A hybrid blockchain and smart contract framework for resilient IoT security in smart homes

The rapid growth of IoT devices in smart home environments has introduced significant challenges in ensuring secure, scalable, and efficient communication among heterogeneous devices. Centralized architectures suffer from a single point of failure, while blockchain-only solutions face high latency, limiting their use in real-time control. To address these issues, we propose a multi-layered decentralized framework that combines a consortium blockchain, a trusted off-chain coordinator, group-based zero-knowledge proofs (ZKPs), and a two-tiered access control policy (ACP) architecture. The consortium blockchain provides an immutable ledger for device identities and foundational, coarse-grained ACP enforcement through smart contracts, ensuring tamper-proof trust. For privacy-preserving mutual authentication, a group-based ZKP protocol enables collective device authorization without revealing sensitive keys. The off-chain coordinator complements this by enforcing dynamic security mechanisms, including fine-grained ACPv2 checks—such as rate limits, time-of-day restrictions, and device telemetry—in addition to anomaly detection for behavioral risk assessment. This proposed hybrid structure achieves both immutability and high efficiency over traditional methods. A performance evaluation highlighted the framework’s efficiency by demonstrating that the core ZKP verification for a 500-device group can be completed in just 190 ms. The framework drastically reduces on-chain costs, with critical access control policy transactions consuming only 82,748 gas—a reduction of over 90% compared to benchmarked on-chain systems. The complete end-to-end workflow, from user request to secure session establishment, has a latency bound of approximately 3s. Formal security verification with the BAN and AVISPA tools validates resilience against common attacks, including man-in-the-middle, replay, and impersonation, while static analysis using the Slither framework confirms the absence of critical vulnerabilities in the smart contract code. By combining an immutable on-chain foundation with intelligent, dynamic off-chain enforcement, our proposed framework provides a uniquely resilient, scalable, and adaptive security solution for modern smart home systems.

1 Introduction

The internet of things (IoT) has revolutionized modern living by transforming traditional homes into smart, interconnected environments that offer convenience and efficiency (Lavin et al., 2024). According to a recent study, the current count of IoT devices in 2025 exceeded 27.1 billion, and by 2030, it may increase to 40 billion. However, the rapid integration of IoT devices into smart homes has introduced significant challenges in security, scalability, communication, and efficiency for resource-constrained devices and varying environmental capabilities that existing authentication schemes often fail to address (Menon et al., 2023; Asghar et al., 2023). In typical smart home environments, devices communicate with untrusted networks to interact with users, cloud services, and external devices; these open, communication- and credential-based systems remain vulnerable to attacks, such as man-in-the-middle (MITM), replay, collusion, and impersonation, which exploit authentication loopholes to gain unauthorized access to systems and user data. Traditional security mechanisms, often centralized and relying on static and shared credentials, fail to accommodate heterogeneous devices with varying capabilities, such as computational and power constraints (Asghar et al., 2023; Soni and Singh, 2025).

A critical vulnerability in modern smart home systems is the trust assumption within the internal network. Centralized gateways are single points of failure; if they are compromised, they can be used to deliver malicious actors or commands or establish denial-of-service attacks across the entire system. Therefore, a robust security framework must not only authenticate external users but also provide operational integrity and resilience against internal threats. This requires a mechanism to achieve distributed consensus or authentication between the various devices prior to the execution of actions—a challenge to simple authentication protocols (Soni and Singh, 2025).

To address these challenges, this study proposes a novel multi-layered security framework for smart home systems that efficiently combines a consortium blockchain with smart contracts, a trusted off-chain coordinator, a group-based zero-knowledge proof (ZKP) protocol (Rasheed et al., 2019), and a machine learning (ML) model for adaptive security and behavior analysis. Figure 1 presents the communication architecture of this smart home system, designed around a clear separation of concerns to optimize security, latency, and resource efficiency.

Figure 1

Figure 1. Communication between the different architectural layers of a secure and resilient smart home system.

