© The Author(s) 2025. Published by EDP Sciences and China Science Publishing & Media Ltd.

1. Introduction

The evolution of the industrial paradigm from the first industrial revolution to the emergence of Industry 5.0 encapsulates a transformative journey in the history of technological and socio-economic development. This process marked not only a series of technological advances, but also a profound redefinition of the relationship between humans, machines, and the environment. The first industrial revolution, which erupted at the end of the 18th century, heralded the mechanization of labor through the use of water and steam power, fundamentally altering the manufacturing process and laying the groundwork for the industrialization of society. Subsequently, the second industrial revolution of the late 19th and early 20th centuries introduced large-scale production capabilities based on electricity, thereby increasing the efficiency and scale of manufacturing. With the third industrial revolution or digital revolution, which emerged in the second half of the 20th century, the convergence of electronics and information technology automated production, reaching unprecedented levels of precision and productivity. Further, the fourth industrial revolution, or Industry 4.0 marked a major leap forward, characterized by the emergence of cyber-physical systems (CPS) and the Internet of Things (IoT), enabling new levels of interconnectivity and intelligent automation of global supply chains and production lines. This era introduced the concept of the smart factory, where machines and production processes can communicate and make decisions autonomously, optimizing efficiency and flexibility.

However, during these phases, the main focus has been on increasing production efficiency, often ignoring the broader impact of industrial development on human workers and society as a whole. This efficiency-centered approach has driven economic growth and technological innovation, sometimes at the expense of environmental sustainability and social equity. This raises concerns about the dehumanization of the industrial vision and the marginalization of human creativity and well-being in the pursuit of productivity. Industry 5.0 [1] is therefore a key response and advancement to its predecessors, aiming to refocus industrial development by reintegrating the human factor into the technological equation. Unlike the previous four revolutions, which typically prioritized efficiency at the expense of human-centric considerations, Industry 5.0 emphasizes collaboration between humans and intelligent systems. It promotes customization, sustainability, and social responsibility to combine the computational power of machines with human creativity and moral insight. This new paradigm aims not only to sustain economic growth but also to address pressing global challenges such as environmental degradation, resource scarcity, and socio-economic inequality. It promoted a more inclusive, sustainable, and human-centered approach to industrialization, emphasizing that technological advances should serve the broader goals of humankind by fostering a balanced coexistence between economic objectives, social well-being, and environmental stewardship.

1.1. Motivation

Because of the revolutionization of Industry 5.0 and its immense value to the development of human society, this has attracted a great deal of research attention. Many studies have explored the vision and future path of Industry 5.0, including deepening the definition of Industry 5.0 and discussing the key enabling technologies and challenges leading to Industry 5.0. [2] provides an overview of key enabling technologies for Industry 5.0 and further discusses future trends and challenges. [3] discusses the transition from Operator 4.0 to 5.0 for Industry 5.0, which provides a thorough overview of the transformation in the way producers work in Industry 5.0. [4] provides a review of the sustainability of Industry 5.0 and discusses key technologies targeting sustainable development goals. [5] investigates the potential applications, supporting technologies, and future challenges of Industry 5.0. [6] explores the technologies in Industry 4.0 in which humans occupy a major aspect, in particular cyber-physical systems and the Internet of Things, thus further investigating the requirements for the development of these two technologies in Industry 5.0. Further, to standardize and facilitate the development of Future Industry 5.0, [7] proposed a framework for shaping manufacturing strategies for future industries, including process models and system models. The authors aim to provide a blueprint for the design of manufacturing systems in Future Industry 5.0.

However, while advanced technologies and revolutionary strategic frameworks are being introduced into Industry 5.0, unknown security threats and risks have become inevitable. In particular, to greatly increase productivity and improve production methods, Industry 5.0 encompasses a large number of advanced information technologies (e.g., federated learning, large language models, digital twins, etc.) throughout the entire process of industrial production. However, the vulnerability of individual technologies will also accrue to the entire industrial production chain, directly affecting the security of future industrial production. Due to the inevitability and unknown nature of the security risks, on the eve of the Industry 5.0 revolution, it is urgent to investigate the potential security threats in the development framework of Industry 5.0, discuss valuable security countermeasures, and explore the direction of future security research. However, after conducting a systematic survey (based on domain selection and criteria of the systematic literature review in 1.3 and 1.4), we found that current surveys lacked a comprehensive investigation for Industry 5.0 security that fulfills the above requirements. For example, [8] investigates privacy issues in Industry 5.0; [9] investigates cybersecurity for collaborative robots in Industry 5.0; and [10] investigates security research for the Internet of Things in Industry 5.0. These investigations focus on specific technologies and do not consider security analysis and modeling of the overall architecture of Industry 5.0.

Therefore, we identified three challenges facing existing research surveys on Industry 5.0, which are the main motivations and innovations of this paper. First, current review works for Industry 5.0 have mainly investigated relevant enabling technologies, such as federated learning and blockchain, to articulate a blueprint for the future of Industry 5.0. However, they lack a discussion of the deeper reasons why these technologies are driving Industry 5.0 (how they can contribute to the human-centeredness, resilience, and sustainability goals of Industry 5.0). Meanwhile, they haven’t constructed the overall technology architecture of Industry 5.0. Second, the current work lacks a complete discussion of the security issues faced by Industry 5.0 driven by key enabling technologies. In particular, security issues will become more complex due to the further integration of information, machines, and people in Industry 5.0. These security issues will directly affect the future development of industry and threaten the interests of human society. Therefore, a comprehensive categorization and investigation of security threats and countermeasures for Industry 5.0 is urgent at present. Third, Industry 5.0 puts people at the center of industrial production and emphasizes their interests. This brings about a new security issue, namely humanized security. Traditional security definitions, such as functional security and information security, can hardly cover this new security threat. Some research efforts have done preliminary studies based on humanized issues, such as personalized federated learning [11]. However, to the best of our knowledge, there is no comprehensive definition and research on humanized security issues for Industry 5.0.

1.2. Contribution

Therefore, based on the above motivations and challenges, we provide a comprehensive discussion and analysis of the enabling technologies and the triad of security issues (functional, informational, and humanized security) for Industry 5.0, and our specific contributions are presented below:

• First, based on the development goals of Industry 5.0, i.e., human-centered, resilience, and sustainability, we have categorized and deeply analyzed key enabling technologies from existing investigations, and taken the lead in proposing an overall technology architecture for Industry 5.0. This includes the AI-empowered decision layer, the reliable-efficient communication layer, and the human-machine interaction layer. Specifically, we identify six key enabling technologies, as well as discuss in detail how they can contribute to the development and application of Industry 5.0. This will provide a clear architecture and foundational support for subsequent Industry 5.0 research and technology advancements.

• Second, based on the overall technical architecture of Industry 5.0, we define and investigate in detail the triad of security issues in Industry 5.0. Specifically, we provide a comprehensive discussion of the threats and countermeasures for functional safety, information security, and humanized security at each layer of the Industry 5.0 technology architecture. To the best of our knowledge, this is the first complete survey of Industry 5.0 security, which will be useful in clarifying the current security challenges and future research directions in moving towards Industry 5.0.

• Third, it is the first time to define humanized security in Industry 5.0. Traditional functional safety and information security can hardly cover all the security issues in the era of Industry 5.0. For example, the fairness problem of low-resource machines and devices participating in distributed collaboration, the moral bias problem of smart devices to different regions and people, and so on. Therefore, we introduce humanized security alongside functional security and information security. Specifically, we provide a comprehensive definition of humanized security in terms of machines, individuals, and societal interests, and analyze humanized security threats and existing countermeasures under the Industry 5.0 landscape. To the best of our knowledge, this is the first time that a complete definition of humanized security has been presented in Industry 5.0, which will provide useful support for the future development of human-centered technologies.

To demonstrate more clearly the novelty and unique contribution of this survey, the differences between this work and other advanced surveys are summarised in Table 1. It is worth mentioning that the original definition of Industry 5.0 was presented in the publication of the European Commission [1]. As a guidance document, it defines the core concepts and vision of Industry 5.0. However, this publication is not concerned with a specific technical architecture and implementation framework, so we have not included it in the table. We first identified “Industry 5.0” and “Security” as the main keywords, and searched for relevant surveys based on the research methodology and selection criteria in subsections 1.3 and 1.4. In this way, we identified relevant surveys [8–10]. However, each of these works focuses only on the security issues of a particular technology, e.g., the security of collaborative robots. Therefore, we use the circle symbol to indicate that these works are not a comprehensive exploration of Industry 5.0 security. Due to the lack of security surveys for Industry 5.0, we expanded the comparison to include additional surveys. We selected work [2–7], and these high-level Industry 5.0 surveys based on a systematic selection methodology. We found that none of these works are centered on security and do not comprehensively discuss security issues in Industry 5.0. They focus on investigating enabling technologies, development trends, technical challenges, etc. Therefore, to the best of our knowledge, this work is the first comprehensive survey and exploration of security issues in Industry 5.0, which will provide valuable support for security research in Industry 5.0.

1.3. Research methodology

In this study, all research processes and proposals were conducted systematically. The main abbreviations in the article can be found in Table 2. The efficacy, security, limitations and effectiveness of different research methods and proposals made by different authors were manually evaluated and compared (see Tables 3–8).

First, we constructed the research question by searching for relevant terms from several databases. Only papers matching the selection criteria (mentioned in Section 1.4) were considered. We critically evaluated the articles and then carefully selected the instrumental articles. Then, we identified the following research questions:

• (1)

  RQ1: Based on the key enabling technologies in the existing survey, investigate the deeper reasons why these technologies fulfil the core development objectives of Industry 5.0 and define the overall technological framework for Industry 5.0. (This issue is discussed in Section 2.)

• (2)

  RQ2: Investigate the important security threats faced in the overall technological framework of Industry 5.0, and in particular how these threats hinder the core development objectives of Industry 5.0. (This question is answered in Section 3).

• (3)

  RQ3: Investigate the currently available security countermeasures against the above threats, as well as security research challenges and directions to facilitate the development of Industry 5.0. (This question is answered in Section 4).

Further, we employ the following methodology to ensure a comprehensive review of Industry 5.0 and its security research:

• (1)

  We have begun to grasp the overall definition and development goals of Industry 5.0 from a broad and evolving exploration (iterative approach) starting from the original European Commission paper [1] on Industry 5.0.

• (2)

  We designed research questions to guide our review based on technical frameworks, security threats, and security countermeasures.

• (3)

  We searched the databases Google Scholar, IEEE Xplore, and ACM Digital Library using the keywords mentioned in Section 1.4. And, we define the selection criteria in Section 1.4. Then, we have completed the quality assessment to ensure that the articles are from reputed journals and conferences.

• (4)

  Due to the wide range of technologies covered by Industry 5.0, we supplemented the rigorous iterative approach with the use of citation chaining (snowballing technique) to ensure a complete survey of each topic. Specifically, for content that is not directly related to the topic but necessary, we surveyed and cited well-known survey papers in the field to ensure the completeness and logic of this survey. In addition, we used the titles and corresponding categories of each subsection and combined search strings with the operators “AND”, “OR” and “IN” to ensure coverage.

1.4. Literature categorization

We have identified a total of 291 papers reviewed for this survey. We have categorized the literature based on key enabling technologies, security threats, and security countermeasures for Industry 5.0. The categorization of the literature is based on explicit criteria described below. In this section, we first describe the classification of the literature and then the organization of the papers.

Domain selection: Security-related work in the domains of Federated Learning, Large Language Models, 6G, Blockchain, Digital Twins, Collaborative Robotics, and their various IT spin-offs have been selected as the basis for a Systematic Literature Review (SLR) of Industry 5.0 security research. According to previous surveys, these domains are the technological backbone of Industry 5.0, affecting all aspects from manufacturing to services. At the same time, Industry 5.0, driven by these key technologies, faces systemic security challenges. This SLR aims to mine and extract from these transformative technologies the technological framework, security threats faced, and advanced security countermeasures for the future Industry 5.0. Finally, it explores the future trends and challenges.

Selection criteria: We selected studies that met the following criteria: at the first classification level, we categorized papers according to key enabling technologies, security threats and countermeasures, challenges, and opportunities. (i) Industry 5.0 key enabling technologies. (ii) Industry 5.0 security. (iii) Industry 5.0 challenges and opportunities. At the second level of categorization, we have categorized the following studies in the context of Industry 5.0: (i) Enabling technology-driven three-layer technology framework for Industry 5.0 (ii) Categorisation of security threats into three categories, function safety, information security, and humanized security. (iii) Security countermeasures and studies based on the above threats. In the third categorization level we further investigate the above categorization in depth: (i) The six key enabling technologies and their deeper reasons for driving Industry 5.0. (ii) Security threats to the AI-empowered decision layer, reliable-efficient communication layer, and human-machine interaction layer (including function safety threats, information security threats, and humanized safety threats). (iv) Security countermeasures and research trends facing the AI-empowered decision layer, reliable and efficient communication layer, and human-computer interaction layer (including function safety, information security, and humanized security research). Finally, we summarise the existing challenges and future trends in security research for Industry 5.0.

Timeline: papers published between 2015 and 2024.

Organization: The paper is organized as follows. Section 2 describes the overall Industry 5.0 technical architecture and key enabling technologies; Section 3 describes the security threats of Industry 5.0; Section 4 describes the security countermeasures for Industry 5.0; Section 5 is about the challenges and future trends; and Section 6 summarizes.

Figure 1. Key Enabling technologies for Industry 5.0 and their layered architecture

2. Key technologies context in industry 5.0

Based on the key enabling technologies of Industry 5.0 that have been discussed in existing surveys, this section proposes a technology-layered architecture for Industry 5.0 based on the three core processes of computation, communication, and control in industrial production, as shown in Figure 1. This mainly includes the AI-empowered decision layer, the efficient communication layer, and the human-machine interaction layer. Further, based on the human-centric, resilience, and sustainability goals of Industry 5.0, we summarize the core requirements of each layer. In the AI-empowered decision layer, this refers to human-centered intelligence, industrial system resilience, and system sustainability. In the reliable-efficient communication layer, this refers to human-in-the-loop networks, communication resilience, and green communication. In the human-machine interaction layer, this refers to human-centered production, production resilience, and production sustainability. In addition, we summarize the enabling technologies within each layer and identify six key enabling technologies. We will provide a deeper analysis of these six key enabling technologies, which includes why they contribute to the goals of Industry 5.0 and their application prospects.

2.1. AI-empowered decision layer

2.1.1. Federated learning

Sustainable and resilient collaborative industry environments are one of the visions of Industry 5.0 [1]. With the deployment of large-scale edge devices and the application of intelligent IoT, processing distributed massive data and improving productivity have become important issues. In particular, personalized and customized production will become mainstream in the era of Industry 5.0. It requires a combination of human skills and demands with machine precision and automation. Further, it will ultimately enable large-scale, efficient, personalized production by using advanced AI technology to adapt production methods based on the demands of different customers and workers [1, 2].

