ecosystems, it is vital to enforce continuous, effective, and secure communication, given that both the IIoT and Industry 4.0 have the objectives of robustness, scalability, and security. Consequently, the current IIoT requirements and technological advances geared toward realizing Industry 4.0 goals have created the need to enforce secure communication and post-incident response strategies as a means of achieving secure, efficient, and reliable industrial processes. Sengupta, Ruj, and Bit [9] identified several security limitations that are still yet to be overcome. While there is a large body of literature focused on the IIoT as a whole, our study is entirely focused on the security and digital forensics aspects of the IIoT, which in our view pose serious research challenges. The IIoT is a novel and still emerging phenomenon, and given the structural and dynamic complexity involved in the integration of IIoT systems, there exist many unknown vulnerabilities and attacks, and there is a limited range of digital forensic processes, methodologies, and tools that can be used to address attribution problems in digitized IIoT ecosystems. The uniqueness of the present survey lies in its integrated consideration of both security and digital forensics.

1.1 Motivation and Research Gaps

With the growing number of devices and enhanced connectivity, there is a need for effective and secure control and management systems. In this regard, the interplay between operational technology (OT) and information technology (IT) is necessitated by the need for effective and secure communication and control techniques. As a result, the tenets of Industry 4.0 have led to the development of several trends in automation technologies for manufacturing industries, which have further enabled the integration of the IoT, IIoT, and CPS across cyberspace [3, 4]. These technologies, however, face a number of complexities associated with dynamic ecosystems [10], emergent behaviors, industrial systems, security challenges [7, 11], and reactive and proactive digital forensic challenges in the IIoT [12, 13]. Such complexities, which in the context of this study represent obstacles that hinder the achievement of system targets [14], lead to the possible emergence of vulnerable points in IIoT ecosystems. These vulnerabilities further exacerbate the perennial and diverse security and digital forensics challenges introduced by the proliferation and integration of automation technologies.

1.2 Contributions

Various previous studies have considered the IIoT and security [15, 16, 17, 18, 19, 20, 21, 22, 23], but at present, no significant research results are available that provide guidance on how to evaluate the security and digital forensics ramifications of the interplay between OT and IT associated with the proliferation of the IIoT. To address these challenges, this article presents a comprehensive review of security and digital forensics in IIoT ecosystems. The main contributions of this article can be summarized as follows:

–

First, this study provides an in-depth analysis of relevant research on IIoT ecosystems from the perspectives of security and digital forensics. We identify and address pertinent research limitations in IIoT ecosystems by highlighting the relevant security requirements, weaknesses in the IIoT, and the present state of protocols, architectures, and standards, as well as proposing ways to strengthen these technologies.

–

From a holistic viewpoint, this study illustrates the key IIoT security achievements with the actualization of Industry 4.0. In particular, we explore key management strategies, edge and fog security, and the essence of the blockchain.

–

While this study has a strong emphasis on the realization of the IIoT and its impact, we also explore state-of-the-art studies in IIoT forensics and identify several key challenges.

–

We explore open problems in security and digital forensics and discuss possible high-level solutions. Finally, we provide a contextual evaluation of this study and identify avenues for future work.

The remainder of this article is structured as follows: Section 2 provides an overview, describing the scope of the present study, as well as related work with regard to the IIoT. This is followed by an explanation of IIoT ecosystems in Section 3. An overview of IIoT security, including security requirements, security weaknesses, and security standards, is presented in Section 4. Cutting-edge research results on the security of the IIoT are reported in Section 5. This is followed by a presentation of state-of-the-art investigations in IIoT forensics in Section 6. Open challenges are discussed in Section 7. Finally, future directions and conclusions are summarized in Sections 8 and 9, respectively. An overview of the entire article in terms of sections, subsections, and main concepts is shown in Figure 1.

Fig. 1.

2 Scope and Related Work

The scope of this study is determined by the assumption that the amalgamation of IoT-based techniques with industrial processes represents the realization of a smart manufacturing concept, herein referred to as Industry 4.0. Within the context of Industry 4.0, connected devices and processes are automated in a fashion that enables them to realize quick and efficient production. Although the concepts of the IoT, the IIoT, and Industry 4.0 may not be used interchangeably [7], we explore relevant studies in all three areas, with the aim of identifying gaps that exist in research on the security and digital forensics of IIoT ecosystems. Table 1 summarizes previous surveys of security and digital forensics relevant to the IoT, the IIoT, and Industry 4.0 [15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28]. Note that the current study mainly considers the IoT and IIoT; however, where necessary, Industry 4.0 is referenced. The uniqueness of this research stems from the fact that it explores security achievements, the need for application-specific standards, IIoT-enabling technologies, and proactive and reactive digital forensic models that are tailored to post-event response strategies in IIoT ecosystems.

Table 1.

REF	Year	IoT	IIoT	Security	Digital forensics	Focus
[24]	2021	\(\checkmark\)	\(\checkmark\)	\(\times\)	\(\times\)	Attacks exploiting hardware vulnerabilities and deep learning detection approaches in the IIoT
[15]	2021	\(\checkmark\)	\(\checkmark\)	\(\times\)	\(\times\)	Characterizes CPS architectures and models in an industrial environment
[12]	2021	\(\times\)	\(\checkmark\)	\(\checkmark\)	\(\checkmark\)	Emphasizes the need for IIoT forensics
[16]	2020	\(\checkmark\)	\(\checkmark\)	\(\checkmark\)	\(\times\)	Explores current challenges and searches for the future IoT
[17]	2020	\(\checkmark\)	\(\checkmark\)	\(\checkmark\)	\(\times\)	Studies how fog computing can be leveraged to improve the security of IIoT
[25]	2020	\(\checkmark\)	\(\times\)	\(\checkmark\)	\(\times\)	Explores relevant technologies essential for the growth of Industry 4.0
[26]	2020	\(\checkmark\)	\(\times\)	\(\checkmark\)	\(\times\)	Investigates existing tools and techniques for modeling attacks on the IoT and their key limitations
[18]	2019	\(\checkmark\)	\(\checkmark\)	\(\times\)	\(\times\)	Evaluates the current state of the IIoT.
[27]	2019	\(\checkmark\)	\(\checkmark\)	\(\times\)	\(\times\)	Industry 4.0 as a turning point for smart manufacturing and a defeat for centralized applications
[19]	2018	\(\checkmark\)	\(\checkmark\)	\(\times\)	\(\times\)	Explores the IIoT, cloud, and edge from the CPS perspective
[20]	2018	\(\checkmark\)	\(\checkmark\)	\(\times\)	\(\times\)	Highlights intrusion and attacks on the IIoT and generates a comparative analysis
[21]	2018	\(\checkmark\)	\(\checkmark\)	\(\times\)	\(\times\)	Focuses on the importance of edge and fog frameworks in supporting automation
[22]	2018	\(\times\)	\(\checkmark\)	\(\times\)	\(\times\)	Provides insights on the IIoT based on analyzed data
[28]	2018	\(\checkmark\)	\(\checkmark\)	\(\checkmark\)	\(\times\)	Presents an analytical framework to enumerate and characterize the IIoT and analyze security threats and vulnerabilities
[23]	2015	\(\checkmark\)	\(\checkmark\)	\(\checkmark\)	\(\times\)	Explores security issues and suggests a holistic security framework for the IIoT

Table 1. Previous Relevant Review Articles from the Period 2015–2021

Boyes et al. [28] highlighted the relevance of the IIoT and associated relationships and concepts, such as CPS and Industry 4.0. They also presented a framework for analyzing the IIoT and an IoT-based taxonomy for enumerating and characterizing the IIoT while exploring security threats, vulnerabilities, and system architectures. As noted by Oztemel and Gursev [25], Industry 4.0 is part of the smart networked environment and an enabler of real-time CPS. It is also responsible for the management of complex systems, where safety and security are key to successful implementation. It has been shown that Industry 4.0 has a disruptive impact on companies, where it is seen as a threat to the security of conventional centralized technologies [24]. Other research with a focus on IoT/IIoT has illustrated the effects of various types of attacks, such as software attacks that exploit hardware vulnerabilities in IIoT. While such studies have explored malicious attack vectors in the IoT/IIoT, reactive forensics techniques have received little attention. Existing attack models and architectures have been comprehensively examined [26] alongside further assessment of the challenges related to secure application design in the IoT. While this research has identified essential approaches in the IIoT, post-incident response strategies have not been considered, although secure strategies that can be adopted have been listed as key aspects. In identifying the challenges and opportunities facing the development of a secure IIoT, the component lifespan and number of devices needed for deployment, configuration, and management of the IoT and IIoT, as well as IT/OT and human-centered factors that affect the IIoT, have been investigated in detail [29]. This research has suggested the IIoT is at greater risk of attack compared with the consumer IoT. In addition, the challenges in supervisory control and data acquisition (SCADA) forensics have been highlighted as a lack of forensic models and tools, a lack of live forensics, volatility in memory, limited logging, and challenges associated with current forensic tools [30]. In our opinion, these shortcomings exacerbate the security and forensic challenges addressed in this survey.

This article presents a comprehensive review of state-of-the-art studies on the IIoT from the perspective of security and digital forensics. Table 1 lists previous relevant review articles, indicating the scope and main focus of each one. The ultimate aim of the present study is to address the essential aspects of secure communication and post-event response strategies in IIoT ecosystems while highlighting the remaining challenges according to the layered architecture in Figure 2. The scope and focus of previous studies, as shown in Table 1, illustrate the intricacies that determine the success or failure of an IIoT ecosystem. From a security perspective, the present review focuses explicitly on the intrinsic existence, resilience, and robustness of IIoT ecosystems. It should also be noted here that the variations in the scope of previous studies demonstrate the propensity for inconsistencies in the definition of IIoT ecosystems.

