A hybrid blockchain and smart contract framework for resilient IoT security in smart homes

The rapid growth of IoT devices in smart home environments has introduced significant challenges in ensuring secure, scalable, and efficient communication among heterogeneous devices. Centralized architectures suffer from a single point of failure, while blockchain-only solutions face high latency, limiting their use in real-time control. To address these issues, we propose a multi-layered decentralized framework that combines a consortium blockchain, a trusted off-chain coordinator, group-based zero-knowledge proofs (ZKPs), and a two-tiered access control policy (ACP) architecture. The consortium blockchain provides an immutable ledger for device identities and foundational, coarse-grained ACP enforcement through smart contracts, ensuring tamper-proof trust. For privacy-preserving mutual authentication, a group-based ZKP protocol enables collective device authorization without revealing sensitive keys. The off-chain coordinator complements this by enforcing dynamic security mechanisms, including fine-grained ACPv2 checks—such as rate limits, time-of-day restrictions, and device telemetry—in addition to anomaly detection for behavioral risk assessment. This proposed hybrid structure achieves both immutability and high efficiency over traditional methods. A performance evaluation highlighted the framework’s efficiency by demonstrating that the core ZKP verification for a 500-device group can be completed in just 190 ms. The framework drastically reduces on-chain costs, with critical access control policy transactions consuming only 82,748 gas—a reduction of over 90% compared to benchmarked on-chain systems. The complete end-to-end workflow, from user request to secure session establishment, has a latency bound of approximately 3s. Formal security verification with the BAN and AVISPA tools validates resilience against common attacks, including man-in-the-middle, replay, and impersonation, while static analysis using the Slither framework confirms the absence of critical vulnerabilities in the smart contract code. By combining an immutable on-chain foundation with intelligent, dynamic off-chain enforcement, our proposed framework provides a uniquely resilient, scalable, and adaptive security solution for modern smart home systems.