In this context, Federated Learning (FL) has become one of the important cutting-edge technologies for Industry 5.0 [12]. FL is a distributed machine learning approach that allows multiple devices or servers to collaboratively train a shared model while keeping their respective data localized [13]. FL aims to improve data privacy and security while leveraging multi-source data to improve model generalization. Specifically, we categorize and summarize the objectives of Industry 5.0 and the contributions of FL as follows:

• (1)

  Human-centric approach: One of the main objectives of Industry 5.0 is to create a collaborative environment where humans and machines complement each other’s strengths [14]. Therefore, FL achieves this goal by extending independent decision-making by a centralized server to collective decision-making by distributed users. FL actively incorporates workers and users into the training process of the model while ensuring intelligent automated decision-making [15, 16]. Specifically, the code of the FL model is available to users, while users provide valuable data to participate in the training of the collective model, thus realizing the combination of human creativity with the efficiency and intelligence of the machine [17, 18].

• (2)

  Resilience: Industry 5.0 will be more automated and intelligent than Industry 4.0, and real-time communication and processing of huge amounts of data will become normal, which requires the system to have strong resilience, especially the ability to guarantee data security. Traditional machine learning (ML) models rely on centralized data sources for training and testing, with significant risks to system security and user privacy [19]. FL is made as a decentralized collaborative machine learning approach, which can perform distributed model training on multiple devices. Therefore, this not only ensures local data privacy but also brings more resilience for centralized data destruction. In addition, FL is compliant with the General Data Protection Regulation (GDPR) [20] compared to traditional ML methods.

• (3)

  Sustainability: Processing massive amounts of Industry 5.0 data in real-time and safeguarding data security and privacy leads to significant overhead in communication and computational resources. FL combines independently autonomous individuals into an intelligent population that can significantly expand the training samples of the model, which will significantly reduce computational power consumption [15, 19]. In addition, FL can be applied in industry with an efficient real-time mechanism compared to traditional data security methods, e.g., differential privacy reduces data utility; and homomorphic encryption, which puts an extra burden on computational resources [21].

As a result, FL has been widely emphasized in Industry 4.0, demonstrating advanced performance in many scenarios such as industrial internet of things (IIoT) and smart cities. We will summarize and discuss the key applications of FL in the following, which will inspire the development and application of FL in Industry 5.0.

• (1)

  Industrial internet of things (IIoT): Industry 5.0 will further develop the IIoT to utilize massive amounts of data for intelligent industry and intelligent decision-making. In IIoT, data needs to be collected, analyzed, and stored in a distributed manner. Therefore, FL as a privacy-preserving distributed learning model will play a key role in IIoT. [22] proposed an FL architecture for managing IIoT data in a wireless network environment, which achieves model aggregation rate increase while reducing communication overhead. [23] proposed an FL model for the use of decentralized microservices in industrial IoT systems, which can reduce energy usage and minimize latency in applications. [24] integrates a large amount of IIoT sensor data known as Edge-IIoTset, which is a comprehensive and realistic cybersecurity dataset for industrial IoT applications and has been successfully applied to FL to achieve IIoT intrusion detection. In particular, for some sensitive data-driven IIoT applications, such as wearable medical devices, autonomous driving, and industrial robotics decision-making, FL enables efficient and privacy-enhanced multi-party collaboration and model computation [22, 25].

• (2)

  Smart cities (SC): Compared to ML, the natural security advantages of FL play an important role in improving system privacy and security in various SC systems (e.g., communication, finance, healthcare, transportation, etc.) [26, 27]. In transportation systems, [28] proposed a federated learning-based traffic flow prediction method, FedGRU, which can achieve accurate traffic flow prediction while ensuring privacy. In Smart Home, [29] proposed FedHome, an in-home health monitoring system based on FL and cloud-side collaboration. It can protect user privacy while training global models using data from different homes. In Mobile Edge Computing (MEC) systems, [30] proposed FedCS, which designs a heterogeneous client model training mechanism to achieve efficient FL on MEC systems in SC. Moreover, FedCS achieves higher efficiency than traditional FL while protecting the privacy of MEC.

Therefore, the contributions and initial applications of FL in Industry 5.0 show that it has great potential to further promote human-machine collaboration and sustainable production, and guarantee system resilience in industrial systems. With the advancement of technology and the continuous expansion of application scenarios, FL will undoubtedly become one of the key enabling technologies for Industry 5.0.

2.1.2. Large language model

Large language models (LLMs) generally refer to Transformer [31] architecture-based language models that contain hundreds of billions (or more) of parameters. Firstly, LLM compresses rich knowledge into the model by pre-training on large-scale textual data. Further, the pre-trained models will be fine-tuned and aligned according to different application scenarios, and eventually demonstrate a strong ability to understand natural language and solve complex tasks such as GPT-3 [32], GPT-4 [33], LLaMA [34], etc.

It is worth noting that Industry 5.0 will further emphasize the automation and intelligence of Industry 4.0 while moving towards a human-centric approach, resilience, and sustainability. Therefore, LLM as a cutting-edge AI technology will be expected to provide great support to the vision of Industry 5.0. Specifically, we have categorized and summarized the following for the objectives of Industry 5.0 and the expected contributions of LLM:

• (1)

  Human-centric approach: First, LLM can facilitate human-machine collaboration. LLM’s powerful natural language understanding can improve the quality of interactions between AI and humans, which can act as a mediator of human-machine interactions, enabling machines to better understand human needs and intentions [35]. Secondly, LLM can facilitate personalized production by learning and adapting to the specific needs of individual users, which can lead to more personalized services and solutions for industrial applications [36]. In addition, LLM can be used to develop efficient training and education tools that enable industrial workers to learn new skills faster, which will contribute to the efficient integration of human creativity and machine productivity.

• (2)

  Resilience: Rapid adaptation to market and environmental changes, such as those brought about by COVID-19 [37], is one of the goals of Industry 5.0 [1]. Therefore, the ability of LLM to quickly process and analyze large amounts of data will facilitate rapid and optimal decision-making in response to changes in the market and the environment. Secondly, by analyzing historical data and real-time information, LLM can predict the potential risks and challenges of an organization, which will be helpful for risk management and forecasting [38]. In addition, by using LLM to analyze supply chain data, companies can better manage inventory and forecast demand, thereby improving overall operational resilience.

• (3)

  Sustainability: Industry 5.0 is expected to further the transition to green and low-carbon industries [1]. In response to this goal, LLM can help companies optimize their production processes, reduce resource waste, and achieve more efficient energy utilization. Furthermore, LLM can assist in analyzing pollution and emissions data and predicting the impact of industry on the environment, thus helping to optimize and develop green strategies [39, 40].

The development of LLM will accelerate the arrival of Industry 5.0. Therefore, we will categorize and discuss the key applications of LLM in the following, which includes some initial applications based on LLM towards the vision of Industry 5.0.

• (1)

  Human-machine interaction: Industry 5.0 reinforces the human-centered approach by linking increasing automation with human expertise [1]. [41] proposed effective LLM multilingual parsing by designing prompts, which shows that LLM promises to bridge the gap between natural human language and machine language. [42] designed a robot integrated with ChatGPT, RoboGPT, where a human operator can control the robot arm through verbal commands. The creativity and intuition of the human operator can be effectively communicated to the robot due to the natural language processing and contextual understanding capabilities of LLM. [43] proposed an expression-upgraded robot where the robot can display appropriate facial expressions while delivering messages. [44] created an LLM-based personalized companion robot and investigated the challenges associated with interaction and conversation with older adults. [45] proposed an LLM-based android robot that guides conversations and segments tasks based on scenarios. Such dialog systems enhance the user experience and better establish user trust in the robot.

• (2)

  Assistance and education: Industry 5.0 aims to eliminate workers’ fear of rapid technological change and development, which makes technological development in the interest of workers and reduces the cost of learning and adapting to new technologies [1]. LLM can be used as an API interface to bridge natural language to professional operations, such as Open AI API [46], Hugging Face [47], Google Cloud API [48], etc., which reduces the threshold of operation and professional costs for workers. Therefore, workers can realize operations such as text recognition, entity recognition, function calls, etc. through interactive high-level language. Further, due to the powerful generative capabilities of LLM, such as text-to-code [49], text-to-video [50], etc., the expertise as well as creativity of the workers are expected to be perfectly integrated with industrial production. In addition, LLM has been used to design efficient and high-quality personalized education programs thus contributing to the well-being of workers [51], especially based on LLM for generating educational content, increasing workers’ engagement, and enabling personalized training [52].

Consequently, the contributions and initial applications of LLM in Industry 5.0 reveal its importance for a human-centered, resilient, and sustainable future industrial development. LLM or even artificial general intelligence (AGI) will lead to a dramatic change in productivity, and how to ensure that AI can effectively and safely serve the future industry will become an important research direction.

2.2. Reliable-efficient communication layer

2.2.1. Blockchain

Highly collaborative heterogeneous and autonomous networks are critical infrastructure in Industry 5.0, where secure data sharing, processing, and access control are essential. As a result, Blockchain (BC) is widely recognized as an important security-enabling technology in Industry 5.0 [53, 54]. BC is essentially a decentralized digital ledger to ensure that transactions on multiple computers are recorded in a secure, transparent, and tamper-proof manner, which facilitates the recording of transactions and the tracking of assets in any peer-to-peer (P2P) network.

Importantly, as an advanced decentralized secure data management model, BC will provide important technical support for data asset security, audit management, trusted execution, and supply chain management for Industry 5.0 [53]. Specifically, we classify and summarize the objectives of Industry 5.0 and the expected contributions of BC as follows:

• (1)

  Human-centric approach: First, BC allows individual workers and consumers to create and control their own digital identities without relying on any centralized institution [55]. It allows democratizing access to industrial data, where data owners can decide the permissions for accessing, sharing, and processing data, etc. Secondly, BC guarantees transparent and tamper-proof arbitrary records of transactions, which safeguards the interests and rights of all industrial participants. In addition, BC enables peer-to-peer transactions and interactions without the need for a centralized institution, which can lead to a more collaborative and engaging work environment for workers.

• (2)

  Resilience: The resilience of an industrial system is its ability to withstand and recover from disruptions [1]. First, the decentralized character of BC makes it less susceptible to a single point of failure. Second, BC can ensure that data exchanged over the network is tamper-proof and traceable, which is critical to maintaining operational integrity in the face of cyber threats and disruptions. Additionally, individuals deploying smart contracts on the blockchain can simplify operations and ensure continuity even during unforeseen events [56], and this automation reduces the likelihood of human error.

• (3)

  Sustainability: Sustainability is a central pillar of Industry 5.0, which emphasizes that the industry needs to operate in an environmentally friendly and resource-efficient manner. Specifically, traditional supply chain management faces problems of inefficient transactions, high costs, and multi-participant insecurity, etc. [53]. BC can provide an immutable record of the entire supply chain, from raw materials to finished products, which facilitates the continuous verification and auditing of the entire supply chain’s production and consumption in terms of whether it meets the goal of sustainable production. In addition, BC is naturally transparent and tamper-proof, which can reduce the resource consumption of other traditional cryptographic mechanisms such as encrypted transmission and encrypted storage.

The development of BC will provide great support for Industry 5.0. Therefore, we will discuss below the initial applications of BC as an enabling technology in Industry 5.0.

• (1)

  Smart manufacturing: Smart manufacturing is an important foundation for mass personalization and creative production in Industry 5.0. [57] proposed a BC-based distributed information communication and processing scheme where different manufacturing organizations and machines can engage in audit-supported and transparent distributed communication, which supports smart manufacturing by enabling efficient distributed information processing across different nodes and physical devices. The authors in [58] propose a BC-based information-sharing system that establishes rules and standards for protecting the system in a trusted environment. [59] focuses on connectivity between shop floor machine components, enabling BC-based shop floor data sharing.

• (2)

  Energy management: Efficient energy management solutions are key to achieving Industry 5.0’s goal of sustainable production. [60] explored the potential of BC to provide services in distributed energy systems (DES), including condition monitoring, energy sharing and trading auditing, and carbon emission recording. [61] proposed an approach to improve the environmental sustainability of BC applications, further considering the potential of BC in mitigating climate change. [62] proposed a trusted financial ecosystem based on BC to control energy transactions through cryptocurrency exchanges. In addition, the decentralized structure of BC as well as decentralized applications are widely used in microgrids to achieve efficient distributed energy trading and management [63].

• (3)

  Supply chain management: Accelerating the evolution of supply chain networks towards connected, smart, and efficient supply chain ecosystems is essential for Industry 5.0 [53]. [64] proposed a decentralized, BC-based traceability solution for agri-food supply chain management that addresses the issues of data integrity, tampering, and single point of failure in traditional centralized supply chain management. [65] proposed a BC-based authentication mechanism across the supply chain, which ensures the trustworthiness of the information transmitted by all parties. [66] proposed BC-enabled business process management (BPM) to protect supply chain information interactions thereby reducing the risk of fraud.

In general, BC is an important enabling technology in Industry 5.0, especially its natural properties of decentralization, tamper-proof, and transparency contribute significantly to smart manufacturing, energy management and supply chain management, etc. These contributions and initial applications have revealed that BC will directly benefit the vision of a human-centered, resilient, and sustainable future industry.

2.2.2. Sixth-generation (6G) communication

In industry 5.0, industrial IoT devices will generate massive amounts of data, which will require higher-speed, more reliable, and lower-latency communication networks to transmit and process them. The vision of 6G, described in [67] as “global coverage, all spectra, all applications, all senses, all digital, and strong security”, heralds significant advances in wireless communications. 6G will build an integrated space-air-ground-sea communication network, explore all spectra (millimeter-wave, terahertz, etc.) communications, and will be applied to various vertical industries, such as artificial intelligence, big data, and human-machine interaction, which will improve tremendous support for more efficient, security, and sustainable industrial production. Specifically, we have categorized and summarized the following for the goals of Industry 5.0 and the contributions that 6G is expected to make:

• (1)

  Human-centric approach: 6G technology has expected features such as ultra-reliable low-latency communications (uRLLC), high data rates, and advanced artificial intelligence (AI) capabilities, which will significantly enhance applications such as human-machine interaction and AR/VR. Furthermore, the global coverage and wider connectivity of 6G will bring equal opportunities for people to participate in industrial production. In addition, the all-senses (sight, sound, smell, taste, and touch) communications provided by 6G will build more granular and real-time human-in-the-loop (HITL) systems, enabling a more personalized and human-centric industrial production environment [68].

• (2)

  Resilience: The expected advances in network slicing and edge computing in the 6G architecture will enable customized network services tailored to the needs of specific industries, ensuring continuity of operations even under adverse conditions. In addition, technologies such as AI and blockchain will be fully integrated with 6G networks, and this will ensure that the 6G network is trusted, manageable, and controllable, enabling network-endogenous and intelligent-endogenous security, which will improve the overall resilience of industrial processes [67]. Furthermore, ultra-reliable low-latency communications (uRLLC) will promote more security and reliability in latency-sensitive industrial areas such as autonomous vehicles and remote healthcare.