Fig. 2.

Overall, previous studies have not comprehensively considered digital forensics in the context of the IIoT, owing to the limitations of the standard methodologies and tools for conducting digital investigations on the IIoT. As a consequence, there remain longstanding security and digital forensics challenges, which are being exacerbated by digital proliferation and integration (see Table 1). This study differs from previous work in its extensive exploration of both proactive and reactive approaches in IIoT ecosystems. Notably, it provides an extended scope that, through contextualized descriptions, is able to show the impact of fusing specific emergent technologies.

3 IIoT Ecosystems

The context of the IIoT, although dynamic, is based on the interrelationship of components and communication, and the diversification, proliferation, and interoperability mechanisms of the constituent parts. There are different views of what constitutes an IIoT ecosystem. We consider an IIoT ecosystem to be a fusion of technologies that utilizes process automation approaches to achieve efficient manufacturing strategies [31]. Through a coordinated approach, IIoT tasks incorporate network augmentation, IoT-based applications, and CPS to enhance convenience, efficiency, and personalization of tasks [32, 33]. Figure 2 shows the layered architecture of the IIoT, including potentially vulnerable layers. For example, the perception layer is vulnerable to node capture attacks, timing attacks, eavesdropping, encryption, and key agreement. The network layer is vulnerable to integrity, confidentiality, and availability attacks. The control layer, however, is tasked with controlling the physical systems and processes in the industrial environment. It consists of control algorithms, industrial equipment management, SCADA systems, distributed control systems (DCS), programmable logic controllers (PLCs), human-machine interface (HCI), and maintenance actions. The control layer can be vulnerable to active adversarial attacks in control algorithms [34, 35], infrastructure attacks [36], and integrity attacks, while the application layer has vulnerabilities based on cloud security and encryption strategies [37]. It is worth noting that security vulnerabilities span more layers of other IIoT architectures. For instance, in the IIoT five-layer architecture, the key agreement strategies introduce vulnerabilities in the business layer [20]. This study focuses on the vulnerabilities introduced in the basic three-layer IIoT architecture.

The fusion of IoT processes with industrial processes supports the digital ubiquity and automation of advanced robotic techniques, edge computing, smart industries, the application of machine learning technologies, and the leveraging of CPS and IoT-based techniques. These trends are intended to digitize and propel the Industry 4.0 transformation. In the context of this article, Industry 4.0 is taken as an already-realized revolutionary industrial technology that relies on digital technology to achieve its objectives (e.g., real-time access to data of CPS, the IoT, and the IIoT), while Industry 4.0 transformation is taken to depict an umbrella revolution with continuously emerging technologies and concepts that allow key objectives to be realized. The overarching objective is to guarantee process automation and data exchange across manufacturing systems with the support of technologies such as artificial intelligence (AI), cognitive processing, and cloud computing [31]. While IIoT and M2M applications are envisioned as the enablers of Industry 4.0 [38], the IIoT ecosystem requires the backing of fused technologies for smart industries or Industry 4.0 for its full realization.

According to Schmid et al. [39] and Broring et al. [40], an ecosystem is a cross-platform, cross-standard, and cross-domain entity that provisions IIoT services and applications. By contrast, Mazhelis, Luoma, and Warma [41] see it as the interconnection of a global network with a service infrastructure that has a self-configuration capability over interoperable protocols with a number of roles [42]. Similarly, Westerlund, Leminen, and Rajahonka [43] view an IIoT ecosystem as having techno-economic as well as human-centric aspects that play a significant role in determining what things do within a connected environment [43]. Delicato et al. [44] perceive an ecosystem to be able to integrate heterogeneity to realize real-time data collection and control mechanisms with the visualization, processing, and storage of data. It is thus evident that an ecosystem is dependent on resources, technologies, platforms, standards, and processes. Madaan, Ahad, and Sastry [45] suggest that for an IoT ecosystem, such as a smart home, the acquired data that are aggregated to guarantee quality of service are of critical importance [46, 47].

Consequently, an IIoT ecosystem’s objective is centered on optimizing production processes through monitoring and analysis while targeting effective outcomes [45]. From the perspective of processing, this is a reflection of how future supply chains will operate as a result of the integration of information systems with operational processes in factories [48]. Other pertinent existing research illustrates that IIoT ecosystems co-exist with smart technologies, where a pool of network devices collaborate to extract and share digital data with the ultimate goal of boosting production [49]. On a similar note, the need for a dynamically digitized IIoT ecosystem has been highlighted by Skwarek [50], in which the digitization of industrial processes is subsumed into smart entities for the purpose of creating a highly dynamic reconfiguration of production processes.

The core foundation on which IIoT ecosystems thrive has been attributed to CPS. This is mainly due to the capability of CPS to monitor and control physical processes, which ultimately forms the basis for smart factories [23]. The relevance of this is that smart factories can dynamically arrange and optimize processes while processing the generated data [51, 52]. Mazhelis, Luoma, and Warma [41] portrayed an ecosystem as a hub-centered structure created on an IoT-based setup, which can also be viewed as a business ecosystem [53, 54]. This forms part of what constitutes the day-to-day use of the IoT and its application as services to be provisioned. For example, the movement of data and normal services can easily be strengthened and trust increased by leveraging the blockchain [55, 56]. Other uses include software-defined networks (SDNs) [57], event management for IIoT ecosystems [53], digital construction to transform expectations with the emergence of Industry 4.0 [58], and crowd-sensing techniques for enhancing data processes and agility [59].

3.1 IIoT versus IoT

The IIoT and the IoT are distinct concepts that also share some similarities. They are based on similar principles of connecting diverse devices to the Internet, but they differ in scope of application and purpose. The IIoT, which can be seen as a subset of IoT, employs sophisticated devices equipped with sensors and processors that have connectivity capabilities that allow them to collect, analyze [68], optimize, and act on data [63] in real-time in the industrial sector, with the aim of improving efficiency in production. However, the IoT is a network of interconnected devices that can communicate using the Internet to gather, analyze, and share data, and that are mainly consumer products. Although the IoT utilizes sensors and other embedded technologies to collect and exchange data over the Internet, IIoT systems are able to integrate a variety of sensors and actuators with sophisticated software to monitor and control production processes [60].

Table 2 summarizes the technical differences between the IIoT and the IoT system in terms of a number of parameters: focus, communication, scale, amount of data [63], security perspectives, standards and protocols that are leveraged, areas of application, connectivity, differences in devices, and quality of service [46, 47]. The main focus of the IIoT is on connecting and integrating industrial devices to optimize industrial processes, and it uses wired and wireless networks, low latency networks, WiFi, Bluetooth, and Ethernet to provide reliable and real-time communication. It is deployed on a larger scale than the IoT, with thousands of devices in industrial settings, and it generates and uses large amounts of data to optimize industrial processes. The latency tolerance is higher for IoT devices basically due to the limitation in bandwidth and other resources. This makes real-time response unrealistic, hence making IoT devices able to tolerate delay during transmission. However, IIoT systems generally require low-latency owing to the fact they are used in real-time process control and monitoring. In addition, to allow smooth and efficient operations, industrial processes and equipment rely on low latency data transmission [69, 70].

Table 2.

Parameter	Industrial Internet of Things (IIoT)	Internet of Things (IoT)	Related research
Focus	Connects and integrates industrial devices (manufacturing, logistics, etc.)	Connects everyday devices and appliances (smart home, wearables, etc.)	[60]
Communication	Uses wired and wireless networks, low latency, WiFi, Bluetooth, Ethernet	Uses WLAN with lower reliability, high latency, cellular networks, WiFi, Bluetooth	[61]
Scale	Large scale, thousands of devices in an industrial setting	Small scale	[62]
Data	Large amounts used to optimize industrial processes	Relatively small amount collected for personal use (fitness tracking, home automation, etc.)	[63]
Security	Higher levels, protects critical industry infrastructure	Relatively low, protects personal information and unauthorized access to devices	[23, 64]
Standards/Protocols	Protocols such as OPC UA, MQTT, and COAP meet industrial requirements	Wider variety, such as HTTP, TCP/IP, Zigbee, Z-Wave, and LoRaWAN, are used in variety of applications	[65]
Applications	Predictive maintenance, manufacturing, process optimization, energy, transport, etc.	Consumer, personal, and commercial settings	[66]
Connectivity	Specialized, high-bandwidth, real-time monitoring of ICS	Variety of low-power, low-bandwidth wireless connectivity	[61]
Devices	Rugged and designed for industrial environments, e.g., industrial sensors, actuators, and controllers	Designed for consumers, found in homes, cars, smartphones, and public spaces	[67]
Quality of service	Reliability and real-time delivery	Based on best-effort delivery	[46, 47]
Reliability	Important, but not a primary concern	High reliability is critical for safety and productivity	[46, 47]

Table 2. Comparison between IIoT and IoT

Security is a key parameter that reveals the similarities and differences between the IIoT and IoT. Given that the IIoT operates within industrial environments such as oil and gas refineries, power plants, and water supplies, high device security is necessary to protect critical infrastructure [23, 64]. Security is also essential in consumer-based devices, and both the IIoT and IoT may be subject to regulatory compliance, which means that security measures need to be increased.