The proposed framework is structured into three distinct layers. The first is that of external actors, where the user application initiates requests that are sent to the off-chain layer. Second is the off-chain intelligent layer. The trusted off-chain coordinator serves as the real-time processing hub, orchestrating ZKP generation with the smart home device group, enforcing fine-grained ACPv2 policies, and running the ML-driven anomaly detector. In the third layer, the on-chain trust foundation layer, the consortium blockchain acts as the immutable source of truth, storing device registries and logs, group compositions, and coarse-grained access policies in its smart contract state. This separation of concerns allows the framework to balance decentralized trust with low-latency adaptive security.

Our proposed framework overcomes the limitations of existing solutions, such as high latency and scalability issues in purely blockchain-based systems, and the single point of failure of centralized systems, by integrating the following functionalities.

A. Decentralized trust via a consortium blockchain. We utilize a consortium blockchain as an immutable ledger and the ultimate source of truth for the system. It is responsible for managing device identities, the composition of logical device groups, and foundational, coarse-grained access control policies. We leverage the blockchain for its core strengths of auditability and tamper resistance without being constrained by its transactional latency for real-time control.

B. Collective authorization via group ZKPs. To achieve low latency and cryptographically secure agreement, we employ a group-based ZKP scheme. Before any action is processed, a quorum of devices within a group collectively generates a ZKP. This proof serves as an irrefutable cryptographic attestation that the group has authorized a specific user request, establishing secure mutual authentication without exposing any long-term secrets. This protocol provides strong privacy guarantees and ensures operational integrity by replacing device-level consensus with efficient, collective cryptographic authorization.

C. Intelligent off-chain enforcement and analysis. The ZKP is submitted to a trusted off-chain coordinator that acts as an intelligent enforcement hub for all dynamic security logic. This coordinator implements two critical layers.

1. Dynamic access control (ACPv2). A fine-grained policy engine evaluates the request against contextual rules that would be impractical to manage on-chain due to high costs. These include rate limits, time-of-day restrictions, and conditions based on real-time device telemetry, such as network latency and battery levels.

2. Behavioral anomaly detection. A machine-learning-driven system analyzes user activity patterns to calculate a real-time risk score. This allows the framework to proactively identify and block anomalous behaviors indicative of an attack or system abuse.

D. Adaptive cryptography via ML. Recognizing the heterogeneity of IoT devices, our framework includes an intelligent adaptation layer. An ML model analyzes real-time device and network conditions, such as battery levels and hardware support for cryptographic acceleration, to dynamically select the most appropriate cryptographic primitives (e.g., AES-GCM vs. ChaCha20-Poly1305) and optimize security parameters. This ensures that security is maximized without straining resource-constrained devices, thus achieving an optimal balance between performance and protection.

The novelty of this work lies in its multi-layered, adaptive design, which unifies a blockchain-based trust foundation, group-centric ZKP authentication, and an intelligent off-chain coordinator empowered with ML and anomaly detection capabilities.

Unlike existing blockchain-IoT frameworks that rely solely on static access policies or centralized gateways, the proposed hybrid system dynamically enforces context-aware and behavior-driven access control through a trusted yet auditable coordinator.

This synergistic integration simultaneously achieves decentralized trust, scalability, privacy-preserving authentication, and resource-efficient decision-making, addressing the key gaps in prior surveys and frameworks.

The proposed framework is designed based on a comprehensive threat and adversary model that considers both external attackers (e.g., eavesdropping, replay attacks, or tampering over public networks) and internal adversaries (e.g., compromised IoT devices or malicious insiders). The system defends against both passive and active attacks by combining cryptographic verification, blockchain-based auditability, and off-chain anomaly detection. A detailed adversary model, covering coordinator exposure, insider compromise, and network-level attacks, is presented in Section 4.4.1.

The rest of this study is organized as follows: Section 2 reviews the related work by identifying key gaps in smart home systems. Section 3 discusses the proposed framework for smart home systems. Section 4 presents the results of the experiments, the evaluation, and the discussion. Finally, Section 5 concludes this article with a summary of our contributions, outlining future research.