• (3)

  Sustainability: 6G will optimize manufacturing processes and improve energy efficiency through the more extensive, real-time, and accurate collection of data from a variety of sensors. 6G can also support a distributed manufacturing model that reduces transportation-related emissions by enabling local production. In addition, 6G will enable green, flexible, and lightweight network architectures (e.g., visible light communications, etc.) [67], which will free up unused spectral resources for traditional communications, further improving network communication efficiency and reducing carbon footprint.

Similarly, we will discuss below the initial applications and objectives of 6G in Industry 5.0 to demonstrate the great support of 6G for the future industry.

• (1)

  Tactile Internet: Based on the powerful communication capabilities of 6G, the tactile Internet will add a new dimension to human-machine interaction by sensing and transmitting tactile information [69]. Traditional IoT focuses on machine-to-machine (M2M) communication centered on machines to automate industrial processes. In contrast, the tactile Internet will help to implement human-in-the-loop (HITL) centric systems, thus increasing human involvement in industrial production and contributing to personalized production, enabling a human-centered design approach [70]. [71] combines tactile feedback and artificial intelligence to achieve real-time perception of remote task environments at a granularity of 1 millisecond, which can provide participants with a novel immersive experience. Additionally, tactile robots [72] can provide safer and more efficient production methods for human operators, as well as remote robotic surgery [73] has become possible.

• (2)

  Green communication: Green 6G aims at environmentally friendly communications and high energy efficiency, and it is expected to be deployed around early 2030 when the carbon footprint of network communications will be minimized. In addition, 6G will liberate more communication spectrum resources such as 6 GHz, terahertz [74], and optical wireless bands [75], which will address the resource challenges due to spectrum congestion. Meanwhile, the application of visible light communication will realize greener and more economical communication [76]. In addition, 6G is expected to realize greener and lightweight architectures such as the RAN-Core convergence architecture [77], cell-free architecture [78], and the fully-decoupled RAN architecture [79] etc.

• (3)

  Industrial internet of things: Practical applications and research of 6G in the context of the Industrial Internet of Things (IoT) are booming. [80] proposed an IoT-based industrial localization system for real-time location monitoring through underground communication using low-power Bluetooth (BLE). [81] proposed a novel theoretical framework for the 6G-based Industrial Internet of Everything (IIoE) and analyzed future challenges and applications. In addition, [82] investigated energy-efficient resource allocation strategies for large-scale industrial IoE systems in 6G applications, which include the use of distributed artificial intelligence to optimize clusters of sensor nodes and improve network energy efficiency.

Overall, the development of “global coverage, all spectra, all applications, all senses, all digital, strong security” 6G communication technology, will help to realize large-scale, personalized, resource-saving, and high-reliability production reform, greatly benefiting the promotion and development of Industry 5.0.

2.3. Human-machine interaction layer

2.3.1. Digital twin

Digital twin (DT) is a data-driven paradigm that bridges the physical and information worlds and involves the creation of virtual replicas of physical objects, systems, or processes. This innovative approach allows for real-time monitoring, simulation, and analytics that lead to a deeper understanding of the physical counterpart, including fine-grained management, predictive maintenance, optimized performance, and innovation [83].

As we move towards Industry 5.0, DT will play a key role in creating more resilient, efficient, and personalized Industry 5.0 systems [84]. Specifically, we have categorized and summarized below the objectives of Industry 5.0 and the contributions that DT is expected to make:

• (1)

  Human-centric approach: DT can promote human-machine interaction by combining such as VR (Virtual Reality) and AR (Augmented Reality) to facilitate workers’ understanding and operation of complex systems in real-time. In addition, DT can accurately map the physical world to the information world, which can provide a safe digital environment for workers to train and work without worrying about the risks associated with physical machinery. Furthermore, DT can control and operate physical entities through the information world, thus enabling remote access, analysis, and control of industrial systems [85], which means that even workers in different regions and from different backgrounds have access to the same opportunities for jobs.

• (2)

  Resilience: By continuously monitoring the operational status of physical assets, DT can predict failures before they occur, reducing downtime and maintaining a continuous production flow [86]. This predictive capability makes manufacturing systems more resilient to operational risks. In addition, DT allows for real-time simulation and adaptation in a virtual world before decisions are implemented and optimized in the real world, thus increasing the adaptability of industrial systems. Furthermore, DT is a highly accurate and fine-grained mapping of physical assets, which means that DT can reduce the risk of physical damage by preserving physical assets in the information world with integrity and security.

• (3)

  Sustainability: DT can optimize the use of resources by simulating and analyzing different operational scenarios, finding the most efficient scenarios in a data-driven way. Further, DT can provide real-time insights throughout the product lifecycle, helping to continuously make environmentally friendly decisions [84]. Moreover, executing production tests in the physical world would lead to a mass waste of resources and security risks. DT can build accurate digital proving grounds on a one-to-one basis, which will greatly reduce the cost of production testing. Also, in combination with other data-driven analytics tools automated production testing and evaluation can be realized.

Therefore, DT as a cutting-edge technology for Industry 5.0 will provide great support for future industrial development. We will discuss the initial applications of DT in Industry 5.0 below to explore the current status and future direction of DT development.

• (1)

  Smart manufacturing: DT is a data-driven model that can be well combined with intelligent computing models as well as visualization techniques to achieve real-time intelligent data analysis and control decisions. [87] outlined the application of DT in pharmaceutical and biopharmaceutical manufacturing, pointing out that DT is a key technology to drive smart manufacturing. [88] proposed a DT-enabled smart manufacturing framework for integrated manufacturing and maintenance of complex products, including solutions for data fusion, fault prediction, product integration, modeling, and simulation. [86] proposed a DT-based product testing scheme for autonomous vehicles to achieve provable and quantifiable safety testing through real-time intelligent data analysis.

• (2)

  Visualization of production: The essence of DT is to construct virtual digital models to restore the physical world scenarios, in which visualization models can visually express multi-dimensional abstract data to the workers, and can facilitate the workers to guide the production process according to their own professional knowledge and creativity. [89, 90] investigated industrial DT visualization models based on fast 3D modeling techniques, which can provide efficient product monitoring, commissioning, and data processing. [91] proposed a DT-based numerical control machining system, in which DT can continuously monitor the real machining process and provide various data visualization support in a virtual environment, thus improving the productivity of the actual machining process.

• (3)

  Supply chain management: DT can provide full life cycle management and monitoring of industrial production, especially supply chain management can significantly optimize industrial production. [92] first discussed the adoption of DT in the logistics domain to address the issue of supply chain and supply network visibility. The results of the study found that DT can help logistics companies develop predictive metrics, diagnostics, forecasting, etc. thereby improving logistics efficiency and stability. [93] proposed a supply chain system that integrates reinforcement learning and DT, which enables intelligent supply chain-wide configuration and optimization that can significantly reduce industrial manufacturing and supply chain lead times. Furthermore, [94] investigated the benefits of deploying digital twins in supply chain systems for fresh horticultural products, concluding that DT can help to customize the supply chain to maximize shelf-life and reduce food losses.

Overall, DT can create virtual replicas of the real world thereby liberating physical resource constraints, and incorporating data-driven intelligent analytical tools helps to create efficient, accurate, safe, intelligent, and easy-to-interact industrial production models. These contributions and initial applications have revealed that DT will be an important enabling technology to drive Industry 5.0.

2.3.2. Collaborative robots

Collaborative robots (Cobots) represent a significant technological advancement in automation, characterized by their ability to work safely and effectively alongside human operators. Their integration with industrial processes aligns with the emerging Industry 5.0 paradigm, emphasizing the humanization of restorative manufacturing, sustainability, and resilience. Specifically, we have categorized and summarized below the goals of Industry 5.0 and the contributions Cobots is expected to make:

• (1)

  Human-centric approach: Cobots are designed to work alongside humans, which complements rather than replaces the human workforce. Cobots are equipped with sensors and artificial intelligence algorithms that understand and predict human behavior, so they can ensure the efficiency and safety of shared workspaces. In addition, Cobots can be used for repetitive or physically demanding tasks, allowing humans to focus on tasks that require creativity, critical thinking, and emotional intelligence. This not only increases productivity but also reduces the risk of workplace injuries while adapting to human physical demands.

• (2)

  Resilience: Cobots have the flexibility to quickly adapt to new production requirements, thus increasing the resilience of industrial operations. In addition, Cobots allow for rapid reconfiguration through modular design and simple programmability, enabling manufacturers to adjust operations with minimal downtime. Additionally, integrating collaborative robots into production lines can help maintain output during labor shortages or when human workers are unavailable on the factory floor, such as in the case of a health crisis.

• (3)

  Sustainability: Cobots can significantly improve the precision and efficiency of industrial production, which reduces the generation of waste during the manufacturing process. In addition, Cobots can perform routine maintenance tasks, such as cleaning and lubrication, which can improve equipment efficiency and extend its service life. Additionally, Cobots can enhance the manufacturing process through the efficient use of materials and energy, minimizing manufacturing deviations and material costs.

Furthermore, the initial application of Cobots in industry 5.0 is discussed below to demonstrate the support and promise of Cobots for industry 5.0.

• (1)

  Smart Manufacturing: [95] proposed Skill-Based Systems (SBS) software tools enabling novices to program industrial tasks on Cobots, thus enabling the use of Cobots in dynamic human environments. [96] proposed that collaborative assembly workstations improve operator body load and increase productivity by reducing biomechanical overload and shortening cycle times. In addition, collaborative robots can be used to perform machine maintenance tasks, loading and unloading parts from machines [97]. Their use in machine care not only improves efficiency but also allows human workers to focus on more value-added activities.

• (2)

  Healthcare: Cobots are used to assist in patient care and to help with rehabilitation exercises, such as guiding patients through physical therapy maneuvers [98]. Cobots have also been applied to reduce infection transmission, improve patient care, and increase efficiency during the COVID-19 pandemic [99]. Additionally, Cobots technology can improve spine and trauma surgeries by accurately tracking patient movement and providing feedback to surgeons, aiding in the placement of tools, and assisting in surgical procedures [100].

• (3)

  Intelligent agriculture: [101] proposes that agricultural Cobots show great promise in addressing seasonal labor shortages and environmental concerns. [102] deployed multiple Cobots to cooperatively harvest grapes, thereby reducing task duration and increasing agricultural productivity. [103] proposes that Cobots could reduce labor costs and address the labor shortage in Greek viticulture, potentially reducing costs by up to 11.53% per year. In addition, [104] used Cobots for weeding in organic farmland, where the robot would find the path of the weeds and remove them completely, which would save a lot of time and cost.

In the next section, the triad of security threats within the above Industry 5.0 technology framework will be described in detail (see Figure 2).

Figure 2. Triad of security threads for Industry 5.0

3. Security threats in industry 5.0

3.1. Function safety threats in industry 5.0

Functional safety is defined as an aspect of system design and operation that ensures that a system performs its intended function correctly and safely, even in the presence of hardware or software failures, environmental changes, or human error (unintentional). It is fundamentally concerned with minimizing the risks associated with unintentional errors or malfunctions that could lead to unsafe conditions or failures in performing the intended operation. More directly, a functional safety threat refers to the threat of an insecure situation resulting from a non-malicious, accidental breach [105, 106].

3.1.1. Threats at AI-empowered decision layer

The AI-empowered decision layer is the decision-making organization and data center of Industry 5.0, responsible for data fusion and decision analysis in specific industrial scenarios. Meanwhile, accurate and efficient execution of specific industrial tasks is a key requirement for this layer. Therefore, the main functional safety threats to this layer will be categorized into low-quality unavailable computational outputs and inefficient and overloaded resource utilization.

(1) Low-quality unavailable computational outputs are one of the key threats to AI models. The contradiction between the massive, heterogeneous, and personalized devices that Industry 5.0 brings and the industrial tasks that require efficient and accurate execution of results is the main reason for the threat. Specifically, we will discuss the key enabling technologies in the AI-empowered decision layer of Industry 5.0, Federated Learning, and Large Language Model, in a categorized manner to identify the main safety threat behaviors. First is FL:

• Data heterogeneity threat. Industry 5.0 has brought more heterogeneous and distributed data than ever before, which are usually non-independently identically distributed (Non-IID) [107]. Traditional FL algorithms are based on the assumption of independently and identically distributed (IID) data, which causes problems such as difficulty in convergence of the training process and degradation of model quality when dealing with Non-IID data [108]. In addition, the central server cannot cover the data distribution of all participants in this case. This will lead to server-led tests that are prone to problems such as misclassification, accuracy degradation, and neglect of a few participants.

• Client failure. Industry 5.0 promotes the Internet of Everything (IoE), where a large number of IoT devices will participate in smart computing and FL networks. This means that it is difficult to guarantee that all participating clients will complete each FL iteration without errors, and any client failure may affect the performance of the global model training process. This may result in the global model having difficulty converging or generating low-quality models [109].

• Centralized server single point of failure. Since traditional FL relies on centralized servers to coordinate the iterative process, this means that a large number of clients involved in model updating in Industry 5.0 may cause the centralized servers to be overwhelmed and suffer from a single point of failure, which will directly lead to the paralysis of the entire FL network.

In addition, the following security threat behaviors are predominant for LLM:

• Low-quality datasets. LLM is driven by massive data from Industry 5.0 to make intelligent decisions automatically. However, diverse and massive devices will generate a lot of low-quality data containing various noisy, redundant, irrelevant, and harmful data, etc. [110], which will significantly affect the performance of the LLM model and lead to low-quality and unusable outputs.

• Outdated knowledge. LLM learns a large amount of knowledge through pre-training, but over time, time-sensitive knowledge will become ineffective [111]. This will lead LLMs to output outdated decisions and affect the entire industrial production process. It is resource infeasible to constantly retrain the LLM for the large amount of real-time data generated by sensors or industrial IoT devices.

• Hallucination. One of the main challenges faced by LLMs when generating fact-based outputs is the phenomenon of “hallucination”, which consists of generating information that contradicts existing factual sources (known as an intrinsic hallucination) or generating information that cannot be verified by existing factual sources (known as an extrinsic hallucination) [112]. Such illusions may not only cause LLMs to produce outputs that deviate from expectations but also often negatively affect their performance, posing an additional risk for deploying LLMs in real-world industrial application environments.

• Lack of Explainability. The absolute complexity and size of the LLM, containing a model with 175 billion parameters, makes it a huge challenge in terms of explainability [113, 114]. Since LLM lacks explainability, this creates concerns about accountability, honesty, and usability [115]. Decision-making in LLM may have a significant impact on various key industrial scenarios of Industry 5.0. Without explainability, stakeholders will not be able to trust LLM outputs and decisions, which will lead to the unavailability of computational outputs.