IIoT systems often need to operate in manufacturing plants with data being collected and processed in a near real-time manner with minimal latency, and it is essential that delays in these processes be prevented to avoid disruption to production. Downtime failures in IIoT systems could also have significant adverse consequences. Thus, real-time processing, critical system reliability, and seamless system integration impose upon the IIoT a requirement for the prevention of delay that, in particular, differentiates it from the IoT [71, 72, 73].

The IIoT uses specialized protocols such as MQTT, CoAP, LoRaWAN, and 6LowPAN to meet industrial requirements for specialized, high-bandwidth, and real-time monitoring of industrial control systems (ICS). It also uses devices such as sensors, actuators, and controllers that are suitably rugged for industrial environments and that provide an adequate quality of service [65].

4 IIoT Security: Overview

The transition from conventional and proprietary-based communication techniques to industrial automation processes represents a paradigm shift. In the current state-of-the-art, ecosystems embrace IoT environments that connect to smart environments, relying on sensors, actuators, timely controllers, and SCADA services [38]. This aspect of system digitization in readiness for Industry 4.0 requires secure technologies and standards. Furthermore, this integration opens up a threat landscape, with increased vulnerabilities that, from a security perspective, could lead to attacks on smart factories and compromise production processes [23, 74]. In this section, we explore the security requirements of IIoT ecosystems, weaknesses in the IoT and IIoT, and the state of the protocols, security architectures, and standards employed in the IIoT.

4.1 Security Requirements in IIoT Ecosystems

Given the convergence of industrial OT with IT, there has been a paradigm shift in IIoT ecosystem complexity and sophistication. As a result, the potential for cyber-attacks has increased [75]. This subsection assesses several industry-specific critical security requirements.

ICS are associated with the control and monitoring of key critical infrastructure and SCADA in industry. The continued integration of industrial production processes in the IIoT makes these systems susceptible to attacks. The security requirements in the IIoT are mainly positioned to address how secure programmable logic controllers (PLCs) maintain control of the physical processes, how sensor data are protected from attacks, how production processes can be optimized, how remote monitoring strategies can be secured, and how CPS integrity and confidentiality can be maintained.

To enforce secure communication strategies in the IIoT, it is imperative to identify how the state of security has been altered in the transition from conventional processing to the IIoT [23]. Taking general security requirements and goals as a baseline, the alterations to security requirements are summarized in Table 3.

Table 3.

No.	Security parameter	Challenges	Reference
1	Availability	Tradeoff between security and availability during a potential attack	[76]
2	Encryption	Complexity applying encryption to diverse device firmwares	[76]
3	IIoT device integrity	IIoT devices have modified firmwares, and hence it is not easy to verify authentic ones	[76]
4	Security by design	Devices are not designed to be secure	[78, 79]
5	Insider threats	Social engineering, insider attacks, and human factors	[80]
6	Heterogeneity	The IIoT is becoming a larger network, with massive transmission, and more security issues are arising	[81]

Table 3. Security Requirements in IIoT Ecosystems

The existence and proliferation of diverse technologies make enforcing security across IIoT ecosystems more difficult. This is because of existing inconsistencies in the digitization of manufacturing processes in the quest to achieve Industry 4.0 objectives. In Table 2, there is a tradeoff between availability and security in the event that an IIoT ecosystem suffers an attack [76]. Normally, security solutions place a system offline when it is under attack, but this conflicts with the need to maintain availability [76]. Encrypting connections in an IIoT ecosystem, either at the application or network level, may need to be forwarded or verified in advance by IIoT devices. However, given that some IoT devices have diverse firmware, the strategy of encryption is somewhat complex [76, 77]. As IIoT ecosystems include diverse industrial devices, some of which have altered firmware, verifying the integrity of all devices is challenging. Other pertinent security requirements include the existence of diverse attack types, such as insider attacks on industrial units [78, 79]. The fact that IIoT devices are not built with security capabilities complicates the provision of secure strategies [80].

Consequently, heterogeneity among IIoT ecosystems continues to hinder the achievement of major security goals. In general, new security threats and vulnerabilities are constantly being detected or propagated through malicious content or misuse of data. This heterogeneity introduces formidable security challenges. For example, an effective IIoT ecosystem allows nodes and interaction-based processes that coordinate communication with the cyber-physical world. From a generic point of view, Bodei, Chessa, and Galletta [82] showed that communication should start from a given node and that data should be collected during this communication process. Hence, there may be a possibility of vulnerable nodes. As part of a major requirement to secure IoT systems and incorporate end-to-end security, authentication, and authorization, the enforcement of continuous security is key to preventing adverse attacks [83, 84].

A major bottleneck for IIoT ecosystems is the fact that trust between industrial units is not guaranteed. This stands out as a major issue, illustrating the need to incorporate secure technologies that offer solutions through the establishment of secure immutable channels to prevent potential attacks [85]. IIoT-based applications such as Amazon Web Services (AWS) have security mechanisms that allow secure connectivity of hardware and cloud authentication while exchanging messages. In this context, every layer of the AWS/IoT technology stack is coated with the Azure security feature, e.g., authentication for connecting any new IoT device using X.509 certificates, authorization and access control that highlights policies, and secure communication of traffic through encryption (SSL/TLS) [86]. This ensures that confidentiality is maintained for protocols such as MQTT and HTTP. Other potential solutions include the Azure IoT security architecture, which supports authentication (TLS protocol for encryption), authorization and access control (Azure active directory) for policy authentication [87], and SSL/TLS for integrity and confidentiality of information [87].

While the focus of this article is on IIoT security and digital forensics, IIoT and IoT also share some common elements, even though they differ in applications and use-cases. However, there are also security weaknesses that are common to both systems, and as such, it is important to highlight the security weaknesses in both IoT and IIoT ecosystems to provide a comprehensive understanding of the overall security landscape faced by these technologies. By comparing the security requirements and weaknesses of both IoT and IIoT, we can identify similarities and differences in their security postures and better understand the unique challenges and opportunities for improving the security of IIoT ecosystems.

4.2 Key IoT Security Weaknesses

Diversification and the multitude of devices and protocols within IoT environments have led to an increased number of security shortcomings. The current security weaknesses, as highlighted by the open web security project (OWASP) [94], are mainly concentrated in each of the IoT’s three layers (perception, network, and application). This subsection explores the key IoT security weaknesses based on the three-tier IoT architecture (see Table 4).

Table 4.

Layer	Key security weaknesses	Reference
	Tampering and jamming attacks	[88]
	Node capturing by adversaries	[88]
Perception layer	False data injection attacks	[88]
	Cloning of tags	[89]
	Unauthorized access to systems	[89]
	Protocol insecurity	[90]
	RFID spoofing	[91]
Network layer	Sink-holing attacks	[89]
	Vulnerabilities in IoT devices	[92]
	Communication weaknesses with nodes	[92]
	Malicious code injections
	Sniffing attacks	[89]
	Phishing attacks
Application layer	Denial-of-service (DoS) attacks	[92]
	Buffer overflow attacks	[92]
	Software-based vulnerabilities	[93]

Table 4. Key IoT Security Weaknesses Based on the Layered IoT Architecture

4.2.1 Perception Layer Weaknesses.

The current security shortcomings in the perception layer are mainly attributable to external sources. This includes targeted attacks that focus on the transmission among IoT nodes, which compromise confidentiality, integrity, availability, and authorization. The key weaknesses in this context, as listed in Table 4, are tampering and jamming attacks [88], nodes being captured by adversaries [88], injection of malicious data by adversaries [88], cloning of tags [89], and gaining unauthorized access to systems [89].

4.2.2 Network Layer Weaknesses.

At the network layer, adversaries have the ability to compromise confidentiality and integrity during the data exchange stage of end-to-end communication. The key weaknesses in the network layer include protocol insecurity [90], RFID nodes [91], spoofing, sink-holing attacks [89], communication bottlenecks with nodes [92], and man-in-the-middle (MITM) attacks. As far as the IoT is concerned, attackers are able to capitalize on the heterogeneity of IT environments.

4.2.3 Application Layer Weaknesses.

The absence of widely accepted IoT standards for how applications are handled has opened a variety of security concerns at the interface layer. Integrating applications brings about authentication problems owing to the existence of diverse mechanisms arising from different applications. As a result, key vulnerabilities may allow malicious code injections, sniffing attacks [89], phishing attacks, DoS attacks [92], and buffer overflow attacks [92], and are responsible for key software-based vulnerabilities [93].

4.3 Key IIoT Security Weaknesses

The quest to achieve the security objectives of Industry 4.0 is increasingly significant, given that the integration of OT environments with information systems and cyber-based technologies effectively extends the attack surface. In assessing the key security challenges in the IIoT, we concentrate on those aspects that correspond to how the connectivity between technologies is achieved. Based on these security aspects, the key IIoT issues are identified and mapped to IoT weaknesses. As shown in Table 5, the key IIoT weaknesses are classified as cybersecurity- and physical-based vulnerabilities.

Table 5.

