Zero-Trust Sidecar Proxy Architecture for Secure Multi-Vendor Industrial IoT Interoperability

Authors

  • Pavan Kumar Reddy Boppidi

Keywords:

Zero Trust Architecture; Industrial IoT; Sidecar Proxy; mTLS; eBPF; Integration Contract Protocol; IEC 62443; OT/IT Convergence; Multi-Vendor Interoperability; EU AI Act

Abstract

Multi-vendor Industrial Internet of Things (IIoT) deployments present a structural security challenge that perimeter-centric models cannot address: heterogeneous device ecosystems from competing vendors operating across Operational Technology and Information Technology layers dissolve the network boundary assumptions on which conventional security architectures depend. This paper proposes the Zero-Trust Sidecar Proxy Architecture (ZT-SPA), which decouples cryptographic policy enforcement from application logic through transparent traffic interception. The architecture employs mutual TLS with X.509 certificate chains, eBPF-based kernel-level policy enforcement achieving 0.01–0.03 second latency within a 2–4 MB footprint, and hierarchical gateway delegation extending Zero Trust coverage to resource-constrained devices incapable of hosting local enforcement. The Integration Contract Protocol (ICP) complements the technical architecture by formalizing interoperability obligations across seven governance dimensions—performance, cryptographic standards, data ownership, exit portability, audit rights, incident response timelines, and vendor flexibility—with TLA+ formal verification of critical constraint combinations. Validated in a 500-device reference deployment spanning five vendor ecosystems and four IEC 62443 security level tiers, ZT-SPA achieves 95.3% unauthorized access blocking, 38% aggregate power reduction, and 40–60% total cost-of-ownership reduction for SME-scale facilities, reducing annual security expenditure from $22,000 to $8,000–$12,000 while enabling 20–40% competitive pricing improvement in security-certified procurement markets. The architecture establishes that Zero Trust security and IIoT operational interoperability are simultaneously achievable through enforcement decoupling, governance formalization, and tiered deployment calibrated to device capability and threat exposure.

Downloads

Download data is not yet available.

References

Scott Rose et al., "Zero Trust Architecture," NIST Special Publication 800-207, U.S. Department of Commerce, Gaithersburg, MD, USA, 2020. https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.800-207.pdf

Keith Stouffer et al., "Guide to Operational Technology (OT) Security," NIST Special Publication 800-82 Revision 3, U.S. Department of Commerce, Gaithersburg, MD, USA, 2023. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r3.pdf

International Electrotechnical Commission, "Security for Industrial Automation and Control Systems," IEC 62443 Series, IEC, Geneva, Switzerland, 2022. https://library.e.abb.com/public/b1f29a78bc9979d7c12577ec00177633/3BSE032547_B_en_Security_for_Industrial_Automation_and_Control_Systems.pdf

M. Frustaci, P. Pace, G. Aloi, and G. Fortino, "Evaluating Critical Security Issues of the IoT World: Present and Future Challenges," IEEE Internet of Things Journal, vol. 5, no. 4, pp. 2483–2495, Aug. 2018. https://ieeexplore.ieee.org/document/8086136

Muhammad Jawad Hamid Mughal, "Interoperability in Industrial Internet of Things: Challenges and Standards-Based Approaches," IEEE Access, vol. 10, pp. 14832–14849, 2022. doi: https://www.researchgate.net/publication/335528530_Internet_of_Things_-_IOT_Interoperability_and_Challenges

I. Butun, P. Österberg, and H. Song, "Security of the Internet of Things: Vulnerabilities, Attacks, and Countermeasures," IEEE Communications Surveys & Tutorials, vol. 22, no. 1, pp. 616–644, First Quarter 2019. https://ieeexplore.ieee.org/document/8897627

S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, "Security, Privacy and Trust in Internet of Things: The Road Ahead," Computer Networks, vol. 76, pp. 146–164, Jan. 2015. https://www.sciencedirect.com/science/article/abs/pii/S1389128614003971

A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, and M. Ayyash, "Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications," IEEE Communications Surveys & Tutorials, vol. 17, no. 4, pp. 2347–2376, Fourth Quarter 2015. https://www.researchgate.net/publication/279177017_Internet_of_Things_A_Survey_on_Enabling_Technologies_Protocols_and_Applications