(2) Inefficient and overloaded resource utilization is another key threat. Industry 5.0 requires sustainability and resilience as a development goal, yet the massive number of heterogeneous networked devices, edge computing devices, and central servers pose significant communication and computational stresses and threats. Specifically, we will discuss a categorization and identify the major safety threat behaviors in FL and LLM. First is FL:

• Device heterogeneity threat. In Industry 5.0, a large number of heterogeneous end devices will participate in the decision-making process, where distributed and democratized data transmission and analysis will become the norm. However, different end devices have significant differences in hardware characteristics, channel conditions, and battery power. Clients with high-quality conditions will complete a round of iteration in a shorter time, but the global model will keep waiting for low-performance client devices to complete the training [116], so the asymmetry of the devices will lead to the waste of resources and the inefficiency of training.

• Expensive communications. Sustainability goals imply the rational use of resources and green communication. However, the exponential growth of clients in Industry 5.0, e.g., millions of industrial sensors, means that limited communication resources cannot be matched. In particular, FL requires servers and clients to exchange and iterate a large number of model updates, which leads to increasing network channel load and significantly slows down model convergence [117].

• Limited IoT computing resources. FL requires all IoT devices to participate in storage, computation, and communication for model updating. Unfortunately, most edge IoT devices cannot jointly train full-size AI models due to hardware, memory, and power resource constraints [118]. Also, some mobile devices with low battery resources cannot afford the energy consumption of multiple rounds of iterations for a long time. All of these threats can lead to significant training delays or training interruptions, which can severely affect the performance of FL.

For LLM, it exists the following main security threat behaviors:

• Expensive pre-training. Pre-training LLMs is accompanied by a huge consumption of computational resources, involving significant economic costs. Implementing the training of these models often requires thousands of hours of computational time and large amounts of energy, and can cost millions of dollars. Such models are referred to as “Red AI” [119] for their reliance on intensive computational resources to achieve cutting-edge performance. This terminology emphasizes the technological advances gained through large computational inputs, but it also highlights their potential limitations for widespread adoption in Industry 5.0.

• Limited fine-tuning. Fine-tuning LLM represents an important approach to customize the model to fit a specific application by additionally training the model on task-specific datasets [43]. This process places significant demands on computational resources and storage capacity, as a large amount of memory is required to maintain the gradients, parameters, and activation states of the model, as well as to store the fine-tuned model itself. This high load on resources limits the application of the technique within the wider industrial field.

• Inference latency. High inference latency is also one of the main challenges that threaten the availability of LLMs due to reasons such as large memory footprint and lack of parallelism [111]. In particular, in industrial applications that require high real-time and accuracy, high inference latency can seriously affect the actual production process.

• Environmental and energy burden. The study revealed that the training phase of the GPT-3 model consumed about 185 000 gallons of water, an amount comparable to providing sufficient cooling water for a nuclear reactor cooling system [120]. In addition, the energy demands of the AI training process have significant environmental impacts, particularly in terms of contributing to greenhouse gas emissions and exacerbating climate change [121]. Therefore, such a high load of resource utilization and energy consumption will seriously threaten the goal of sustainable development of Industry 5.0, highlighting the urgency of the need to balance environmental protection with the development of advanced technologies.

3.1.2. Threats at reliable-efficient communication layer

The reliable-efficient communication layer is responsible for meeting the information dissemination and interaction of a large number of machines or sensor devices in Industry 5.0, guaranteeing reliable and secure data collection and transmission in specific industrial scenarios. In particular, the goals of resilience and sustainability make Industry 5.0 a further requirement for low energy consumption and highly reliable communication. Current mainstream research considers 6G and blockchain as the cornerstones of future Industry 5.0 communication networks, with 6G providing unprecedented communication experiences and blockchain guaranteeing secure and reliable 6G communication. However, due to the large number of gaps in research on 6G and blockchain and their deployment in large-scale Industrial 5.0 networks, this poses significant unknown and functional safety risks. Therefore, we categorize the current major functional safety threats in this layer into inadaptation and unscalable communication designs as well as high-energy and high-cost communications.

(1) Inadaptation and unscalable communication designs. Industry 5.0 brings massive, heterogeneous, and personalized devices and data, with different hardware and software interacting to form industrial IoT networks. Further, the different devices or networks require different types of sensing modes, transmission services, reliability designs, etc., which pose significant challenges and functional threats to the design of communication and security technologies. Fortunately, although 6G is in its infancy, current research indicates that 6G will meet the communication requirements of “global coverage, all spectra, all applications, all senses, and all digital”, and is expected to realize a communication architecture that supports large-scale, multi-user, highly reliable and low-latency communication. Of course, the fact that 6G research and development is still in its infancy means that it is unnecessary to analyze functional safety threats for the specific architecture of the current 6G in Industry 5.0. In particular, the challenges developed specifically for 6G are not the focus of our study, and the reader is referred to the relevant content in [67, 122]. We will discuss current designs and research in 6G that are applicable and easily scalable to Industry 5.0 in the Security Countermeasures section of the next chapter.

In addition, there are challenges and threats to the deployment and scaling of blockchain in large-scale industry 5.0 production:

• Business process threats: This part of threats refers to the insecure and unreliable factors faced in blockchain-wide business processes. This includes smart contract safety (threats such as no-gas sending, business deadlocks, etc.), implementation safety (business integration difficulties), business regulation and governance difficulties, etc. [123, 124]. In particular, the decentralized architecture poses challenges for the regulation and evaluation of real industrial production business [125].

• Infrastructure threats: This part of the threat comes from the threats regarding private key management and endpoint vulnerabilities in blockchain integration with industrial networks. Since the private key is the unique identifier in the blockchain, the private key is mainly managed by the users themselves. This creates a huge uncertainty in large-scale industrial production, and the loss of a participant’s private key will have serious consequences. In addition, due to the large number of endpoint sensor devices accessing the blockchain in the industrial IoT, brings about vulnerabilities in safety beyond the blockchain itself [125], which may affect the entire industrial process.

• Scalability: Millions of real-time transactions occur in industrial environments, and all transactions and communications require storage for validation. However, blockchains are limited in the size of each block and the data that can be processed for a transaction, which threatens the deployment and scaling of blockchains in industrial environments.

(2) High-energy and high-cost communications. Industry 5.0 is sensor-driven, which means a massive number of communication endpoints in the communication network with requirements for highly reliable, low-latency communication at scale. 6G and blockchain technologies in this layer will hopefully fulfill these requirements, but this often comes at the cost of energy consumption. The study in [126] points out that 5G consumes more than three times as much energy as 4G. It is foreseeable that 6G will consume more energy than 5G [67], especially since 6G is also expected to provide richer and more diverse services, including digital twins and smart computing. As a result, this will threaten Industry 5.0’s goal of requiring sustainable and green production. Besides energy consumption, the communication requirements of massive devices will be limited by communication resources (e.g., bandwidth, spectrum, power, etc.) [122], which will lead to a serious impact on the performance of the communication layer including BER, throughput, latency, and so on.

In addition, the wide deployment and application of blockchain in communication across sensors face the challenge of needing to design low-power scalable consensus protocols. The Proof-of-Work (PoW) protocol, which has been widely proven in its effectiveness and security, has the threat of high consumption of computational resources, power, etc., which is costly and unsuitable for industrial operations [53]. In particular, factory enterprises require more lightweight and efficient consensus protocols [127]. Therefore, research on more lightweight and efficient public blockchain consensus is the foundation of blockchain deployment in the industry.

3.1.3. Threats at human-machine interaction layer

The HMI layer is at the center of production and manufacturing in Industry 5.0 and is responsible for human-machine collaborative manufacturing and human-centered interactive production in specific industrial scenarios. In particular, the HMI layer is at the forefront of industrial production, which will be in direct contact with workers and requires safe and efficient production. Therefore, the main functional safety threats in this layer will be categorized as direct or indirect damage to humans and functional limitations, errors, or unavailability.

Figure 3. Function safety threats of Cobots in human-machine interaction layer

(1) Direct or indirect damage to humans is one of the key threats to the HMI layer. In particular, Industry 5.0 emphasizes human-centered reforms in production and manufacturing methods, which will expand the contact surface between machines and humans. As a result, the primary functional threats to all types of human interacting machines or technologies are damages to human safety [128]. We begin by categorizing and summarizing the threats to one of the core technologies of this layer, collaborative robots (Cobots) (see Figure 3):

• Collision risk: Efficient collaboration requires the elimination of spatial constraints between humans and machines, but this also brings with it a large number of collision risks, which will directly damage human workers. [129] points out the sources of collision risk for collaborative robots, such as accidental movement (movement outside of the planned area), equipment failure (cables, valves), handling hazardous workpieces, hazardous side effects (welding sparks, cutting), excessive machine power and force, and so on.

• Harmful materials: Cobots inevitably require contact with humans, and improperly designed skin materials in Cobots can have devastating effects on worker health. This includes but is not limited to, the threat of hazardous materials in the skin coming into contact with humans, releasing chemicals of their own, etc. [130].

For the other core technology of the layer, digital twins, the physical entities in them present the same threats as the Cobots described above. More often than not, DTs have been combined with Cobots to create virtual representations of Cobots in order to monitor and evaluate the performance and safety of Cobots [131]. However, since DT interacts with humans through digitization and information systems, the trustworthiness of its informational entities will indirectly be detrimental to humans [132]. This is because the information decisions of the DT will directly affect real-world production operations, and once the information on the information side of the DT becomes false and untrustworthy, it will lead to errors in judgment by human workers, potentially leading to real-world machines causing damage to humans.

(2) Production function limitations, errors, or unavailability are natural threats that cannot be avoided by equipment, machinery, or technology in various industrial manufacturing scenarios. These threats will lead to reduced industrial productivity, disruption of production processes, and damage to machine products. Similarly, we first classified and summarized the threats against Cobots:

• Lack of self-learning and flexibility: Self-learning and flexibility refer to the ability of Cobots to adapt to changing industrial tasks and scenarios by reprogramming or learning. Rule- or schedule-based Cobots have difficulty adapting to the demands of rapid task switching and efficient production collaboration in Industry 5.0 [133].

• Ineffective communication with people: Collaboration is based on efficient communication. Limited communication strategies based on rules, protocols, etc. will reduce the efficiency of human-computer collaboration, thus limiting productivity [134].

• Equipment fatigue or failure: Cobots perform a lot of repetitive labor and stressful work, and its failure and fatigue will have a direct impact on productivity, leading to production interruptions and unavailability [131].

• Inappropriate scheduling and distribution: Task assignment and human-machine scheduling are frequent and important activities in Industry 5.0 production [135]. Irrational scheduling and allocation will lead to machine and worker fatigue, resulting in limited or reduced productivity of the entire system.

For DT, the main threats are as follows:

• Low-quality data threats: DT is a new paradigm in data-driven industrial production, and its reliability, validity, and accuracy depend largely on the quality of the data used to construct the virtual model [132]. Therefore low-quality data will lead to limited DT prediction, analysis, and control or errors leading to damage to physical machines.

• Data synchronization threats: DT realizes efficient resource management, predictive maintenance, and other functions by creating highly accurate replicas of physical entities. Unfortunately, the massive amount of heterogeneous, real-time data in Industry 5.0 will cause data synchronization from the physical world to the information world to become difficult, which will lead to the deviation of the functions of DT [136].

• Data freshness threats: DT requires real-time or near real-time data synchronization, but the problems of congestion and preemption caused by massive data will seriously threaten DT scenarios with timely synchronization requirements.

• Resource orchestration threats. Industry 5.0 will bring large-scale heterogeneous and complex data networks, which will make it difficult for DTs to load huge amounts of data. Traditional resource orchestration will be severely impacted [132].

3.2. Information security threats in industry 5.0

Information security focuses on protecting digital data, models, or systems from unauthorized access, use, disclosure, destruction, modification, or disruption. This aspect of information security focuses on maintaining the confidentiality, integrity, and availability of information (the CIA triad) and ensuring that authorized users have access to data and computational models while preventing intruders or malicious attacks. In direct terms, information security threats refer to the threat of malicious, human-created disruptions leading to insecure situations [105, 106].

3.2.1. Threats at AI-empowered decision layer

The explosive growth of industrial devices and data in Industry 5.0 has expanded the attack surface of the AI-empowered decision layer. In particular, this layer is required to collect and process large amounts of data while automating intelligent decisions. As a result, this means that malicious model behavior will lead to ineffective or dangerous decisions, which can lead to serious asset damage or even threaten personal safety. In addition, this faces a greater risk of data breaches than ever before, which can lead to significant data and asset losses. Therefore, the main information security threats in this layer will be categorized into insecure and malicious AI model behaviors and user data privacy compromise (see Figure 4).

Figure 4. Information security threats of AI-empowered decision layer in Industry 5.0

(1) Insecure and malicious AI model behaviors. Models are key production tools for the future industry, which means that they will be accompanied by a greater number of malicious attacks than ever before. Specifically, we will discuss key enabling technologies in the AI-empowered decision layer of Industry 5.0, federated learning, and large language models, categorizing them to identify the main security threat behaviors. First is FL:

• Data poisoning. This refers to an attacker contaminating the training dataset by adding forged data or modifying existing data, etc., so that the model learns the wrong alignment relation, thus reducing the accuracy of the model [137]. In FL systems, an attacker can implement a data poisoning attack by controlling a participant or modifying a participant’s client training dataset, which affects the model’s reasoning leading to insecure or malicious model behavior.

• Model poisoning. This is an attack on the model by directly modifying its weight parameters or model gradient [138]. In the FL workflow, participants need to send local model updates to the server. Since FL ensures the privacy of each participant that both data and training process are done locally, the server cannot verify the authenticity of the model uploaded by the participants. Therefore, malicious parties can construct arbitrary model updates and send them to the server to destroy the aggregated global model.

• Backdoor attack. This is a special kind of targeted data poisoning attack or model poisoning attack [139]. The attacker can activate the backdoor through a pre-set trigger so that the model with the trigger data to perform malicious behavior manipulated by the attacker, while not affecting the normal data inference.

• Malicious servers. In FL, the server is responsible for global model initialization, aggregation, and update. In the traditional FL architecture, client participants do not check the correctness of the global model, so the malicious server can skip the aggregation process and directly send out the malicious model, which poses a serious threat to the participant’s model application.

For LLM, the other core enabling technology in this layer, the main security threat behaviors are as follows:

• Data poisoning. A data poisoning attack refers to an attacker deliberately inserting malicious data into the training dataset to manipulate the model’s learning process. Studies in [140, 141] reveal that pre-trained models can be easily corrupted by introducing maliciously designed weights or data. As a result, LLM is highly vulnerable to such attacks due to its pre-trained nature, which will lead to systematic negative effects or malicious outputs of LLM in multiple production tasks.

• Backdoor attack. While Industry 5.0 brings a large amount of data and computational resources to LLMs, it also increases the risk of exposing models to maliciously manipulated training data and environments. Attackers can achieve malicious manipulation of LLMs by embedding backdoors into LLMs [142, 143], which will seriously affect industrial system behaviors and decisions.