Category	Target	Attack mechanisms	Effects	Layer
Cyber-based	IT and OT systems IT and OT networks Operating system Applications Cloud environments	Spoofing attacks Phishing attacks Malware injection Session hijacking	Denial of service (DoS) ICS failures Data theft	Network layer
Physical-based	IoT devices Sensors and actuators ICS systems SCADA systems Human beings	Device manipulation Service jamming Information theft	Device compromise Control system alteration Possible loss of human life Firmware compromise Service unavailability	Perception and network layers

Table 5. Key IIoT Security Weaknesses

4.3.1 Cybersecurity-based Weaknesses.

The integration of OT and IT environments allows key security threats to target the operating system (OS), OT/IT system/network, industrial control system (ICS) and network, IIoT-based applications and servers, and the supporting cloud resources. The mechanisms used to realize these attacks leverage spoofing attacks, phishing-based attacks, and malicious software to compromise systems and hijack sessions. The outcome is continuous denial of service (DoS), failure of the ICS, and leakage of critical data.

4.3.2 Physical-based Security Weaknesses.

IIoT systems combine a number of physical devices that have other constraints in terms of, for example, energy and power. However, there is also a need to enforce the security of these devices. Generally, IIoT applications are tasked with the connectivity of industrial machines and processes, comprising sensors and actuators that process data in real-time. These data have a direct influence on the physical infrastructure and users, and failure could be catastrophic. Additionally, IIoT devices are mainly CPS-based, and so verifying the integrity of the CPS is a key task in detecting potential malicious modifications [23].

In the long run, verification of CPS integrity is essential. However, there exist limitations on computational power in any hardware architecture [64]. As illustrated in Table 5, physical-based security weaknesses can be exploited to affect sensors, actuators, and ICS/SCADA systems through device manipulation and human beings through psychological manipulation to extract information. Another critical aspect is the ICS, which was traditionally isolated from the IT infrastructure but is now connected and therefore exposed to cyber-security risks [64, 95]. Recent research [96, 97, 98] has led to proposals for security and safety standard compliance for CPS, possibly by automating the assessment of the IIoT and CPS using monitoring and verification frameworks.

Existing physical-based weaknesses include authentication techniques that require the storage of secret information in the device memory and cloning IIoT attacks in which a compromised physical device is cloned [99]. Side-channel attacks may open up access to adversaries, such as through electromagnetic attacks, power monitoring, and timing attacks based on statistical cryptographic techniques. With the emergence of Industry 4.0, more attacks on control systems are to be expected [99]. Security plays a major role where the IoT meets the physical ecosystem, and vulnerabilities can be seen in important areas such as SCADA systems, ICS, and IP-based physical systems [100].

4.4 State of IIoT Protocols

Assessments of the security of IIoT connectivity protocols stem from the need to explore the suppositions that underlie the digitization of industrial processes. This subsection explores the state of the wireless technologies that support IIoT ecosystems, as summarized in Table 6 and Figure 3, which shows the IIoT protocols with the respective parts of the open systems interconnection (OSI) reference model.

Table 6.

Reference	Protocols	Focus	Significance to IIoT Ecosystems
[104]	MQTT	Offers support to data exchange	Suitability due to its lightweight nature
[65]	CoAP	Enables constrained devices to communicate with the Internet	Dedicated communication in the IIoT infrastructure
[65]	MoDBUS:TCP	Shows its suitability in control and monitoring	Can be used in monitoring across IIoT environments
[105]	Zigbee	Role played by its variants	Supports cryptographic transmission
[108]	NB-IoT	Connects devices to the IoT	Compatible with low power and reduced data rates
[105]	LoraWAN/6LowPAN	How information secrecy can be enhanced	Encryption and decryption could enhance secrecy in the IIoT
[113]	IEEE 802.15.4	Operation for LoraWAN and basis for Zigbee	Provides general IIoT connectivity
[114]	WirelessHART	HART is an open and realizable protocol for WSN	HART is suitable for industrial automation

Table 6. Summary of Current IIoT Communication Protocols

Fig. 3.

4.5 Application Layer

4.5.1 MQTT.

Data exchange between IIoT systems is through the MQTT protocol, owing to its lightweight nature. MQTT relies on a broker to publish and retrieve data, and as a result, it has several key vulnerabilities. First, a client is able to publish and subscribe to any topic. Second, the broker may be overloaded if a subscriber forgets to collect the message. Third, there are no distinct access control techniques to prevent a client from subscribing to and publishing any topic. In this context, a potential attacker may try to find the most subscribed topic and exploit this information [101].

4.5.2 CoAP.

The constrained application protocol (CoAP) is a lightweight communication protocol designed specifically for the IoT and IIoT. In IIoT applications, where devices are often constrained in terms of limitations on resources such as memory, processing power, and battery life, CoAP can be a valuable protocol choice. It allows devices to communicate efficiently and effectively while conserving resources. Also, CoAP is particularly useful in IIoT applications, because it provides support for resource discovery, observation, block transfer, and proxying. These features make it easy for devices to discover each other and communicate efficiently. As an application layer protocol, CoAP is used for communication where dedicated devices are prevalent in an IoT-based infrastructure [65]. The security services in CoAP are more dependent on datagram transport layer security [102]. In the context of the IIoT, a massive payload may cause data fragmentation, which further opens the IIoT surface to potential attacks.

4.6 Transport Layer

4.6.1 MODBUS TCP.

MODBUS TCP is suitable for the control and monitoring of industrial applications in IIoT environments [65]. This can be complemented by the MQTT protocol through a publish and subscribe approach. Security threats include DoS attacks, privilege escalation, tampering, and spoofing. These vulnerabilities arise from the data transfer carried out by SSL/TLS, which is open to attacks [103, 104].

4.7 Network Layer

4.7.1 Zigbee.

This connectivity protocol is suitable for IIoT environments [105], and variants such as Zigbee Pro and Zigbee RFCE guarantee integrity by providing cryptographic security during transmission, confidentiality, and authenticity. Zigbee Pro is suitable for IIoT implementations, since it supports cryptographic transmission through encryption [106]. Among the security concerns associated with Zigbee is the key distribution method, where keys are pre-installed to devices in an insecure manner. Additionally, nodes can access communication even after leaving the network, and special software can be used to eavesdrop on or manipulate communication [107].

4.7.2 NB-IoT.

The narrowband IoT (NB-IoT) is suitable for IIoT ecosystems that have low power and reduced data rate constraints. The NB-IoT supports authentic communication via end-to-end security. However, the carriers in the NB-IoT are fully open, which creates an open surface for attacks, especially at the traffic nodes [108].

4.7.3 LoRaWAN and 6LowPAN.

The LoRaWAN protocol guarantees that information will be kept secret in IIoT environments through data encryption and decryption strategies. However, security flaws related to jamming and selective jamming attacks have been identified during communication [105]. The 6LowPAN protocol supports IIoT network connection based on low-power WPAN through IPv6, but it uses IPSEC for security services, which is a heavyweight and complex protocol [105].

4.8 Physical and Data Link Layers

4.8.1 Bluetooth.

Bluetooth supports short-range, low-power communication with a frequency of 2.4 GHz [109]. Its current security modes do not fully guarantee secure communication, given that there is a need to enforce service security levels. Bluetooth variants such as Bluetooth Low Energy (BLE) address authenticity, privacy, and integrity concerns, typically permitting a change of address to maintain privacy [110]. BLE suffers from numerous vulnerabilities, however, allowing attackers to leverage foot-printing approaches to collect information such as domain names, IP addresses, and access control lists. Additionally, attackers can perform bluesniffing, where unauthorized data is extracted from Bluetooth devices, and bluebugging, where attackers take control of the target device [111, 112].

4.8.2 IEEE 802.15.4.

This protocol provides general IIoT connectivity while guaranteeing data confidentiality, integrity, and a secure MAC layer [105]. However, 802.15.4 is vulnerable to keying techniques. Specifically, the single shared key aspect of this protocol offers little defense against a number of attacks [113].

4.8.3 WirelessHART.

WirelessHART is a key communication protocol for industrial process automation and the IIoT and has been approved as an open standard for WSN. This protocol is mainly concerned with energy and equipment monitoring, asset management, and general diagnosis. The HART protocol employs a single parity check for errors. This enables confidentiality, integrity, and authentication. While this protocol has been designed to be open and reliable, it has several limitations, since it does not support public cryptography and there is a lack of specification of the complete key management methodology. Additionally, there is no distinct authorization technique [114].

Note that the research discussed in this review is ongoing at the time of writing, and there are still some overlaps and similarities between generic IoT and IIoT, especially in terms of protocols. Generally, the weaknesses in generic IoT protocols are also relevant to the IIoT. Although the prime objective of the IIoT is to reinforce industrial system processes, it is also dependent on the actions involved in the generic IoT. Thus, failure of the actions in generic IoT protocols may have an impact on the IIoT.

4.9 IIoT Security Architectures and Standards

IIoT deployments are currently governed by the Industrial Internet Reference Architecture (IIRA) established by the Industrial Internet Consortium (IIC) [115], which explicitly stipulates the main roles played by cyber-physical-based technologies in the IIoT. From a security perspective, the IIC reference architecture includes a recommendation that the IIoT should position itself to give support to authentication protocols, non-repudiation, cryptographic protection, leveraging of quantum-resistant techniques during data transportation, connectivity, and efficient interoperability across systems. The OpenFog consortium [116] has devised a mechanism that brings IIoT processing close to the edge to guarantee the integrity, confidentiality, and availability of IIoT processes.