2 Related research

The internet of things (IoT) is expanding at a fast pace in every sector, including smart home environments. The challenge of securing this environment has been approached from multiple research directions, each having distinct strengths and inherent limitations. This section discusses the existing literature and identifies the gaps; our proposal intends to overcome these.

To overcome the vulnerabilities of centralized architectures, such as single points of failure, blockchain technology has been widely proposed as a decentralized trust model for IoT. Early work, such as the distributed access control mechanism by Skarmeta et al. (2014), highlighted the need for decentralization but struggled with communication overheads and privacy preservation. More recent proposals, such as the home-chain system (Lin et al., 2019), leverage blockchain to provide reliable auditing and anonymous authentication, successfully addressing some integrity and privacy concerns. Further research has explored lightweight consensus mechanisms and off-chain data storage to eliminate latency issues and storage overheads (Baccouri et al., 2024; Al Hwaitat et al., 2023). However, these approaches often highlight a key challenge using blockchain for real-time transactions that can be too slow for smooth user interactions, while operating off the blockchain often compromises the reliability and trustworthiness of operations within the local network (Sahraoui and Bachir, 2025; Dorri et al., 2017).

To address the privacy risks associated with credential-based systems, ZKPs have emerged as powerful cryptographic primitives. ZKPs allow a party to prove knowledge of a secret without revealing the secret itself, making them ideal for authentication in a zero-trust environment (Liu et al., 2024). Systems such as the one proposed by Baccouri et al. (2024) use strong elliptic curve cryptography (ECC), but still rely on static keying, which lacks adaptability. More advanced schemes, such as SEAS (Su et al., 2024), have successfully utilized ZKPs to achieve privacy-preserving batch authentication and robust revocation, demonstrating significant performance improvements. Other research has explored combining ZKPs with blockchain technology for decentralized key management and identity verification (Su et al., 2024; Liu et al., 2020). While these approaches enhance user privacy and prevent credential theft, they typically treat cryptographic protocols as static and need to focus on scalability, trust issues, and efficiency for resource-constrained devices (Wishwasara, 2023). They are not suitable for the heterogeneous and resource-constrained nature of IoT devices, where the same-size cryptographic proof can be inefficient for low-power sensors and devices.

Access control policies were need of urgent to enhance the privacy and security of the system. Sultana et al. (2020) introduced a method for data sharing using blockchain and access control policies, that efficiently enhanced the security and privacy but the cost of the blockchain remain high, so that needed urgent attention to reduce the cost and enhance the scalability and performance. On the other hand, to add the privacy on blockchain based system Zaidi et al. (2021) introduced attribute-based access control using smart contracts, which also led to high costs. Sivaselvan et al. (2020) and Hasan et al. (2023) introduced an optimized, lower-cost framework with additional security using authentication and smart contract-based access control policies. These also need to be further optimized for use in resource-constrained environments and for real-time access. Rahman (2020) proposed scalable role-based access control policies using blockchain technology, but cost-effectiveness was also a problem.

Furthermore, the majority of blockchain-based access control models rely on static, on-chain rules. As seen in systems such as AC-DevChain, which proposes a hybrid RBAC–ABAC model, there is a clear need for more dynamic, context-aware policies that are difficult to implement efficiently on-chain (Fugkeaw et al., 2025). This creates a major gap: how to achieve fast, dynamic, and context-aware access control without sacrificing the core security guarantees of a decentralized ledger.