• Jailbreaking. This refers to bypassing security restrictions imposed by LLM developers to respond to insecure questions or to access sensitive restricted information [143]. As a result, this can lead to unauthorized extraction of proprietary or sensitive information, which can compromise data privacy and intellectual property rights. In addition, it may generate harmful or misleading information that affects the decision-making process and public perception.

• Denial of Service (DoS). This is a common and threatening cyber attack that exhausts the communication and computational resources of a system by constructing malicious requests. In Industry 5.0, LLMs have to process huge amounts of information and require a lot of resources, which means that attackers can construct malicious prompts to reduce model availability [144, 145].

(2) User data privacy leakage. Data, as a key asset for the future of industry is exposed to an increasing number of information security threat behaviors. Specifically, we will discuss a categorization of key enabling technologies, Federated Learning, and large Language Models, in the AI-empowered decision layer in Industry 5.0 to identify major security threat behaviors. Firstly, FL:

• Membership and Attribute Inference. Membership inference attacks [146] refer to an attacker’s use of a participant’s model update or global model to infer whether a particular data sample is included in the participant’s training data set. Attribute inference attacks [146] refer to inferring sensitive privacy attributes of a participant’s training data, e.g., each class of labeled training data can be reconstructed by inferring key features of each class of training data.

• Eavesdropping attacks. Industry 5.0 brings full-coverage and full-sensory Internet of Everything communication, but the large number of interaction processes, especially the multiple iteration process in FL, can lead to eavesdropping attacks. Suppose the communication between the participant and the server is in plaintext, or a vulnerable encrypted communication method is used. In that case, the attacker can obtain the model updates uploaded by the participant and the global model downloaded by the server through eavesdropping [147].

• GAN Reconstruction Attack: this is done by training a generator to mimic the data of other participants in FL and utilizing a discriminator as a global model to evaluate the accuracy of the generator mimicry, thus enabling a malicious participant to reconstruct and steal the participant’s private data [148].

For LLM, the following security threat behaviors are predominant:

• Membership and attribute inference. Membership inference attacks involve discerning whether a particular data instance is involved in the training process of a model, in the context of having white-box or black-box access to the model. This type of attack is particularly prominent in LLMs, and studies [149–151] demonstrate its widespread risk. Meanwhile, attribute inference attacks aim at exposing the sensitive attributes of an individual or entity by analyzing its action patterns. Related studies [152–154] reveal that current LLMs can accurately infer various personal information with high precision.

• Extraction attacks. This type of attack aims to obtain specific sensitive information (e.g., training data, labels, model gradients, etc.) directly from the model. In particular, the training data of LLMs in Industry 5.0 will contain a large amount of production confidential information. Numerous studies [155–157] have investigated that it is possible to extract training data from LLM and obtain sensitive private information.

3.2.2. Threats at reliable-efficient communication layer

The explosive growth of industrial devices and data in Industry 5.0 has significantly increased the attack surface at the communications layer. This includes the ability for malicious attackers to manipulate and destroy communication or transaction data, as well as to obtain user privacy from large amounts of communication data. This can lead to widespread industrial process failures and compromised user benefits. As a result, the main information security threats at this layer will be categorized as manipulation, hijacking, tampering with communication data, and user data leakage.

(1) Manipulation, hijacking, tampering with communication data. Efficient data collection, reliable transmission, and low-latency processing are core requirements of Industry 5.0, which means it will be accompanied by greater vulnerability. Specifically, we will discuss the key enabling technologies in this layer, 6G and blockchain, in a categorized manner to identify the main security threat behaviors. First is 6G:

• Physical layer jamming attack: The physical layer is the cornerstone of 6G communications, and attacks targeting the physical layer will threaten all 6G applications. As industrial networks contain a large number of low-computing power sensor devices, it is difficult to deploy advanced and complex security mechanisms. As a result, this will pose significant security threats. These mainly include jamming attacks and contamination attacks. For example, jammers can inject radio signals to occupy channels, thus preventing legitimate users from participating in wireless communications [158].

• Connection layer data security threats: This part of the threat is mainly countered by end-to-end encrypted communications. However, due to the proliferation of devices and data traffic in Industry 5.0, it is difficult to implement full end-to-end encryption while taking into account energy consumption and cost. Attacks in this segment mainly target data traffic to launch tampering, spoofing, and DoS attacks [159], all of which threaten the core network and compromise legitimate users and devices.

• Service layer system attack: 6G will provide a large number of native services and third-party programs in industrial production, which brings corresponding threats. Attacks against service layer systems essentially include all system security issues [159], including authentication, access management, kernel hardening, firewalls, data encryption, etc., which all pose challenges for future 6G applications in industrial networks.

In addition, the main threats against blockchain are the following:

• Mining attacks. The purpose of the attack is to gain control of the blockchain network. Industrial networks have a large number of data assets and high-value information, which will lead to more significant damage from this attack. This part of the attack mainly a includes 51% attack, selfish mining attack, etc. [125], which will all lead to the attacker gaining control of the entire blockchain thus threatening the entire network.

• Network communication attacks. Blockchain uses a large number of p2p networks to communicate between nodes, where more sophisticated security threats exist. These include Eclipse attacks, which cause illegal transactions by manipulating nodes; Sybil attacks, which deceive neighboring nodes by forging identities; DDoS attacks, which cause nodes to be unable to complete mining by injecting a large amount of information; and re-entry attacks, which can drain the attacked by attacking a vulnerable smart contract.

• Smart contract security: The security of blockchain largely depends on the security of smart contracts [160]. Industry 5.0 requires large-scale personalized production, and smart contracts will meet more personalization and services. Meanwhile, the wide application of smart contracts will bring more threats, including business level, virtual machine level, and contract code level [125]. The most typical code-level problems, such as re-entry attacks and unknown calls, will damage the assets of relevant stakeholders.

• Infrastructure vulnerabilities: This mainly includes attacks against network infrastructure such as DDoS attacks, traffic hijacking attacks, Eclipse attacks, etc., which will threaten users’ digital assets.

(2) User data privacy leakage. Privacy has always been a major threat to communication technologies. Especially in the future industrial system where data is valuable, protecting privacy is equivalent to protecting assets. In particular, due to the application of 6G in Wearables, Cobots, Artificial Intelligence, and Tactile Internet, a large amount of sensitive information will be expected to be acquired [159]. Similarly, blockchain has the potential for privacy breaches. Common privacy threats include identity privacy attacks, where attackers use key attacks, replay attacks, and impersonation attacks to access user information and key assets illegally, and transaction information attacks, where attackers use transparent public transaction information to analyze potentially sensitive information [53].

3.2.3. Threats at human-machine interaction layer

The explosive growth of data and the need for efficient, reliable, and secure production in Industry 5.0 pose a huge challenge to information security protection in the HMI layer. Especially, there is a significant crossover between information security and physical safety in the HMI layer. In particular, an attacker can hack into the HMI system and then directly manipulate the operating state and logic of the physical machine by conveying malicious commands, modifying control parameters, etc., which ultimately may even threaten human safety. For example, in the Stuxnet (2009) worm attack, the attacker used a device such as a USB stick to inject the Stuxnet worm into the HMI system. Then, the worm spreads to the industrial control system and modifies the industrial control program to generate malicious instructions. The malicious instructions are transmitted via the intranet to the programmable logic controllers (PLCs) of the physical machines. Eventually, the operating parameters of core industrial equipment were modified, leading to severe machine failure. Therefore, categorizing and summarizing the information security threats in the HMI layer is significant for reliable and secure Industry 5.0 production. We categorize this layer’s main information security threats into maliciously intruded, manipulated, and compromised systems and user data privacy leakage.

(1) Maliciously intruded, manipulated, and compromised systems. Malicious attacks on HMI systems will directly affect the real world and significantly jeopardize human workers. We will categorize and summarize the threats related to the two core technologies of the HMI layer, Cobots, and DT, to demonstrate the main challenges that this layer faces.

The first is Cobots. There are far fewer studies on the information security of Cobots than on functional safety, and there are still significant blanks in the research on information security issues specifically for Cobots [129]. Some preliminary studies have paved the way for summarizing and exploring the information security threats of Cobots. In particular, [161] conducted threat modeling and classification of malicious attacks on industrial robots, identifying five types of attacks: altering the control loop parameters, tampering with calibration parameters, tampering with the production logic, altering the user-perceived robot state, and altering the robot state. In addition, a brief discussion on the specific information security threats to Cobots is given in [129], including weak access control policies, lack of practical authentication policies, lack of reliable digital forensics and intrusion detection mechanisms for Cobots, etc.

In addition, DT is the core information system in the HMI layer and therefore faces the most information security threats. The main security threats are as follows:

• Data security threats. Since DT is a high-precision data-driven paradigm, damage to data will greatly affect the performance of DT. This mainly includes data tampering attacks, DT desynchronization attacks, poisoning attacks, low-quality data threats, etc.. [162].

• Authentication threats. A DT with a legitimate identity can gain full control of the corresponding physical entity and can even further threaten the information of other DTs. This means that authentication is a key protection for DT systems. Threats in this part include impersonation threats, unauthorized access, backdoor attacks, privilege escalation threats, etc. [132].

• Communications security threats. The intra-twin communication and inter-twin communication are the key architectures that enable DT functionality, which involves the synchronization and sharing of large amounts of information. This means that attacks against communication will lead to malicious manipulation or destruction of DT, which includes DoS attacks, man-in-the-middle attacks, Sybil attacks, etc. [162].

• Information-physical cross-threats. Since DT builds a bridge from the physical world to the information world and enables bidirectional communication and bidirectional control. This means that DTs face crossover threats from both the information and physical worlds [162]. For example, as shown in Figure 5, an attacker can hack into the DT information system to execute cyber-attacks (Trojan horse injection, backdoor attack, out-of-authority access, etc.), which can maliciously change the configuration and control policies of the DT. Since the DT and the physical entity are bi-directionally synchronized, the malicious configurations and instructions will be synchronized to the physical entity’s controllers (e.g., Programmable Logic Controllers (PLCs)), which will ultimately maliciously control the operation of the physical device [83]. Similarly, an attacker can damage physical devices, thus affecting the normal service of DTs throughout cyberspace [163].

  Figure 5. Cross-threats of Digital twin in Human-machine interaction layer

(2) User data privacy leakage. The HMI layer will collect and process a large amount of information directly related to people and machines, such as user preferences, user’s physical state, industrial equipment parameters, etc., which amplifies the risk of privacy leakage. The privacy concerns of Cobots are not widely noticed yet, however, DTs as information centers of the HMI layer are facing a wider range of threats:

• Personal data exposure: DT requires the creation of high-precision replicas of entities, which requires extremely fine-grained, high-frequency collection of large amounts of machine and personal data. Attackers or malicious servers can steal and collect sensitive information during DT collection, storage, transmission, and processing.

• Model privacy leakage: Current DT intelligences are mainly trained and aggregated by collaborative learning approaches for model training and aggregation, which involves the risk of privacy leakage [164]. For example, Generative Adversarial Networks (GANs) are used to recover local training data by collecting explicit gradient information.

• Inference attack and knowledge extraction: The threat is consistent with that faced by AI models. Malicious attackers can infer or extract sensitive sample data from DT models for training [165].

It is worth mentioning that among the information security threats, we find that privacy security runs through the whole technology architecture. Moreover, there are specific privacy threat objects and attack methods in each layer. The privacy threat objects focus on training datasets and AI model information in the AI-empowered decision layer. These data contain highly confidential production information, industrial processes, equipment information, and so on. The privacy attack methods in this layer mainly include model reconstruction, inference attacks, etc. In addition, in the reliable and efficient communication layer, the privacy threat objects focus on identity information, transaction information, and sensitive user information. The attack methods in this layer mainly include encryption key attack, replay attack, and open source information analysis. Finally, in the human-computer interaction layer, the privacy threat objects include user preference information, real-time data of the device, interactive system model, etc. The privacy attack methods in this layer also include such as malicious server attacks, sensitive data collection, etc. It is clear that Industry 5.0 integrates different advanced technologies and faces a broader and more granular set of threats. Therefore, it is critical to analyze and identify the threats at each of these layers in detail.

3.3. Humanized security threats in Industry 5.0

Industry 5.0 emphasizes human-centered production, interaction and application, and full coverage, participation, and customization of industrial production and services. However, it also raises broader security issues for machines, people, and society. In order to better define and explain the new security issues, we begin with a broader definition of security for Industry 5.0, i.e., any known or unknown behavior that will threaten and harm the interests of machines, individuals, and society. However, the traditional security categorization, i.e., function safety and information security, is difficult to describe and cover all the security issues in the Industry 5.0 era. For example, the fairness issue of low-resource machines and devices participating in distributed collaboration, the contradiction between the security and usability needs of individual users, and the ethical bias of intelligent models toward different regions and people. All of these issues can be detrimental to machines, individuals, and society, hindering Industry 5.0’s goals of being human-centered, resilient, and sustainable.

Therefore, in this work, we define humanized security as a new classification in Industry 5.0 security, which sits alongside information security and function safety. Specifically humanized security encompasses three aspects: machine, individual, and social (see Figure 6):

• Machines: Machines are the front line of human participation in industrial production and life. Technology should be tailored to the hardware performance and specifications of the participating devices, as a coarse-grained technology strategy will not be able to meet the specialized needs of each participating device in Industry 5.0, which poses the threat of personalization and is detrimental to the interests of each participant;

• Individuals: Technology should be tailored to the preferences, behaviors, and data of workers and customers to fully meet their needs and experiences while safeguarding the interests of each participating individual;

• Society: Technology should ensure social ethics such as fairness and unbiasedness, maximize broad human participation, as well as respect and safeguard the interests of people from different regions, races, and beliefs.

Furthermore, we will elaborate on humanized security threats for each of the three technology layers in Industry 5.0 to explore the new security requirements for stepping into the future industrial era.

Figure 6. Humanized security threats in Industry 5.0, including machines, individuals, and society

3.3.1. Threats at AI-empowered decision layer

In Industry 5.0, AI will have greater intelligence and decision-making capabilities and will be responsible for a greater amount of analysis and decision-making in industrial production. Therefore, AI models will take more consideration of humanized security issues, as arbitrary decisions will significantly affect the production process, personal interests, and even social interests. According to the current collection of related studies, the most important humanized security issues in this layer can be divided into biased unfair model behavior and non-personalized coarse-grained model strategies.

(1) Unfair modeling behavior with bias refers to discriminatory behavior against different types of devices and different groups of people that occurs during model training and reasoning, thus threatening the interests of each individual. For example, large language models learn and amplify biases in the training data to generate discriminatory statements that harm certain groups, races, and genders. Further, this will potentially lead to the emergence of unfair production methods and unfair distribution of production benefits. In addition, due to its stringent storage and arithmetic requirements, this will lead to individuals or corporations with large amounts of resources being able to dominate the entire process of designing large language models, which also poses a challenge to the fairness and legitimacy of large language models. In addition, the distributed framework of Federated Learning allows a wide range of devices and individuals to participate in knowledge sharing, but it also brings corresponding humanized security issues. For both machine devices and individual participants, low-resource and low-computing power participants may be ignored or excluded by the central server (unfair client selection algorithms), resulting in the inability to participate in knowledge sharing and collaboration. In addition, individual knowledge and preferences are susceptible to being overwritten by higher-computing-power participants or by knowledge data deemed better by the central server, leading to unfairness and non-human-centeredness in large-scale distributed collaborative environments.