With the convergence of OT and IT, given that these prioritize systems differently, the industrial internet security framework (IISF) has been established as a common framework for security investigations in IIoT. This framework is, however, very generic and does not specifically articulate the key security aspects of the IIoT. Other key standards related to the security of the IIoT include ISO/IEC 29115 [117], which focuses on the security of endpoints, ISA/IEC 62443 [118], which focuses on authentication and vulnerability checks, ISO/IEC 29115 [117], which focuses on multifactor authentication and the need for cryptographic protocols, ISO/IEC 24760-1 [119], which focuses on secure identity, NIST-SP-800-82 [120], which stipulates the need for network segmentation in the IIoT and highlights communication requirements, NIST-FICIC [121], which focuses on risk management and security in the IIoT, and NISTIR-7628 [122], which focuses on cyber-security for smart grids. A summary of the security architectures and standards in the IIoT is presented in Table 7.

Table 7.

REF	Architecture/ Standard	Focus	Security description	Limitations
[115]	IIoT reference architecture	Industrial Internet Security Framework	Cybersecurity assessment in the IIoT	Generic security measures
[118]	ISA/IEC 62443	IIoT levels of security	Identification and authentication check	Security levels depend on the system
[117]	ISO/IEC 29115	IIoT levels of authentication	Multifactor authentication	The credentials lifespan is too long
[119]	ISO/IEC 24760-1	IIoT levels of secure identity	Identifies a unique and secure identity	It is not definitely established what constitutes a secure identity
[120]	NIST-SP-800-82	Industrial control system security	Network segmentation Security policies Communication requirements	Does not accommodate dynamic changes in IIoT ecosystems
[121]	NIST-FICIC	Cybersecurity for critical infrastructure	Principle of risk management and security	Complexity of cybersecurity risk management
[122]	NISTIR-7628	Guidelines for securing smart grid	Cybersecurity strategy for smart infrastructures	Changes in cybersecurity requirements
[118]	ISA/IEC 62443-4-2	Security for industrial automation	Cybersecurity threats and risks	Building extensions for enterprise security
[123]	NIST-IIoT	Security for the IIoT	Vulnerability risks and threats	Limited to integrity and authenticity

Table 7. Summary of Current IIoT Security Architectures and Standards

5 IIoT Security Achievements

Given that the realization of Industry 4.0 is dependent on innovative technological developments, this section assesses the state of IIoT-enabling technologies based on the approaches outlined in the Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege (STRIDE) model [124]. STRIDE offers a unique approach to assessing threats and vulnerabilities (known and unknown) within IIoT ecosystems, resulting in a threat roadmap. This section concentrates on describing the key security achievements that have been realized in the IIoT as a result of the STRIDE model.

5.1 Key Management in IIoT

A lightweight key exchange (LKE) for Industry 4.0 solves the problem of illegitimate nodes in the IIoT. The key provides an assurance of mutual authentication across nodes through a secret key exchange, which is safe for the IIoT [125]. Other key exchange protocols include lightweight authentication for M2M communication in the IIoT based on hash and XOR tasks to target MITM and replay attacks [38], and a lightweight protocol for IIoT that is implemented via the MQTT protocol [126]. With this approach, MQTT is a suitable protocol for the industrial domain.

The key strategies that can be used to evaluate which security techniques offer protection for MQTT are as follows: payload encryption with the authenticated encryption scheme (AES), payload authentication with AES, payload-authenticated encryption with AES-offset codebook mode (AES-OCB), and link-layer encryption with AES, where it is possible to measure the latency between the publishing and processing times. A lightweight certificateless signature scheme for IIoT environments provides data authenticity [127], while an SDN-enabled multi-attribute method for secure communication over the smart grid of the IIoT monitors network traffic and dynamic routing [128]. A faster authentication key with perfect forward secrecy for the IIoT based on hash and XOR operations has been developed [129], and an interactive multifactor authenticated key exchange for IIoT invokes password hardening and exposes the attacker [130].

The key management approach shown in Figure 4 focuses on information retrieval and provides a robust means of supporting digital and textual searches in IIoT environments. The key management scenario shown in Figure 4 depicts a typical key management approach in an IIoT ecosystem. In this scenario, an IIoT operator requests a service provision from an IIoT service provider (Step 1). The key distribution center (KDC) manages the encryption keys (Step 2). The KDC communicates with a cloud key management center (Step 3) to exchange and manage encryption keys. To ensure that the KDC can be integrated with the IIoT application processes, the KDC integration must be done (Step 4). Once the KDC integration is complete, the IIoT user can request processes from the cloud key management center (Step 5). The cloud key management center generates a response (Step 6) and provides the necessary encryption keys to the KDC as presented in Figure 4.

Fig. 4.

Using a hybrid keyword field search key management (HKFS-KM) scheme, this approach supports trapdoor unlinkability and drastically reduces the costs associated with key storage while supporting key revocation to guarantee secure IIoT records [131]. A study by Yasmine et al. [132] identified security weaknesses in authentication and key management during data transmission in the IIoT. The major security flaws were identified as replay attacks, DoS attacks, mutual authentication, and session key agreement. A mutual authentication scheme was proposed, but this does not support heterogeneous WSN environments. Zhou et al. [133] found that compromising devices to extract secret keys is still a challenge in IIoT communication, especially in side-channel attacks. Key weaknesses include IIoT key management, devices not embedded with cryptographic keys, IoT devices being easily attackable, and the resource constraints of IoT devices. A summary of key management approaches is presented in Table 8.

Table 8.

Reference	Focus	Significance to IIoT ecosystems
[38]	Lightweight authentication for M2M communication in the IIoT	Targets man-in-the-middle attacks on the IIoT
[125, 126]	Lightweight authentication support for the IIoT	Discusses MQTT, SDN, and other M2M support protocols in the IIoT
[127]	Lightweight certificateless signature scheme in the IIoT	Provides data authenticity
[128]	SDN-enabled multi-attributes for secure IIoT	Monitors traffic and offers dynamic routing
[129]	Authentication-based perfect forward secrecy in the IIoT	Uses XOR and hash to guarantee secrecy
[130]	Interactive multi-factor authentication in IIoT	Has password hardening and attacker exposure
[131]	Key management for textual search in the IIoT	Guarantees trapdoor unlinkability and privacy
[132]	Weaknesses in authentication and key management	Mutual authentication and session key agreement suggested
[133]	Device compromising with compromised keys	Identifies devices that are not embedded with cryptographic keys

Table 8. Summary of State-of-the-art Studies on Key Management in IIoT Ecosystems

5.2 Blockchain Technology in IIoT

While streamed sensor data can be extracted in real-time from IIoT environments, it is important to have a guarantee that these data are secure. The blockchain offers a precise distributed immutable ledger that allows for stronger security through the creation of a computationally infeasible cryptographic block of hashes. A scenario for implementing the blockchain in IIoT is shown in Figure 5. In the scenario depicting blockchain in IIoT shown in Figure 5, the IIoT ecosystem comprises the perception layer, network layer, control layer, blockchain service layer, and application layer, each of which is associated with various IIoT domains such as manufacturing, robotics, and mining. The blockchain service layer comprises three key components, namely, blockchain service support, smart contract, and transaction management, which together provide the necessary functionality to enable secure and decentralized data sharing, auditing, and trust among IIoT stakeholders. Moreover, the blockchain service layer is connected to a blockchain network comprising both on-chain and off-chain blockchain networks. The on-chain network is secured by verifier nodes [134, 135], which are responsible for validating transactions and maintaining the integrity of the blockchain.

Fig. 5.

A blockchain scheme for collecting and sharing data in a multi-agent environment that combines Ethereum and deep learning techniques with a focus on achieving reliability has been proposed [136], but the mining nodes in this scheme are not intelligent. A truly fair non-repudiation blockchain scheme for IIoT has been developed as a service proxy for recording interactive evidence for providers in the IIoT. This technique has been verified using a homomorphic approach, but it has not yet been deployed in a real network-enabled IIoT platform for practical evaluation [137]. Current blockchain techniques are compared in Table 9. Studies using the blockchain have focused on IIoT access to equipment and power consumption, where the blockchain is deployed in high-performance systems to improve smart factory processes. For instance, a sharding–hashgraph technique that divides blockchain nodes has been employed for the purposes of optimization [138].

Table 9.

Reference	Focus	Significance for IIoT ecosystems
[136]	Scheme for collecting and sharing data	Discusses how data can be shared in a multi-agent environment using machine learning
[139]	Use of credit consensus in the IIoT	Discusses how the consensus protects data confidentiality and access control
[140]	How scalability is achieved	Discusses how lack of energy efficiency and lack of standards hinders the IIoT
[141]	How blockchain can give security assurance	Discusses resource efficiency, secrecy, and maintenance of tasks using blockchain
[137]	Non-repudiation scheme for the IIoT	Service proxy that records interactive evidence for providers
[142]	Blockchain framework for the IIoT	Identifies zero-knowledge transactions for security purposes

Table 9. Summary of State-of-the-art Research on Blockchain Applications in IIoT Ecosystems

A secure blockchain approach that uses the credit consensus technique in IIoT has been established to protect data confidentiality. This method uses a directed acyclic structured blockchain with data access control, which decreases power consumption for genuine nodes while increasing power consumption for malicious nodes. However, the detection of malicious nodes requires further investigation [139]. Blockchain applications targeting Industry 4.0 face issues concerning scalability (given that blockchain computations require significant resources), inherent blockchain vulnerabilities, energy, and cost efficiency, and the absence of industrial standards and regulations [140]. Other relevant research has examined the integration of blockchain and edge frameworks for IIoT, addressing latency, resource efficiency, security, and monitoring of tasks, but neglecting system performance [141]. A blockchain-enabled framework for IIoT would face challenges involving zero-knowledge transactions, standardization, security, and privacy [142]. Generally, the blockchain offers a suitable mechanism for securing IoT transactions based on its characteristics of decentralization, effectiveness, transparency, and immutability [143].