L. D. Xu, W. He, and S. Li, "Internet of Things in Industries: A Survey," IEEE Transactions on Industrial Informatics, vol. 10, no. 4, pp. 2233–2243, Nov. 2014. https://www.researchgate.net/publication/270742269_Internet_of_Things_in_Industries_A_Survey

A.-R. Sadeghi, C. Wachsmann, and M. Waidner, "Security and Privacy Challenges in Industrial Internet of Things," in Proc. 52nd Annual Design Automation Conference (DAC), San Francisco, CA, USA, Jun. 2015, pp. 1–6. https://dl.acm.org/doi/10.1145/2744769.2747942 [11] O. Novo, "Blockchain Meets IoT: An Architecture for Scalable Access Management in IoT," IEEE Internet of Things Journal, vol. 5, no. 2, pp. 1184–1195, Apr. 2018. https://ieeexplore.ieee.org/document/8306880

M. Weyrich and C. Ebert, "Reference Architectures for the Internet of Things," IEEE Software, vol. 33, no. 1, pp. 112–116, Jan./Feb. 2016. https://ieeexplore.ieee.org/document/7367994

J. Jin, J. Gubbi, S. Marusic, and M. Palaniswami, "An Information Framework for Creating a Smart City Through Internet of Things," IEEE Internet of Things Journal, vol. 1, no. 2, pp. 112–121, Apr. 2014. https://ieeexplore.ieee.org/document/6702523

R. Roman, J. Zhou, and J. Lopez, "On the Features and Challenges of Security and Privacy in Distributed Internet of Things," Computer Networks, vol. 57, no. 10, pp. 2266–2279, Jul. 2013. https://www.sciencedirect.com/science/article/abs/pii/S1389128613000054

S. Auer, R. Bizer, G. Kobilarov, J. Lehmann, R. Cyganiak, and Z. Ives, "DBpedia: A Nucleus for a Web of Open Data," in The Semantic Web (ISWC 2007), Lecture Notes in Computer Science, vol. 4825, Springer, 2007, pp. 722–735. https://link.springer.com/chapter/10.1007/978-3-540-76298-0_52

P. Sethi and S. R. Sarangi, "Internet of Things: Architectures, Protocols, and Applications," Journal of Electrical and Computer Engineering, vol. 2017, Article ID 9324035, 2017. doi: https://www.mheducation.co.in/internet-of-things-architectures-protocols-and-applications-9789364440486-india

K. Boeckl, M. Fagan, W. Fisher, N. Lefkovitz, K. Megas, E. Nadeau, B. Piccarreta, D. G. O'Rourke, and K. Scarfone, "Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks," NIST Interagency Report 8228, National Institute of Standards and Technology, Gaithersburg, MD, USA, 2019. https://nvlpubs.nist.gov/nistpubs/ir/2019/nist.ir.8228.pdf

International Organization for Standardization / International Electrotechnical Commission, "Internet of Things (IoT) — Interoperability for IoT Systems — Part 3: IoT Architectural Framework," ISO/IEC 21823-3:2021, Geneva, Switzerland, 2021. https://cdn.standards.iteh.ai/samples/101110/d2f5feabcc394bebaffeee80c459a54f/ISO-IEC-21823-3-2021.pdf

European Parliament and the Council of the European Union, "Regulation (EU) 2024/1689 Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act)," Official Journal of the European Union, L Series, Jun. 2024. https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng

O. García-Morchon, S. Kumar, and M. Sethi, "Internet of Things (IoT) Security: State of the Art and Challenges," IETF RFC 8576, Apr. 2019. https://datatracker.ietf.org/doc/rfc8576/

Downloads

Published

13.05.2026

How to Cite

Pavan Kumar Reddy Boppidi. (2026). Zero-Trust Sidecar Proxy Architecture for Secure Multi-Vendor Industrial IoT Interoperability. International Journal of Intelligent Systems and Applications in Engineering, 14(1s), 830–841. Retrieved from https://www.ijisae.org/index.php/IJISAE/article/view/8263

Issue

Vol. 14 No. 1s (2026)

Section

Research Article

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.

IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.