(2) Non-personalized coarse-grained model strategy refers to the inability of intelligent models to meet a wide range of personalized needs. For example, large language models cannot run on low-computing power and low-storage participant devices, making it difficult to provide complete intelligent services to them. In addition, it is difficult for large language models to balance resources, cost, and performance to provide personalized services for different vertical industries with the customized needs of industrial participants. For federated learning, how to design fine-grained distributed collaboration policies for machines and devices with different hardware configurations, network configurations, and individuals’ knowledge needs and privacy requirements will be an important humanized security issue in the future.

3.3.2. Threats at reliable-efficient communication layer

In Industry 5.0, the task of the communication layer is to cover all regional participants as much as possible and to ensure that all heterogeneous devices in industrial production and their massive communication data can be transmitted and processed in a timely and secure manner. However, since the massive communication devices are in different physical environments, have different communication requirements, and have different security requirements, which brings humanized security threats. This consists of two main components, unfair and non-transparent communication processes, and non-customizable communication mechanisms.

(1) Unfair and non-transparent communication processes mainly refer to the construction of fair communication environments that can be supervised and trusted by users. Especially for individuals involved in communication in heterogeneous and complex networks, providing them with better supervision rights and letting users know how their data are protected are important to safeguard the interests of each participant. Similarly in blockchain, regulation of cryptocurrencies and open-transparent consensus mechanisms are important research directions to promote humanized security. In addition, a fair and broad guarantee that every group in every region can participate in globalized communication is also the vision of Industry 5.0. 6G should guarantee the opportunity for different geographic conditions and special groups to participate in communication, and blockchain should also guarantee fair competition and reliable communication among participants. For example, a 51% attack based on the PoW consensus protocol [125], where a participant with a large amount of arithmetic power will lead to an unfair mining process.

(2) Non-customizable communication mechanism mainly refers to the fact that a single communication mode makes it difficult to meet the communication needs of different devices and individuals. For example, various types of communication technologies in 6G should take into account physical factors such as atmospheric conditions and propagation paths in different regions to design appropriate communication strategies according to local conditions [159]. Alternatively, e.g., network slicing has been used to design 6G security isolation and service isolation architectures. However, network slicing lacks the granularity to consider the KPI requirements of each slice and the customization needs of different customers. Alternatively, e.g., network slicing has been used to design security isolation and service isolation architectures for 6G. However, network slicing lacks the granularity to consider the KPI requirements of each slice and the customization needs of different customers [159]. The communication layer is also responsible for implementing access control policies for various applications. However, traditional methods such as key authentication and iris authentication do not meet the communication needs of disabled people such as the blind, which will jeopardize the interests of individuals who expect to participate in Industry 5.0 production. In addition, introducing privacy protection techniques such as differential privacy and homomorphic encryption into 6G to realize secure communication is also an important research direction. However, this brings more resource cost overhead and even affects the user’s communication experience. Therefore, customizable security policies based on user requirements are also important challenges. For blockchain, customizable policies are also particularly important. For example, uneven distribution of infrastructure and arithmetic power can lead to overall network latency, how to balance between high operational costs and lightweight consensus protocols, and interoperability between different blockchains. In particular, blockchain empowers secure and reliable Industry 5.0 communication, but this brings additional side effects, such as distributed consensus protocols imposing extra overhead affecting user availability [166]. Therefore, considering fine-grained customized blockchain designs and applications will be more in line with the future of the industry.

3.3.3. Threats at human-machine interaction layer

In Industry 5.0, the human-computer interaction layer as the front line means that personalized safety needs to be taken more into account. We made two classifications: Coarse-grained non-customized design, and non-human-centered production design.

(1) Coarse-grained non-customized design mainly refers to the inability of the human-machine collaborative system to adapt to different changes in the production environment and the needs of different participants. This part is especially obvious in digital twin systems. First, digital twin systems require fine-grained cloning of the physical world and high-frequency synchronization. However, due to the diversity of participants in Industry 5.0, generic digital twin modeling, communication techniques, and sensor technologies are difficult to apply to the twinning needs of each entity. For synchronization frequency, e.g., Internet of Vehicles scenarios require real-time modeling, but many industrial systems perform real-time synchronization instead, which brings unnecessary cost consumption. Second, digital twins will be used as advanced network services in 6G. How to provide customized service interfaces and on-demand resource allocation are also important humanized security challenges. In addition, some scenarios with predominantly low-resource edge devices pose challenges for realizing lightweight and efficient digital twins.

(2) Non-human-centered production design mainly refers to the lack of consideration of human interests in human-machine collaboration. This is mainly reflected in the design of Cobots. First, humanized security requires that Cobots be designed with the mental stress and psychological discomfort of human workers. Cobots should assist humans to work while providing a comfortable working environment and emotional support to humans. In addition, human energy expenditure, fatigue, and body/language limitations of different workers should be considered in the design of Cobots. Further, for the diversity of labor, the individualized needs of different workers should be met by Cobots by providing appropriate service interfaces. It is worth noting that in the vision of Industry 5.0, efficiency does not come first, people are not machines, and industrial design should focus first and foremost on human-centeredness and concern for the well-being of human workers [1].

4. Security countermeasures in Industry 5.0

4.1. Function safety countermeasures

Functional safety countermeasures essentially focus on ensuring that systems operate reliably, safely, and usably, even in the face of errors, failures, or unforeseen circumstances, thereby protecting people and the environment from potential harm. In addition, it is equally important to emphasize adaptability and robustness – systems must evolve in response to new threats and changing environments. In the context of Industry 5.0, functional safety countermeasures aim to create a safe and resilient industrial ecosystem, ultimately for the well-being of all stakeholders.

4.1.1. Countermeasures at AI-empowered decision layer

Corresponding to the safety threats in this layer, functional safety countermeasures for the AI-empowered decision layer aim to ensure that AI models perform specific industrial tasks accurately and efficiently. Specifically, we divide the countermeasures into two categories targeting low-quality unavailable computational outputs and inefficient and overloaded resource utilization.

(1) Countermeasures for low-quality unavailable computational outputs. These countermeasures focus on solving a major contradiction i.e., the contradiction between the massive, heterogeneous, and personalized device data brought about by Industry 5.0 and the industrial tasks that require efficient and accurate execution of the results. Similarly, we will summarize and categorize relevant research works and countermeasures against the previously discussed safety threats of the key enabling technologies at this layer. First is FL:

• Optimization of aggregation algorithms. Given the heterogeneity of the data, [167] proposed the Iterative Federated Clustering Algorithm (IFCA) and Flexible Cluster Federated Learning (FlexCFL), which aim to divide the clients into clusters and optimize the shared models within each cluster for better handling of the non-IID data distribution. [168] designed local model optimization strategies, new server-side aggregation methods, and personalized federated learning strategies to enhance the performance of FL in the presence of non-IID data.

• Client anomaly detection. To address the problem of interrupted FL training or degraded model performance due to client-side failures and anomalies, several studies have proposed client-side anomaly detection algorithms [169–171]. [169] proposes to generate a low-dimensional proxy of model weight vectors on the server side to detect anomalous clients. [170] propose an FL training visualization to detect anomalous client states. [171] designed an autoencoder to perform anomaly identification and client isolation.

• Decentralized approach. Server centralization brings problems such as single point of failure and network congestion that affect the availability of the model. Existing work proposes both blockchain and peer-to-peer-based approaches. The application of blockchain technology has been extensively explored in the literature [172, 173]. This is achieved by combining a federated learning (FL) system with blockchain technology, resulting in a decentralized architecture that eliminates the risk of a single point of failure associated with relying on a single central server. In addition, the peer-to-peer interaction model demonstrated in the literature [174] allows nodes to exchange model updates directly without the need for scheduling through a central authority, further enhancing the decentralization and efficiency of the system while improving the security and transparency of data exchange.

For LLM, the other core enabling technology for this layer, the main safety countermeasures are as follows:

• Data pre-processing. It is crucial to pre-process the large amount of data collected to improve data quality and model performance. This consists of a four-stage strategy of quality filtering [175], data de-duplication [176], privacy removal [177], and efficient segmentation [178] to obtain high-quality datasets.

• Knowledge updating. The following studies have been conducted for LLM knowledge updating methods. [179] proposed model editing methods to change the model behavior by updating non-parametric knowledge thus avoiding the consumption of retraining. In addition, external tools such as web search and web plugins are utilized to achieve the extraction and analysis of real-time and unknown content [180, 181].

• Alleviating hallucinations. Some hallucination mitigation work has been proposed. [182] proposed designing a hallucination penalty mechanism during training to mitigate hallucinations. [183] proposes to train models with more diverse and larger datasets to reduce the likelihood of models making false assumptions. In addition, [184] proposed to introduce “fact-checked” or “verifiable” data during training so that the model learns to rely on facts to make decisions.

• Explainable work. Research work on the explainability of neural networks has been on the way. Several studies have summarized and explored the explainable work for LLMs [185, 186], including but not limited to the explainable research work based on in-context learning (ICL), probe-based, and attention-based mechanisms.

(2) Countermeasures for inefficient and overloaded resource utilization. This part of the countermeasures concentrates on solving the problems of AI network congestion, efficient green communication, and efficient resource utilization in Industry 5.0 scenarios. Similarly, the first is FL:

• Asynchronous algorithms. In response to the fact that FL training performance is affected by the slowest participating and faulty devices, many studies have proposed asynchronous schemes for FL. [187, 188] demonstrated that especially in shared-memory systems, the asynchronous scheme is robust and it can greatly mitigate the impact of laggards in heterogeneous environments.

• Efficient communications. Existing studies have achieved efficient communication in FL through model scaling and superposition [189], gradient compression [190], local updating [191], and importance-based updating [192]. [189] achieved simultaneous model updating of different clients by exploiting the superposition nature of the radio channel thereby improving the communication efficiency. [190] proposed to compress most of the redundant model parameters to significantly reduce the number of transmissions, while transmitting only the necessary gradient updates to the server. [191] proposed to allow client devices to perform some of the updates locally, thus reducing the number of FL iteration rounds. Further, [192] proposed the Edge Stochastic Gradient Descent (eSGD) algorithm, which only requires important gradient updates to the aggregation server, significantly reducing the number of communications per round.

• Resource management. [193] demonstrated the joint optimization of computational resources and bandwidth allocation on devices as an effective strategy to mitigate the computation and communication costs in resource-limited environments. In addition, [194] reduces the resource overhead of FL by introducing a dual-stream modeling strategy that encourages nodes to learn from each other to improve efficiency. In [195], a deep neural network (DNN) architecture designed for mobile AI training is proposed, which aims to accelerate the training process and model execution by employing a streamlined model and fusing successive non-tensor and tensor layers to reduce runtime and optimize memory usage. Another innovative solution for resource management in FL is found in the literature [196], where resource management algorithms combining data importance and computational communication awareness are proposed to improve training accuracy, ensure fairness, and reduce convergence time.

For LLM, the following main safety countermeasures exist:

• Efficient pre-training. Existing work focuses on the two main issues of improving pre-training throughput and loading larger models into explicit memory. Methods including 3D parallelism, optimal computation, ZeRO, and mixed precision training have been proposed [110, 111].

• Parameter-efficient fine-tuning. This is a method that can be used to solve the problem of expensive costs caused by full model fine-tuning. This refers to the immediate adaptation of a model to a specific task by updating only part of the model parameters, e.g., promote-tuning [197], low-rank adaptation (LORA) [198], prefix fine-tuning [199], and so on.

• Efficient inference. Several works have been used to address the high inference latency of LLM. [200] proposed efficient the attention to accelerate attention process, which used subquadratic approximation methods such as flash attention and multi-attention query. [201] proposed quantization techniques to reduce the memory footprint during inference, which is achieved by reducing the computational precision. Other, techniques such as pruning [202] can also improve inference efficiency.

• Environmentally friendly. This part of the countermeasure has not resulted in a scaled program, and some current research proposes to reduce model complexity, change inference methods, and develop energy-efficient algorithms to reduce the resource consumption of AI systems [111].

4.1.2. Countermeasures at reliable-efficient communication layer

Corresponding to the safety threats in this layer, the functional safety countermeasures for the reliable-efficient communication layer aim at guaranteeing that advanced communication and reliability technologies can be efficiently adapted and extended to industrial production environments, while ensuring efficient energy utilization and cost control.

(1) Countermeasures for inadaptation and unscalable communication designs. We will first discuss the current advanced designs and research in 6G that are applicable and easily scalable to Industry 5.0.

• Communications architecture. The first is advanced wireless network architectures and technologies, which include research on heterogeneous vertical/horizontal massive ultra-dense networks (UDNs) [122], millimeter-wave transmission [203], and terahertz transmission [204]. This enables advanced communications with high-quality service and low loss. Secondly, advanced multiuser transmission schemes such as ultra-massive multiple input multiple outputs (UM-MIMO) beamforming techniques [205] can provide high-quality services for different service requirements and heterogeneous devices. Other research on advanced communication architectures for 6G can be found in [122], which will all contribute to high mobility and low-power industrial sensor device communications.

• Network architecture. The first is the customization and softwareization of networks, such as software-defined networking (SDN) and network function virtualization (NFV), which will provide support for massively customized industrial networks. Secondly, some research also includes advanced networking techniques [206] that provide flexible data processing capabilities across devices and regions. In addition, research on advanced mobile network architectures will also support a high degree of automation, flexibility, and intelligence in communications, such as self-organizing networks [207].

• Large-scale industrial IoT. Several studies have explored 6G for large-scale industrial IoT total deployment. This includes large-scale device access, sensing, and data collection [208]. In addition, advanced protocols for industrial scenarios such as low power wide area network (LPWAN) [209] also provide solutions for communication of industrial low-power sensor devices.

There are also countermeasures against the threat of blockchain being difficult to deploy and scale in large-scale industrial IoT as follows:

• Business process safety. Several studies have proposed solutions for the deployment of blockchain in Industry 5.0 scenarios, such as shop-floor-level decentralized scheduling mechanisms [210], digital twins [211], and so on. In addition, there is corresponding work on business standards and regulatory governance standards for blockchain applications, which include regulatory sandboxes, benchmarking systems, etc. [125].

• Infrastructure and scalability solutions. [125] suggests that private key management requires the establishment of a dynamic lifecycle management mechanism, yet mature solutions need to be further studied. In addition, corresponding regulations and compliance support are also key to infrastructure safety. [125] proposes that the effectiveness and safety of blockchain networks can be monitored in the long run by establishing a compliance assessment model. For others, the reader can refer to [53], which discusses in detail the systems and architectures of Industry 5.0 adapted to blockchain and summarizes the deployment and challenges of blockchain in Industry 5.0.