5.3 Edge and Fog Security in IIoT

While edge computing is popular at present, its focus is on reducing the volume of transmitted data. Its current integration with the IIoT has intensified security threats related to data [144]. A substantial number of vulnerabilities occur in the fog layer as a result of data and IIoT application migration. One example is a malicious attack from the edge to the communication network, where machine learning strategies are preferred for purposes of defense. Major vulnerable points include attacks on fog nodes/adversarial manipulations during the provisioning of real-time services, authentication of identities, leakages of sensitive data at IIoT edge nodes due to limited storage, difficulties in processing data, complexity of edge computing IIoT networks, and the problem of sharing and searching encrypted data [100].

Figure 6 shows a scenario depicting edge and fog in IIoT. It consists of a perception layer where data is gathered and authenticated. This layer is followed by the edge gateway, which serves as the entry point for data into the fog layer. The fog layer controls encryption, key management, data storage, and data processing. The cloud layer provides additional storage and processing capabilities to the system. The cloud gateway transmits data between the cloud and the fog layer. Finally, the application layer provides the interface for users to interact with the IIoT system. In the IIoT domains, such as robotics, manufacturing, and mining, the system provides data extraction capabilities, allowing users to extract relevant data for analysis and decision-making.

Fig. 6.

A technique that addresses device unreliability and vulnerabilities has been developed in Reference [145] to allow secure data storage processes in the IIoT while integrating fog and cloud computing. This allows the collected data to be stored and processed at the edge server. However, this approach requires the encryption of fog-based data and effective privacy-preserving data mining approaches. As a result of encrypting fog-based data, fog nodes are forced to aggregate data to seal any form of information leakage during data dissemination [146, 147]. Consequently, edge computing faces challenges such as a lack of computational power, storage issues, and poor battery resources. Other threats include physical tampering with edge devices, identity forging, eavesdropping over shared wired channels, jamming links in IoT devices, and data privacy, as well as the various risks associated with network function virtualization, with the offloading of tasks to rich platforms, and with SDN [148].

Given that massive amounts of data are generated in IIoT environments, moving these data to the cloud for real-time analysis is a challenge. Other relevant challenges include managing access to applications, maintaining confidentiality, mitigating vulnerabilities, applying cryptographic protocols to the data generated from IIoT environments, and monitoring IIoT-related security events in real-time. Additionally, the cloud faces its own challenges in terms of confidentiality, integrity, authenticity, and availability [149].

As far as confidentiality is concerned, threat agents can propagate through the cloud and leak sensitive data related to the IIoT. The ultimate objective of an adversary is to defeat the cloud security goals by gaining control of the IT assets. Integrity issues arise from common attacks where adversaries are able to alter or modify part or all of the data at rest or in motion across different cloud models. The authenticity of entities within the cloud poses a challenge because of the existence of numerous illegitimate users. These vulnerabilities are fundamental, given the open nature of the cloud.

Another critical aspect concerning susceptibility is the issue of permission and privileges, where insufficient authorization of sessions and permissions makes cloud data vulnerable and susceptible to attacks. Recent studies of critical cloud attacks have identified DoS and distributed DoS (DDoS) to be the most common attacks, mainly propagated by botnets, virtualization/hypervisor attacks, user-to-root attacks, port scanning, MITM attacks, spoofing, and physical attacks. Most of these attacks attempt to defeat provisioned cloud services during IIoT integration [150, 151]. A summary of the key achievements in edge and fog security is presented in Table 10.

Table 10.

Reference	Focus	Significance for IIoT ecosystems
[100]	Vulnerable adversarial manipulations in IIoT edge nodes	Need to address complexity in IIoT networks
[144]	Integration of the volume of data in the IIoT	Vulnerabilities are experienced at the fog layer owing to application migration
[145]	Device unreliability and vulnerabilities in the IIoT edge	Need for encryption of data when fog and cloud integrate
[146, 147]	Encrypting fog-based data in the IIoT	Sealing data leakage points as a way of enhancing security
[148]	Computation and storage issues in the IIoT	Identifies the channels of compromise in the IoT
[149]	State of massive data generated in the IIoT environment	Data management solutions are key to managing huge volumes of data in the IIoT
[150, 151]	Permission and privileges in the cloud	Sufficient authorization and sessions and privileges in the cloud reduce potential intrusions

Table 10. Summary of Identified State-of-the-art Studies of Edge and Fog Security in IIoT Ecosystems

6 State-of-the-art Research in IoT and IIoT Forensics

The digitization of manufacturing processes further extends the attack and threat landscape and enhances the level of susceptibility, which could increase the potential for digitally propagated crimes. As a result, there is a constant need to analyze potential digital evidence to provide proof or prove facts if a potential security incident is detected. To date, there has been relatively little research on IIoT forensics, although some studies have explored how digital forensic investigations can be conducted in the IIoT, as well as the significant current challenges. We explore IIoT forensic investigations from the standpoint of integrating IoT-based forensic applications with industrial processes and assess how the prevailing IoT-based forensic models could be positioned to conduct digital forensic activities. A summary of the key research focusing on IIoT is presented in Table 11.

Table 11.

Year	Forensic model	Focus	Limitations
2020	– Acquisition based on state forensics [158] – Evidence identification link for IoT environments [166] – Cyber forensics framework for IoT big data [167] – Forensic analysis for IoT fitness trackers – Forensic logging model in IoT ecosystems [168] – Forensics of emergent configurations in live forensics [169]	– Utilizes controller to IoT device, controller to cloud, and controller to controller – Evidence identification link for the IoT environment – Uses MapReduce to extract and analyze dynamic traffic features – Allows user to view measured data on connected devices, analysis – Event model and design architecture that supports the IoT in a cloud ecosystem – Utilizes machine learning for learning based on new configurations	– Forensic soundness for the acquisition controller is not explored – Investigation is not carried out in the real world with real-time monitoring – Relevance is for the collected data, and there is no focus on live forensic analysis – Limited to mobile IoT devices – Not validated using any experiments; chain of custody and forensic soundness are hardly explored – The study is dependent on intelligent approaches and self-adaptive systems
2019	– IIoT forensic frameworks [154]	– Cross-forensic layer and evidence extraction	– Lack of live forensic analysis component in IIoT environments
2018	– Integrated IoT forensic framework [170] – FIF-IoT framework [171] – Forensic edge management [172]	– Integrates readiness process groups with IoT management policy and standards – IoT forensic investigation using public ledger; verifies integrity – Requirement for managing solutions, specifically the autonomy of systems	– Policies are only oriented to IoT environments – Limited to IoT-based systems, without any IIoT integration – Mapping with other forensic tools is hardly explored
2017	– SCADA forensics in the IIoT [153] – Application-specific model for the IoT [173] – Model for smart cities and automated vehicles [174] – Digital evidence acquisition model for the IoT [175]	– Incident identification and forensic extraction – Smart environments, network, and things forensics as extraction-of-evidence techniques – Targets vehicle ECM data from data hub/GPS and cellular devices to create forensics images – Theoretical model based on investigative zones	– Lack of certified forensic incident response tool and methodologies – Lack of fusion mechanisms with IIoT platforms – Standards used may not translate and fit across IIoT environments – Model lacks validation owing to its theoretical nature
2016	– Generic framework for IoT investigations [6]	– Complies with ISO/IEC 27043, proactive forensics, cloud, network, and device-level forensics	– Limited to IoT devices, network, and cloud
2015	– Monitoring ICS and SCADA systems [152] – Top-down IoT forensic model [176]	– Continuous monitoring of PLCs for analysis purposes – Planning and authorization as approaches to IoT forensic process	– Lack of certified forensic incident response tool and methodologies – Investigation spectrum does not cover IIoT platforms, and there are no integration components

Table 11. Summary of State-of-the-art Research on IoT and IIoT Forensics

Currently, there exist vulnerabilities in the physical infrastructure that underpins IIoT applications, e.g., the CPS, ICS, and SCADA systems. Thus, there is a dire need for post-incident response strategies. For example, research by Cruz et al. [152] suggests placing a shadow security unit in parallel with field devices as an approach for continuous monitoring of PLCs, which could be leveraged for forensic purposes. Research on SCADA forensics has identified that current SCADA employs cloud-based technologies and suggests the following essentials: identifying the incident origin, assessing the system risks and alterations, identifying the SCADA impact and status, and live forensics, before employing rapid response, compatibility, and remote data acquisition techniques. This approach is useful for conducting digital investigations in IIoT but is limited by the available forensic artifact extraction tools [153]. An IIoT forensic investigation framework [154] suggests the collection of digital evidence to mitigate IIoT-based vulnerabilities. This study outlines the relationship between the OSI layer model and cross-layer forensic information and suggests a higher layer for digital forensic information in the IIoT [154].

Considering the existing digital forensic challenges in the IoT, MacDermott et al. [155] highlighted several shortcomings that have resulted from the changing landscape of digital crimes. The sources of evidence from IIoT environments were identified as smart devices and sensors, hardware and software, intrusion detection systems (IDS), firewalls, ISPs, mobile providers, and other online identities. IoT forensic techniques have been mapped to privacy as a feasible way of conducting digital investigations through the sharing of data by devices through a privacy-aware IoT forensic model [156]. For example, an IoT forensic model that underpins infrastructures has been constructed for Amazon Echo as a use-case and is able to support identification, acquisition, analysis, and presentation using a generic IoT architecture [157].

A forensic acquisition technique for the IoT based on the state of events has been developed and proved for controller-to-IoT, controller-to-cloud, and controller-to-controller cases. Through the use of an IP camera, it has been shown that relevant data based on states can be extracted from IoT devices [158]. Notably, a taxonomy for the challenges faced in IoT forensics has identified forensic tools, models, and sources of evidence as crucial aspects to consider in the IoT environment [159]. A technique for defending logged data against attack using anti-forensic techniques has been developed through data aggregation and encryption in an IoT setup with the modified information dispersal algorithm. This approach is based on the fragments transmitted from IoT devices [160].

A forensic-aware ecosystem for the IoT has been established to collect and analyze evidence systematically by supporting different IoT subdomains [161]. Subsequent studies have shown that IoT forensic challenges mainly target encryption and storage of data in the cloud. The IoT forensic tools and techniques for preserving volatile data have been identified as key aspects of IoT forensic research, but there are few IoT forensics tools with data acquisition capabilities [162].

A fog-based framework for IoT forensics has identified several challenges based on use-cases and implementation. As an example, a refrigerator was connected to a fog node as part of a home automation system. Although the effectiveness of this framework was not evaluated, it was able to reproduce some techniques for achieving digital forensics [163]. Research focused on IoT opportunities and challenges suggests that search, seizure, evidence correlation and analysis, and IoT attribution are core challenges [164]. Additionally, complexity and diversification, chain of custody, and limited storage for IoT devices require further research [165].

Other challenges include the type and quantity of data, blurred lines between networks, and the type and source of evidence [177]. A framework for IoT acquisition and forensics has identified data location, data format, data extraction, and data type as key forensic characteristics [178]. An efficient approach that combines cloud forensics with client-side forensics has been suggested for the Amazon Alexa ecosystem, with a proof-of-concept focused on identification and acquisition analysis from local devices [179]. Other relevant work includes the analysis of bulk digital forensic data as a semi-automated approach for scanning disparate digital forensics data subsets and data from IoT portable devices. There are also cross-device and cross-analysis approaches that are appropriate for diverse digital forensic cases [180]. Additionally, live forensic analysis in emerging configurations in IoT environments could utilize K-nearest neighbors, support vector machines (SVMs), naive Bayes classifiers, and random forest algorithms. These approaches illustrate how datasets could be utilized for the live detection of potential incidents [169].

Other IoT-based frameworks include a top-down IoT model for planning and authorization of forensic processes [176], integrated IoT forensic frameworks [170] that stipulate which IoT-based standards can be leveraged, and an application-specific model [173] for the IoT that extracts evidence from smart home and smart city devices. Acquisition based on a state forensics model has been explored [158] with both controller-to-IoT device and IoT-to-controller processes included in the forensics. A model for smart cities and smart vehicles [174] targets ECM data from the vehicle data hub to create forensic images. A digital evidence acquisition model [175] for the IoT environment uses graphs to model flows, whereas the FIF-IoT approach [171] uses a public ledger to verify evidence integrity. Research has also covered a cyber-forensics framework for IoT big data [167], forensic edge management for autonomous systems integrated with IoT networks [172], a forensic model for IoT trackers [181], and a forensic logging model for IoT ecosystems that supports cloud computing [168].

The existing overlap between the IoT and IIoT means that, in the context of this article, IIoT forensics are represented as a large-scale post-event/reactive technique that targets critical IIoT forensic information domains [154]. Examples include network protocols targeting ICS/SCADA, forensics from the lowest layers (physical layer), evidence from higher layers (bit-level forensics) from SCADA, PLCs, sensors, communication gateways, and network-level forensics [154]. As far as IoT forensics is concerned, information may be extracted from the respective layers, mostly from networked mobile digital devices; it should be noted here that mobile forensics lies at the center of the IoT. While the IIoT, IoT, and mobile forensics share a need for forensic evidence (digital data), there are major differences between them with regard to the complexity involved in extracting these data and the diverse range of architectures. This complexity, among other challenges, should ultimately underlie the forensic soundness and sanctity of potential digital evidence from the IIoT, IoT, and mobile forensic architectures for the purpose of litigation in the event of a security incident.

7 Open Challenges

The preceding sections have highlighted the security requirements in IIoT ecosystems, the state of IIoT ecosystems in terms of architectures and protocols, IIoT ecosystem security achievements, and the state of digital forensics in the IIoT. Based on this analysis, we now identify the open challenges relating to these technologies from a security and digital forensic perspective. The categories of these challenges are depicted in Figure 7, and a summary of the challenges and high-level solutions is given in Table 12.

Table 12.

Category	Challenge	Possible high-level solutions
Perception layer challenges	– Lack of security by design – Unattested device firmwares/CPS integrity – Device cloning/PUF emulation	– Design CPS components with security functionalities – Need for standard device compliance techniques – Use obfuscation techniques to prevent PUF cloning
Network layer challenges	– Weak authentication/lack of encryption in Bluetooth – Single shared key in 802.15.4 – Unlicensed open band in the NB-IoT – Flaws during encryption of LoRaWAN – Heavyweight Protocols in 6LoWPAN	– Use link encryption for data transmission in Bluetooth – Consideration of asymmetric encryption to limit node compromise in 802.15.4 – Utilize licensed bands to mitigate issue of traffic offloading in the NB-IoT – Adopt alternative encryption technique to AES128 in LoRaWAN – IPSEC is not feasible for the IIoT; instead integrate IPSEC with industrial IoT networks and use adaptable key-establishing techniques in 6LoWPAN
Application layer challenges	– Expanded cyber-attack surface – IIoT system is dependent on single dynamic processing/huge processing power – Insider attacks – Absence of compliance security standards and guidelines in IIoT processes – Susceptible distributed mining nodes	– Focus on intelligent approaches to mitigate potential threats – Use AI-based solutions – Develop application-specific security standards – Focus on making mining nodes intelligent
Security management challenges	– Existing cybersecurity frameworks have limitations with regard to heterogeneous IoT system support. – Key security challenges arise from OT and IT integration	– Need for a resilient harmonized framework that supports OT and IT systems in real time – Propose a common framework that addresses security of OT and IT convergence
Digital forensics challenges	– Lack of certified digital forensic investigation tools and methods for the IIoT – Lack of accredited standards and guidelines relevant to the IIoT – Lack of investigation process models tailored for the IIoT	– Need for certification of specific investigation tools for the IIoT – Need for developing international standards and investigation guidelines – Need to develop holistic digital investigation frameworks and models that have the IIoT as their main focus – Integration of OT/IT communication mechanisms with 5G technologies

Table 12. Summary of Current Security Challenges and High-level Solutions

Fig. 7.

7.1 Challenges in the Application Layer

–

The shift from conventional industrial processes to smart connectivity will mean that advanced industrial processes become wholly dependent on wireless connectivity, standards, and protocols. However, this opens the threat and attack landscape further. Thus, if IIoT networks are attacked, then the industrial production output will be compromised and human lives may be put at risk.

–

Realizing smart manufacturing implies that the majority of systems will be able to act in a self-adaptive manner with some self-dynamic reconfiguration ability. This implies that dynamic production processes will become centered on single dynamic production as opposed to centralized management, which is susceptible to failures and requires huge processing power.

–

Normally, attackers will use diverse and alternative techniques to reach the CPS. Hence, insider or physical attacks may be used to undermine the security of the IIoT.

–

Currently, there are no universally accepted security standard compliance techniques, security monitoring, or standardized devices that can be employed in IIoT environments.

–

At present, most blockchain processes in the IIoT are distributed transactions. However, some mining nodes in these transactions are not intelligent, which may make them susceptible to attack.

7.2 Challenges in the Network Layer

–

The current spectrum of IIoT connectivity protocols does not guarantee a higher degree of security during data communication. For example, Bluetooth has insecure modes that expose the device to malware. BLE security mode 1, level 1 has weaker authentication or encryption, which makes it insecure [182]. Additionally, pairing techniques do not offer protection, which makes Bluetooth vulnerable to MITM and eavesdropping attacks and could eventually lead to data manipulation.

–

IEEE 802.15.4 uses a single shared key session that offers little defense against replay attacks. Additionally, this standard cannot guarantee the confidentiality and integrity of acknowledged packets [183].

–

NB-IoT (WAN) uses unlicensed bands, from which malicious nodes can offload traffic [184].

–

LoRaWAN has a number of security vulnerabilities, with flaws in AES during encryption and an inability for partners to fix shared keys to some values. The AES cryptography algorithm uses 128-bit keystreams that allow the key to be XORed with the message to generate the ciphertext [185]. Given that LoRaWAN utilizes a 128-bit AES algorithm to encrypt its message, certain weaknesses may produce a non-optimal ciphertext that can be decrypted. Additionally, LoRaWAN allows an adversary to modify a message over the connection.

–

The IPSEC currently being used in 6LoWPAN is a heavyweight protocol, which means it is unsuitable for IIoT environments.

–

MQTT faces challenges relating to DDoS, information disclosure, and spoofing [186]. In addition, clients may easily subscribe to any topics, creating a likely vulnerability that could allow the subscribed topics to be exposed to attackers.

–

Currently, secure key management and exchange is an open challenge owing to the resource constraints on the physical devices and user data. Most key exchange approaches suffer from heavyweight cryptographic protocols that are overly complex as far as computation is concerned. There also exist challenges in terms of applying encryption to diverse firmware, some of which will have been altered.