(2) Countermeasures for high-energy and high-cost communications. The realization of sustainable and green communication network architectures is an important development goal of Industry 5.0. Advanced research efforts in 6G will help to achieve flexible network resource allocation and reduce network deployment and operational costs. These lightweight and green 6G architectures mainly include the Cell-free/less architecture [212], which enables high network coverage, low path loss, and low-cost communication; RAN-Core convergence [77], which offers significant advantages in reducing network complexity and transmission cost; Fully-decoupled RAN architecture [79], which offers significant advantages in reducing communication and terminal power consumption as well as increasing mobility and flexibility.

In addition, in response to the low-power and low-cost goals of the blockchain consensus protocols required by industrial sensor devices in Industry 5.0, some scalable and low-power consensus has also been proposed: IOTA, with its advantages of currency-free transactions and support for underlying sensor networks, will be beneficial for Industry 5.0 applications [53]; Tangle, which does not set up miner nodes and incentives for miner nodes [213], and thus can well support transaction calls between large-scale sensors. Other consensus techniques such as Tendermint, Omniledger, etc., all have the significant advantage of low latency and low energy consumption [53].

4.1.3. Countermeasures at human-machine interaction layer

Corresponding to the safety threats in this layer, the functional safety countermeasures for the HCI layer aim at preventing vulnerable HCI systems from harming human workers, while ensuring the safety, efficiency, and reliability of the frontline industrial production systems. Specifically, we categorize countermeasures against direct or indirect damage to humans and production function limitations, errors, or unavailability.

(1) Countermeasures for direct or indirect damage to humans. This part of the countermeasures focuses on minimizing the risk of injury to humans during human-machine interaction while building mutual trust between humans and machines. We summarize the threat countermeasures for Cobots and DTs separately. First is Cobots:

• Collision avoidance: This categorization represents the avoidance of all direct impact and collision injuries to humans by Cobots. This part is an important research direction for Cobots and a large amount of research work has been done. [214, 215] provide a careful review and summary of this part of the work, including but not limited to quantifying the extent of injuries caused by collisions, minimizing injuries caused by human-machine interactions with humans, and avoiding collisions. Additionally, the International Organization for Standardization (ISO) has developed specific guidelines (ISO 10218-1 and ISO 10218-2) for safe, collaborative work, which includes a safety-rated monitored stop (SRMS), hand guiding (HG), speed separation monitoring (SSM), and power and force limiting (PFL) [216].

• Advanced skin materials. Designing Cobot skin that meets technological requirements and human safety needs is a great challenge. Various advanced Cobot skin fabrication techniques were explored in [130], which pointed out that biocompatibility and self-healing are important elements of Cobot’s skin design. Moreover, [217] explored the development of Cobot advanced biocompatible skins, which would avoid the hazards arising from their exposure to human beings.

For the other core technology of the layer, the digital twin, there is a major trustworthy threat. As mentioned in the previous chapter, this indirectly threatens human workers. The main countermeasure in this part is to study trust management mechanisms to ensure data trustworthiness in DTs, which will play a huge role in industrial DTs. Representative studies in this area fall into two categories, blockchain-based trust-free methods [218] and quantitative trust assessment methods [219], which help to build trustworthy and reliable DT decisions and feedback.

(2) Countermeasures for production function limitations, errors, or unavailability. This part of the countermeasures focuses on ensuring the reliable and efficient operation of HCI systems and minimizing system ineffectiveness, errors, and failures. Similarly, we summarize the threat countermeasures for the two core enabling technologies, Cobots and DT, respectively. First is Cobots:

• Flexible collaborative robots: The current countermeasures focus on three types of research on flexible Cobots, including the speed of Cobots to quickly program to adapt to new tasks, the ability to complete as many tasks as possible in a given time, and the self-learning ability to learn, understand, and anticipate situations on the job. Specific research efforts are summarized in detail in [131, 134, 135].

• Optimizing communication with people. Some studies have accomplished communication with Cobots by designing specific human gestures [220]. This is still challenging for operator memory and communication scalability. Further, [221] combined gestures and speech to accomplish human-machine communication. Further, some studies have begun to explore human-machine emotional interactions to make Cobots more understanding of human needs and commands [222].

• Productivity optimization. [223] suggests that increasing productivity is directly linked to reducing fatigue in Cobots, and proposes a framework for designing Cobots that reduces machine fatigue so that they can perform production over the long term. In addition, there have been a large number of studies and countermeasures to optimize the productivity of Cobots, including real-world case studies, efficient production frameworks, collaborative assembly lines, dynamic task allocation, etc. [131].

• Scheduling optimization. Task scheduling and assignment maximizes the productivity of human-machine collaboration and improves overall productivity. This part mainly includes static scheduling methods and dynamic scheduling methods. Specifically, [224] proposed a genetic algorithm based on biased random-key encoding to solve the prioritization problem of various task assignments. [225] proposes a dynamic task scheduling framework for Cobots in assembly lines.

For DT, the following main safety countermeasures exist:

• Guaranteeing data quality and consistency: This part of the countermeasures mainly includes a synchronization verification framework combined with blockchain, co-optimization methods, and data auditing methods [132]. Specifically, for example, [136] proposes a blockchain-based DT synchronization platform that can verify the time state and data integrity of DT.

• Safeguarding data freshness: This part of the countermeasure focuses on ensuring low latency, low loss, and low error of data streams. Primarily, this is done by investigating ways to minimize data flow, coding and decoding mechanisms for multi-source data, and quantifying freshness [226].

• Efficient resource utilization: Centralized DT servers face the threat of a high load of massive heterogeneous data from multiple sources. Computation offloading is a mainstream approach to solve the intensive computation in current DTs. DTs can optimize and analyze the real-time shapes of different network edge nodes and design different offloading strategies to achieve optimal computational resource allocation [227]. Others, [228] first designed an efficient semantic communication architecture for DT based on a large language model, which achieves communication efficiency and computational efficiency superior to traditional federated learning DT architectures.

4.2. Information security countermeasures

Information security countermeasures essentially focus on ensuring that data and models are protected from malicious access, use, tampering, and disclosure, safeguarding the confidentiality, integrity, and availability of information, and maintaining a level of resilience to known or unknown malicious threats.

4.2.1. Countermeasures at AI-empowered decision layer

Corresponding to the security threats in this layer, information security countermeasures for the AI-empowered decision layer aim to defend against malicious model attacks, avoid ineffective or dangerous behaviors and decisions of AI models, and safeguard industrial equipment assets and participants’ safety. In addition, these countermeasures will also mitigate and eliminate the risk of data leakage and protect sensitive data and assets from intrusion. Specifically, corresponding to the aforementioned threats, we categorize the information security countermeasures for this layer into the following two categories.

(1) Countermeasures for insecure and malicious AI model behaviors. We will summarize and categorize the main information security countermeasures for this layer, starting with FL:

• Secure aggregation algorithm. A secure and reliable aggregation algorithm ensures that the global model converges correctly even if there are malicious nodes in the federated learning system. In most cases, the malicious model updates uploaded by attackers will be significantly different from the normal updates. Aggregation algorithms based on differences in model update features [138, 229] distinguish between malicious and normal updates by analyzing the differences among the updates of all participant models. Furthermore, another mainstream approach is the validation dataset-based aggregation algorithm [230]. This is to utilize validation datasets to validate model updates uploaded by participants, e.g., to verify classification accuracy [231], and finally to distinguish malicious model updates based on the validation results.

• Combined with blockchain. Distributed Ledger-Blockchain and Distributed Computing-Federated Learning are highly technically compatible. The joint solution of blockchain and federated learning becomes an important security defense. [232] designed a blockchain federated learning framework, FLChain, to enable mutual auditing of participants and timely detection of malicious parties, which can mitigate the impact of poisoning attacks. In addition, the decentralized feature of blockchain also enables federated learning of de-aggregated servers [233], which can defend against the threats posed by malicious servers.

• Security hardware. In response to model poisoning attacks in which attackers bypass local training and directly submit malicious updates, security hardware avoids malicious intervention in the training process by ensuring that federated learning’s local training process is not compromised. This protection mechanism relies heavily on the Trusted Execution Environment (TEE), which aims to ensure that critical code and data are both confidential and intact by creating a secure execution space [234].

• Reinforcement models. The reinforcement model strategy involves adapting the federated learning model architecture to increase its resistance to data poisoning attacks, which in turn mitigates the negative impact of malicious data. The study [235] added techniques aimed at improving model stability during the model training phase, including dropout, weight decay, and gradient trimming, which are operations aimed at improving the generalization performance of the model. Experimental validation, especially the addition of the dropout technique can effectively reduce the possibility of successful backdoor attacks.

For LLM, the other core enabling technology for this layer, the main information security countermeasures are as follows:

• Security Architecture. Model architecture is closely related to the security of LLMs. [236] proposed that LLMs containing more parameters will exhibit less risk of being subject to adversarial attacks. [237] improved model robustness by introducing cognitive architectures into LLMs. [238] proposed that introducing knowledge graph modules into LLMs can increase the credibility of LLM inference results.

• Security training. The security of LLM will be affected by pre-training. Pre-training data cleaning such as detoxification [239] and deduplication [240] can reduce the risk of poisoning. In addition, some training optimization methods, such as adversarial training [241], robust fine-tuning [242], and security consistency [243], have been shown to improve the robustness of LLMs against malicious attacks.

• Security inference. In the inference process, the instructions sent by the user are processed and detected in advance, which can defend against malicious use of LLM such as jailbreaking and other malicious use of LLM instruction attacks [244]. In addition, some works target the intermediate results of LLM to check and achieve effective defense against backdoor attacks, poisoned instructions, etc. [245]. Further, a final step of screening to identify dangerous answers before providing access to users is also effective [246].

(2) Countermeasures for user data privacy leakage. Similarly, we will categorize and summarize mainstream security countermeasures for federated learning and large language models. First is FL:

• Secure Multi-Party Computing (SMPC).Given the ability of SMPC to enable multiple data holders to perform cooperative computation in a mutually untrusted environment, its application in FL to safeguard participant privacy is particularly appropriate. [247] proposes a customized SMPC scheme for FL that relies on a trusted third party and a set of public-private key management systems to ensure that no server has access to the actual model update data of the participants during the model update aggregation phase, thus enhancing participant privacy protection.

• Differential Privacy (DP). DP is a widely adopted privacy-preserving technique that effectively prevents attackers from identifying individuals’ privacy from public information by applying random perturbations to user data. For the application of DP in FL, prior research has explored it at different stages, including introducing noise in the aggregation of global models [248] and in the local training process [249], aiming to mask the participants’ information and provide privacy protection.

• Homomorphic encryption. The application of homomorphic encryption in FL allows for the transformation of the model update process into an encrypted form, effectively shielding against the risk of potential privacy leakage. Mainstream research involves encrypting model updates uploaded to the server [25], as well as allowing participants to train on encrypted models in a local environment [250], which together provide effective protection of participant privacy and ensure security during data processing and model training.

• Partial parameter sharing: This refers to reducing the risk of privacy exposure by submitting only part of the gradient parameters to the aggregation model without sacrificing the performance of the global model. [251] proposes that participants select and upload gradient parameters with larger absolute values based on a predetermined ratio. Experiments have demonstrated that well-performing global models can be constructed even if only some of the parameters are involved. Further, [252] suggests that participants share only the parameters of the batch normalization (BN) layer and keep the statistics of the BN layer locally, which not only mitigates the possibility of privacy leakage but also optimizes the performance of FL in data heterogeneous environments.

For LLM, the following main security countermeasures exist:

• Corpus cleaning. Corpora contain private data such as personally identifiable information, and much work has been done on de-privatization and de-identification by cleaning the original corpus [253, 254].

• Privacy-enhancing technology. Existing work integrates traditional privacy-enhancing techniques, e.g., zero-knowledge proofs, differential privacy, and federated learning [255, 256], into LLM to address privacy challenges. In terms of model architecture, [257] proposed that LLM architectures with larger parameter sizes can be efficiently trained on non-standard hyperparameters using differential privacy approaches.

4.2.2. Countermeasures at reliable-efficient communication layer

Corresponding to the security threats at this layer, information security countermeasures aim to defend against malicious attacks against communication systems, avoid the compromise of communication data and transaction information, and safeguard reliable data transmission for industrial devices and participants. In addition, these countermeasures will also mitigate and eliminate the risk of communication data leakage and protect industrial sensitive data and user assets from being violated. Specifically, corresponding to the aforementioned threats, we categorize the information security countermeasures for this layer into the following two categories.

(1) Countermeasures against manipulation, hijacking, tampering with communication data. This part of countermeasures realizes defense against malicious attacks on industrial communication networks. The first one is the security countermeasures for 6G. The reader can refer to [159] for the details of 6G security studies and we will categorize and summarize the main security countermeasures for Industry 5.0:

• Physical layer security mechanisms: Attacks at the physical layer mainly include jamming, eavesdropping, and contamination attacks. Countermeasures against these attacks have been initially studied, including maximizing the secrecy rate [258], adding artificial noise [259], and physical key generation [260]. In addition, a number of advanced physical layer techniques, including terahertz communication, Intelligent Reflecting Surface (IRS), and visible light communication, improve the security of 6G compared to traditional architectures.

• Connection layer security mechanisms: This part of countermeasures includes designing novel network access control policies for 6G, quantum security algorithms, roaming security policies, blockchain-enabled security, and 6G communication firewalls to secure communication at the connection layer [159].

• Service layer system security: This part of countermeasures includes 6G secure authentication based on distributed public key infrastructure [261], authentication-based service access, 6G biometric identification based on implantable devices, and low-latency application security data exchange protocol [159]. This will support the security of web services and personalized applications for Industry 5.0.

In addition, the main countermeasures against blockchain security threats are as follows:

• Mining attack defense: Against the 51% attack, it is mainly countered by using non-PoW protocols or by creating checkpoints and considering historically weighted difficulty [262]. For selfish mining attacks, [263] monitors selfish mining by identifying block confirmations through sequence numbers.

• Network communication security: This part of countermeasures includes dynamically updating communication lists [264], adopting credit-based block consensus mechanisms [265], incorporating deep learning models to identify attack features [266], and security analysis of smart contracts, etc. to secure the blockchain network.

• Infrastructure security: This countermeasure requires securing the end system, e.g., chip-level blockchain security system [267], to realize the end protection for industrial IoT devices. Secondly, at the network infrastructure level, e.g., [268] designs lightweight distributed blockchain security verification protocols, which will support infrastructure system security for industrial devices.

• Smart contract security: Smart contract security is a broad research topic, which includes the smart contract business level, virtual machine level, and contract code level. Mainstream research includes analyzing smart contracts using code security detection methods such as dynamic analysis and static detection. [269] provides a detailed categorization of 133 security threat solutions for smart contracts in five dimensions, which readers can refer to for further information.

In addition, for a detailed survey of blockchain security threats and countermeasures, readers can refer to [166].