7.3 Challenges in the Perception Layer

–

Currently, the majority of devices employed in IIoT environments are not manufactured with security capabilities (i.e., there is a lack of security by design), causing them to fail during or after deployment. Most CPS involve the integration of embedded systems and physical processes, and so a lack of security may lead to significant vulnerabilities. With the ever-changing nature of system architectures, most devices and systems are built without security functionalities, and those that do have security functionalities may rapidly become outdated. Additionally, most systems operate in real time, combining sensor data, devices, and actuators. Ultimately, the absence of security by design leads to susceptibility and unreliability and creates more vulnerabilities.

–

The core challenge is to verify the integrity of the CPS/IIoT devices used in IIoT environments. Currently, there exist numerous devices with diverse firmware and no efficient scheme for the attestation of these systems. The nature of CPS is to complete real-time tasks and ensure that they satisfy security goals, key among which is the integrity of data and devices. Continued digitization in IIoT environments has resulted in diversification of physical devices and a wide-ranging variety of CPS devices, which suffer from attestation problems. This can be attributed to variation in or lack of acceptable compliance standards during device on-boarding processes. Lack of proper attestation of these devices creates an environment that allows physical damage, which may threaten human lives and create integrity issues regarding the data collected from sensing environments.

–

Currently, where the IoT meets the IIoT, there is a higher degree of cloning of physical devices as a form of IIoT attack. Cloning is usually a social engineering approach that allows attackers to maliciously deceive unsuspecting victims in cases where a device or malicious link is dispatched as a legitimate one. Security in the IIoT requires the utilization of physically unclonable functions (PUFs), which guarantee a secure approach for storing digital information in integrated circuits [187]. However, where OT and IT converge, there may arise vulnerable situations that allow attackers to gain knowledge on how the PUFs operate. In the long run, attackers may be able to model an identical PUF to emulate the original. Using this approach, it would be easy to circumvent the memory contents of integrated circuits. The ultimate effect of this is data leakage and side-channel attacks.

7.4 Challenges for Security Management

An assessment of security challenges is now presented, with an emphasis on the point where OT and IT systems converge. This is because of the need to ensure that key information security goals are maintained while enforcing security for the CPS. Based on this study, the following are identified as key security-related challenges:

–

The convergence of OT and IT brings together two differing environments, which have different architectures, operations, and challenges.

–

Managing security aspects of OT/IT integration is a key challenge for the following reasons:

–

OT and IT integration comes with new and emerging security threats and vulnerabilities.

–

There is currently an absence of key industrial standards addressing the disparities that exist as a result of OT and IT integration. In the long run, it is vital to determine who handles what security task, given the different structures.

–

Current OT and IT security postures in IIoT exhibit quite huge gaps due to the absence of a common understanding on how threats, vulnerabilities, and attacks should be handled.

–

Owing to the resource-constrained nature of IIoT devices, current cybersecurity frameworks are unable to support heterogeneous IoT systems and CPS in real time.

7.5 Challenges for Digital Forensics in IIoT Ecosystems

Based on the current state of digital forensics in IIoT, this subsection discusses the prevailing open challenges. To date, there has been a lack of adequate studies of digital forensics in the IIoT. The following are presented as current open challenges:

–

The majority of IIoT systems previously operated as SCADA/CPS, where most networks were isolated. Given that digital forensics stipulates that the correct tools and methodologies should be used during an investigation, there is currently a lack of forensically certified tools for IIoT forensic investigations.

–

At present, there are few guidelines or accredited standards and legal frameworks that stipulate how digital forensic incidents should be handled in the pre- and post-incident response phases in IIoT environments [188]. This is due to the disparities that exist between connected IIoT environments and normal IT environments.

–

Existing forensic investigation process models are tailored to address generic IT systems, where digital evidence is carefully extracted based on prescribed processes. However, in the context of the IIoT, there is not yet any definition of how a digital forensic investigation process model would be used.

–

Given that the IIoT involves the collection and analysis of data and personal information, there is a lack of approaches to data privacy and protection, which is a major concern [13].

–

The IIoT extends over multiple and diverse jurisdictions, which makes it difficult to determine the appropriate laws and regulations to be used when coordinating digital forensic investigations [13].

8 Future Directions

The challenges and limitations addressed in this article cover a wide scope with a multitude of facets. While a number of the challenges identified in the IoT have some similarities with IIoT challenges, the former are more closely associated with device diversity and the corresponding security mechanisms, while the latter are associated with the security aspects of smart industrial processes and the corresponding security and digital forensic investigation techniques.

With the continuous increase in the number of devices and the volume of data across IIoT systems, it is vital that diverse data processing techniques be incorporated. In most instances, the processing techniques applied are not standardized or widely accepted, which raises key security, privacy, and data confidentiality concerns.

A number of studies have formulated proposals for authentication techniques, specifically during the key management stage. Although some of these methods appear to be pertinent, it is important to note that the majority of existing key agreement techniques are not widely deployed across heterogeneous environments. This leads to concerns regarding the security and secrecy of keys and data during communication.

According to the key objectives of Industry 4.0, the IIoT is integral to industrial control processes. As such, integrating key security achievements such as blockchains, smart contracts, and key management techniques with 5G technologies could harden the security of the IIoT by preventing energy theft. The addition of security layers could result in stronger authentication and authorization mechanisms, where only the authorized user’s details and secret keys are maintained.

Consequently, with the key achievements in edge and fog computing in the IIoT come privacy concerns during data processing at the edge. In achieving threat intelligence, federated data models are locally trained at the edge nodes and then shared to the global nodes. Thus, it is important to investigate how the shared intelligence of data is aggregated and shared across heterogeneous environments for the purposes of privacy and adversarial concerns in IIoT ecosystems.

Based on the connectivity that has arisen as a result of the 5G standard, it is projected that key achievements will be realized in mobile edge applications, making IIoT processes more effective through the expected lower latency of machine communication. While this is a key opportunity for faster communication across IIoT networks, it may also open further vulnerabilities, with IIoT ecosystems becoming susceptible owing to the heterogeneity of the services supported by 5G in the IIoT.

Finally, there remains a need for security standards for blockchains, given their paramount importance to the safeguarding of the IIoT from compromise, especially during the integration of smart contracts. Furthermore, the detection of malicious nodes in a blockchain requires key edge intelligence aspects of resource utilization.

9 Conclusion

The IIoT is still in a process of development, with current advances being geared toward enabling the industrial and manufacturing processes that will realize Industry 4.0. This paradigm shift is allowing systems to accumulate and analyze data to make certain decisions.

In this article, the state-of-the-art of IIoT ecosystems has been comprehensively studied from security and digital forensics perspectives to help identify the existing open challenges. The state-of-the-art has been explored in terms of IIoT ecosystem security parameters, connectivity protocols, security-enabling technologies, and digital forensics. Key security achievements and open challenges have also been identified, along with key high-level solutions.

The IIoT is still being integrated into our daily lives with the aim of improving quality through continuous industrial automation or processes leveraging IoT-based applications. Our state-of-the-art survey has provided a comprehensive analysis of existing research, from which it is evident that the current IIoT suffers from relatively weak security protocols and a lack of unified accepted standards. Together, these weaknesses make IIoT integration vulnerable to a variety of security attacks.

References

[1]

Neha Sharma, Madhavi Shamkuwar, and Inderjit Singh. 2019. The history, present and future with IoT. In Internet of Things and Big Data Analytics for Smart Generation. Springer, 27–51.

Abstract

1 Introduction

1.1 Motivation and Research Gaps

1.2 Contributions

2 Scope and Related Work

3 IIoT Ecosystems

3.1 IIoT versus IoT

4 IIoT Security: Overview

4.1 Security Requirements in IIoT Ecosystems

4.2 Key IoT Security Weaknesses

4.2.1 Perception Layer Weaknesses.

4.2.2 Network Layer Weaknesses.

4.2.3 Application Layer Weaknesses.

4.3 Key IIoT Security Weaknesses

4.3.1 Cybersecurity-based Weaknesses.

4.3.2 Physical-based Security Weaknesses.

4.4 State of IIoT Protocols

4.5 Application Layer

4.5.1 MQTT.

4.5.2 CoAP.

4.6 Transport Layer

4.6.1 MODBUS TCP.

4.7 Network Layer

4.7.1 Zigbee.

4.7.2 NB-IoT.

4.7.3 LoRaWAN and 6LowPAN.

4.8 Physical and Data Link Layers

4.8.1 Bluetooth.

4.8.2 IEEE 802.15.4.

4.8.3 WirelessHART.

4.9 IIoT Security Architectures and Standards

5 IIoT Security Achievements

5.1 Key Management in IIoT

5.2 Blockchain Technology in IIoT

5.3 Edge and Fog Security in IIoT

6 State-of-the-art Research in IoT and IIoT Forensics

7 Open Challenges

7.1 Challenges in the Application Layer

7.2 Challenges in the Network Layer

7.3 Challenges in the Perception Layer

7.4 Challenges for Security Management

7.5 Challenges for Digital Forensics in IIoT Ecosystems

8 Future Directions

9 Conclusion

References

Cited By

Index Terms

Recommendations

Internet of Things security

Application-Specific Digital Forensics Investigative Model in Internet of Things (IoT)

Toward an Improved Security Performance of Industrial Internet of Things Systems

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Login options

Full Access

Share

Share this Publication link

Share on social media

Affiliations