(2) Countermeasures against user data privacy leakage. Privacy is a core security issue in communication technologies, which has received widespread attention. For 6G, there are three main prevalent privacy protection objectives: (1) reduction of personally identifiable association information in communication data; (2) secure data storage mechanisms; and (3) security control of data transmission, sharing, and use. Specifically, many overviews of privacy issues and protection techniques for 6G in different scenarios exist, such as IoT networks [270], AI applications [271], big data and cloud [272], and prospective 6G privacy investigations [159].

For blockchain, the following solutions mainly exist for common identity privacy attacks and transaction information attacks. [53] proposes to bind the wallet address to the host address, thus realizing that each transaction relies on the bound IP address and MAC address. In addition, for transaction information attacks, hardware-based production of pseudo-random numbers can be used for digital wallets, which can improve the anonymity of digital wallets. Furthermore, a detailed blockchain privacy problem for IoT and distributed industrial networks can be found in [273].

4.2.3. Countermeasures at human-machine interaction layer

Corresponding to information security threats, information security countermeasures at the HMI layer are aimed at defending against malicious system attacks, avoiding malicious manipulation of the HMI system that threatens the personal safety of participants, and safeguarding the frontline production processes from disruption. In addition, these countermeasures will also mitigate the risk of data leakage and protect sensitive data and assets from being violated. Specifically, corresponding to the aforementioned threats, we categorize the information security countermeasures for this layer into the following two categories.

(1) Countermeasures for maliciously intruded, manipulated, and compromised systems.

The first is Cobots. less attention has been paid to Cobots-specific information security issues, and we will summarize the preliminary research and countermeasures that have been done. [161] performed threat modeling of Cobots and identified attacks specific to Cobots. [274] proposed a secure access control policy for ROS (Robot Operating System) for security privilege management. [275] proposed an authentication server for ROS to ensure the authenticity and legitimacy of visitors. [276] and [277] designed specialized intrusion detection techniques for robotic systems that can identify malicious activities and detect anomalous behaviors of the HMI system. However, it is still an open problem to implement a comprehensive cybersecurity defense system for Cobots.

In addition, for DT, we classify and summarize the following main security countermeasures:

• Data security protection. This part of the strategy mainly includes data integrity protection and data synchronization protection. Data integrity protection ensures that DT data is not tampered with and has high fidelity by designing relevant integrity checks, provable algorithms, etc. [132, 136]. Data synchronization protection aims to ensure that the data are relayed securely to meet the DT data synchronization requirements [278].

• Authentication and access control mechanisms. This ensures the legitimacy and authenticity of the participants in inter-twin communication and intra-twin communication, which can mitigate the threat of counterfeiting and illegal access. Mainstream work implements fine-grained secure authentication and access control mechanisms by combining blockchain [279], group signatures [280], and smart contracts [281].

• Intrusion detection mechanisms. The intrusion detection system can ensure timely and accurate detection of intrusion and anomalous state of the DT system. Current methods mainly include deep learning/machine learning algorithms based on threat feature recognition, blockchain-based reliable data assurance, integrity checking, etc. to achieve intrusion detection [132].

• Integrated information-physical defense. The research in this part is still in its infancy, and most of the research focuses on the physical security or information security of DT respectively. Realizing the joint defense of DT information and physics is the next important research direction [162].

(2) Countermeasures against user privacy leakage. This part of the countermeasures focuses on privacy protection in HCI systems. There are still substantial blanks in the research for Cobots, and some preliminary research work is underway. [282] conducted a study on whether privacy issues affect workers’ acceptance of Cobots, and explored how to cope with the privacy issues posed by Cobots. [283] proposes a multi-task federated learning-based HCI framework to protect human privacy during collaborative assembly tasks between humans and Cobots.

In addition, the main privacy research in this layer focuses on DTs, which are mainly categorized as follows:

• Blockchain approach. DT combined with blockchain can enable data verifiability, transparency, and privacy. In particular, combining smart contracts enables fine-grained privacy algorithms and data encryption. Specifically, [284] utilizes cloud computing to facilitate data sharing in DT and uses blockchain to protect the privacy of communication data.

• Federated learning approach. federated learning is currently the dominant deep learning paradigm applied to DT, which protects user privacy through decentralized and local training. Some work combining DT and federation learning [285, 286] ensures that personal data is not shared within DT, while still guaranteeing the accuracy and convergence of DT models.

• Privacy computation methods. other methods include differential privacy, secure multi-party computation, homomorphic encryption, etc. Combining DT to achieve stronger and finer-grained privacy protection will be a further research direction.

4.3. Humanized security countermeasures

humanized security is a classification created in response to the core idea of Industry 5.0’s human-centered approach, which aims to maximize the benefits and well-being of human participants by considering human rights more than industrial efficiency. There have been many prior research concerns that address some of the issues in humanized security, but there is no systematic generalization or classification. We will summarize humanized security countermeasures and research at the three levels of Industry 5.0 in response to the humanized security threats presented in the previous chapter.

4.3.1. Countermeasures at AI-empowered decision layer

For model behavior with biased unfairness, the main research responses are as follows. [287] focused on a solution to locate and mitigate bias in large language models, which was experimentally shown to be effective in mitigating gender bias in occupational pronouns. [288] also investigated the problem of bias in large language modeling, proposing a dataset of adjustments to large language modeling instructions that promote occupational inclusiveness. In addition, efficient pre-training, fine-tuning, and inference for large language models are discussed in detail in [110]. In federated learning, [30] proposes a participant selection algorithm that assigns specific tasks based on local resource information provided by the participants through sending resource requests to the client. Some other client incentive schemes will also encourage high-quality users to participate in learning to maximize model quality. Client selection algorithms focused on fairness are proposed in [289] to ensure that the participation rate of each client does not fall below a predetermined threshold.

In addition, for coarse-grained non-personalization strategies. [110] explores efficient parameter fine-tuning techniques that enable fine-tuning for personalized tasks in vertical industries as well as on low-computing power devices. Fine-tuning techniques are also being extensively studied. In addition, a number of studies have proposed the concept of personalized federated learning [11, 290], which enables the training of specific models for each device for different data, hardware configurations, and personal preferences. This makes an important contribution to solving the problem of humanized security.

4.3.2. Countermeasures at reliable-efficient communication layer

In response to the non-customizable communication mechanism, there are the following countermeasures. [67, 159] explored advanced 6G communication technologies and security solutions, such as multi-attribute multi-observation techniques to sense the physical properties of different environments and regions to adjust beamforming and routing strategies; customized fine-grained network management by combining network slicing and digital twins; and access without complex password entry and authentication processes by combining 6G with biometrics control policies (which can benefit users including those with disabilities), etc. For different security requirements in communication, [291] proposed a differential privacy approach that takes into account different user privacy attitudes and expectations to achieve a utility and privacy balanced and on-demand privacy policy. For blockchain, [292] investigated blockchain technology in mass customization and personalized production, and [293] proposed a customized blockchain architecture for smart home IoT systems.

The main countermeasures to the unfair and non-transparent communication process are as follows. [294] discusses recent advances and trends in the combination of blockchain and 6G technologies, surveying blockchain-enabled transparent and trusted 6G communication architectures. [67] also explores in detail the architectures and technologies that enable full coverage and extensive communication in 6G. For blockchain, [166] discusses related work and solutions regarding the regulation of blockchain networks, while surveying transparency and fairness schemes in different blockchain networks, e.g., two-party atomic exchange schemes. [53] provides an overview of advances in blockchain technology in Industry 5.0, including fair consensus and transaction schemes, such as a fair transaction ordering consensus scheme based on proof of reputation.

4.3.3. Countermeasures at human-machine interaction layer

For coarse-grained non-customized design, the following studies have been conducted. [295] explored personalized healthcare solutions based on human digital twins. [296] explored advanced solutions for digital twins considering personalization in industrial production. [297] proposed personalized DT models for heterogeneous industrial IoT scenarios, which can avoid wasted performance and unnecessary time consumption in DT modeling. In addition, [298] proposes customized digital twin services that enable personalized digital twin resource allocation and policy customization through a cloud-edge collaborative structure. For the scenario of low-resource devices at the edge, [299] proposes an edge digital twin network to provide services and security protection for resource-limited edge devices.

For non-human-centered design, we focus on research that is specific to Cobots. [135] explores workplace design for Cobots, task scheduling assignments based on operator capabilities, and a collaborative production framework for ergonomics. [131] also explored the ergonomics of Cobots, including consideration of human mental stress, fatigue, and energy expenditure. [130] explored the design of Cobots in a medical companion environment, including emotional interaction with humans and bridging the gap between humans and machines. [134] explored issues regarding the programming of Cobots to achieve flexibility and adaptability through online programming. [300] increases the maneuverability of human-machine interaction by combining AR and Cobots to meet the personalized needs of more human workers.

5. Challenges and trends

This review explores the trinity of security threats and existing security countermeasures for Industry 5.0 from different perspectives, but security research gaps and challenges remain for the emerging Industry 5.0.

First are the challenges and trends in functional safety. Through a comprehensive survey, we found that huge energy consumption and computing resource requirements are common challenges for each enabling technology of Industry 5.0. This will hinder the goal of Industry 5.0 sustainability. Second, among the different technology layers, the functional safety challenge of the AI-empowered decision layer is mainly to guarantee accurate, reliable, and high-quality outputs from intelligence. In particular, interpretability will be an important topic for future research, where credible and auditable AI outputs are an important means of securing this layer. In the communication layer, since 6G is still in the beginning stage of research, especially communication architectures with endogenous security combined with blockchain still have research gaps. Therefore, the adaptability and scalability of these new-generation communication architectures in industrial production networks are important challenges. In the human-robot interaction layer, challenges are mainly to reduce the possibility of Cobots causing injuries to human workers and to further extend the functionality and diversity of Cobots.

The second is information security. In this part, privacy protection is a common challenge for all enabling technologies, which runs through the whole technology of Industry 5.0. Developing advanced privacy protection solutions for different enabling technologies in each layer will be an important research direction. Second, among the different technology layers, the main challenge in the AI-empowered decision layer is the content security threat, which requires safeguarding the training data, decision-making behaviors, etc. from malicious poisoning, tampering, and manipulation. In the communication layer, due to a large number of new communication protocols, frequency bands, etc. emerging in 6G, designing new security mechanisms for different communication architectures to prevent interference, eavesdropping, and contamination will be a research priority. In particular, exploring how blockchain and 6G can be perfectly combined to realize reliable communication will be an important research topic. In the human-machine interaction layer, there are still a lot of gaps in the research of intrusion detection for both Cobots and DT systems, and the cyber attacks and threats against Cobots have not received extensive attention. Therefore cyber attacks and defense in this part will be the focus of research.

The third is the challenges and trends in humanized security. Humanized security is a next-generation security paradigm that is an important enabler in facilitating Industry 5.0 to achieve a new social production method centered on human interests. As a result of our survey, current major humanized security challenges include unfair, coarse-grained, and non-human-centered technology design. Specifically, monopoly, fairness, and bias of intelligence in the AI-empowered decision layer are challenges that need to be urgently addressed, which can directly affect the personal interests of industrial participants. This includes research into more customized intelligent agent solutions, efficient fine-tuning techniques, bias ethics checks, edge device deployment options, etc. In the communication layer, this includes transparent and trustworthy communication and transactions; communication and access technologies that cover different groups of people in different regions; strategies that guarantee broad and fair participation in transactions; customizable communication networks and blockchain networks, etc. In the human-computer interaction layer, this includes fine-grained digital twin services and system design; collaborative system design that takes into account the ergonomics and physical capabilities of human workers; and further exploration of interactive design that guarantees human psychological and emotional comfort, etc. It is worth mentioning that humanized security for Industry 5.0 currently lacks well-developed discussions and research, making it difficult to identify complete challenges and trends. However, the landing point for future challenges and research trends can be referred to the definition and summary of humanized security in Section 3.3 of this paper, which will provide valuable guidance.

6. Conclusion

Industry 5.0 defines a revolutionary industrial paradigm by focusing on development priorities from efficiency to people. This survey explores and summarizes the key enabling technologies for Industry 5.0 from a technological perspective and for the first time proposes a comprehensive hierarchical technology architecture for Industry 5.0, which includes AI-empowered decision layer, reliable-efficient communication layer, and human-computer interaction layer. At the same time, we analyze and summarize the internal factors and initial applications of key enabling technologies to drive the development goals of Industry 5.0 (human-centered, resilient, and sustainable). Second, we comprehensively investigate the triad of security issues for Industry 5.0 (function safety, information security, and humanized security) and provide a detailed overview of the security threats and security countermeasures in each technology layer. Importantly, this is the first comprehensive survey of security issues for Industry 5.0. Among them, in this survey we first definite the humanized security in Industry 5.0, which incorporates the interests and rights of machines, individuals, and societies, which will significantly contribute to the goal of human-centered development in Industry 5.0. Finally, we summarize future challenges and trends, which provide useful guidance and support for the development of Industry 5.0.

Acknowledgments

No acknowledgments.

Funding

This work was supported in part by the JSPS KAKENHI under Grants 23K11072, and in part by the China Scholarship Council under Grants 202308050055.

Conflicts of interest

The authors declare that they have no conflict of interest.

Data availability statement

No data are associated with this article.

Author contribution statement

Yang Hong carried out the layout of this survey; Yang Hong and Jun Wu conducted detailed research and wrote a draft of this survey; Xinping Guan was involved in the design and revision of the final version. All authors read and approved the final manuscript.

References

Yang Hong received the B.E. degree from the School of Cyber Science and Engineering, Sichuan University, Chendu, China, in 2022, and the M.E. degree from the Graduate School of Information, Production and System, Waseda University, Fukuoka, Japan, in 2023, where he is currently pursuing the Ph.D. degree. His research interests are focusing on Industry 5.0, information security, network intelligence and security, digital twin, etc.

Jun Wu received the Ph.D. degree in information and telecommunication studies from Waseda University, Japan, in 2011, where he is currently a professor with the Graduate School of Information, Production and Systems. His research interests include the intelligence and security techniques of Internet of Things (IoT), edge computing, big data, 5G/6G, etc.

Xinping Guan is currently a Chair Professor with Shanghai Jiao Tong University, Shanghai, China, where he is the Dean of the School of Electronic, Information and Electrical Engineering, and the Director of the Key Laboratory of Systems Control and Information Processing, Ministry of Education of China. His current research interests include industrial cyber-physical systems, wireless networking and applications in smart city and smart factory, and underwater sensor networks.

All Tables

All Figures

	Figure 1. Key Enabling technologies for Industry 5.0 and their layered architecture
In the text

	Figure 2. Triad of security threads for Industry 5.0
In the text

	Figure 3. Function safety threats of Cobots in human-machine interaction layer
In the text

	Figure 4. Information security threats of AI-empowered decision layer in Industry 5.0
In the text

	Figure 5. Cross-threats of Digital twin in Human-machine interaction layer
In the text

	Figure 6. Humanized security threats in Industry 5.0, including machines, individuals, and society
In the text