A third stream of research has focused on introducing intelligence into IoT security using machine learning (ML) and dynamic access policy enforcement. ML algorithms have been effectively used to analyze device behavior, to detect anomalies in network traffic, and to dynamically optimize system parameters (Alruwaili et al., 2024; Farooq et al., 2022). While some frameworks incorporate ML to predict threats and dynamically adjust security policies in real time, these ML models are typically deployed within centralized infrastructures managed by trusted third parties, thus re-introducing centralization (Abomhara and Køien, 2014; Ali et al., 2023). The concept of fine-grained, context-aware access control is a well-established field. Frameworks managing access to AI APIs, for instance, demonstrate the power of combining role-based (RBAC) and attribute-based (ABAC) models to enforce complex permissions (Batal et al., 2025). In an IoT context, this means evaluating real-time attributes such as network latency, time of day, and device status. The challenge lies in integrating such a dynamic engine with a decentralized trust model without introducing bottlenecks or compromising security. Furthermore, while these systems can enforce strong security policies, they rarely focus on adjusting the cryptographic primitives (e.g., encryption algorithms and key derivation complexity) according to the specific real-time constraints of the devices themselves. Their effectiveness is also highly dependent on the quality and volume of training data, which can be a challenge in diverse IoT ecosystems (Moon et al., 2016; Li et al., 2015).

Existing research has typically excelled in one or two areas but failed to provide a holistic solution (Table 1). Blockchain-based systems offer decentralized trust, but they often lack real-time performance and dynamic policy enforcement. ZKP-based systems provide excellent privacy but lack adaptability and operational resilience. ML-based systems are intelligent but often centralized and do not address foundational trust issues. A significant research gap exists in the synergistic integration of these four pillars: blockchain for a trust model, an off-chain consensus mechanism for operational integrity, a ZKP protocol for privacy-preserving authentication, and an ML model for cryptographic adaptation.

Table 1

Table 1. Comparative study between various schemes.

A significant research gap exists in the synergistic integration of these pillars. To the best of our knowledge, no existing framework provides a cohesive architecture that combines the following:

• a blockchain for immutable, coarse-grained trust;

• a ZKP protocol for privacy-preserving, collective authorization;

• a trusted off-chain coordinator that enforces both a dynamic, fine-grained ACPv2 engine and a behavioral anomaly detector;

• an adaptive cryptography model that uses ML to tune security parameters in real time.

Our proposed framework is the first that, to our knowledge, creates a cohesive architecture where these components are unified. It effectively resolves the trade-offs in previous research by creating a clear, multi-layered workflow: the blockchain defines what to allow, the ZKP scheme ensures it remains private for the one executing it, and the ML model establishes the most efficient and secure way to do it, while the off-chain coordinator handles all the dynamic and real-time access control policy enforcement with on-chain validation and security adaptation. By implementing and visualizing the entire system workflow with a GUI-based simulation, we demonstrate a practical and robust solution that addresses the complexity and challenges of modern smart home environments.

3 Proposed framework

To address the multifaceted security and complex challenges of modern smart home environments, we propose a novel, multi-layered framework: “A Hybrid On-Chain and Off-Chain Framework for Adaptive, Context-Aware Security in Smart Homes.” Our architecture is designed around a strategic separation of concerns, leveraging a consortium blockchain for immutable trust and an intelligent off-chain coordinator for real-time performance and dynamic security enforcement using adaptive cryptography and access control policies. This hybrid model provides a resilient, adaptive, and scalable solution that overcomes the limitations of purely on-chain or centralized systems.

Our architecture is built upon the three core technological pillars: a two-tiered access control policy (ACP) architecture, a privacy-preserving group ZKP scheme, and an intelligent layer for adaptive security and behavioral analysis. As illustrated in Figure 2, our framework consists of the following entities:

• Consortium blockchain serves as the foundational trust layer. It immutably stores device identities, group compositions, and coarse-grained ACPs. The consortium blockchain improves scalability by limiting participation to trusted validators within the smart home network. Unlike public blockchains that involve thousands of miners and incur variable block confirmation delays, our permissioned model employs a lightweight PBFT-based consensus among a small set of pre-authorized nodes, achieving deterministic confirmation times and significantly reducing communication overhead.

• Smart home devices and groups: IoT devices are logically organized into groups (e.g., “living room”) and collectively authorize user requests via a group-based ZKP.

• User: an external entity initiating requests to interact with device groups.

• Off-chain coordinator: a trusted backend server that acts as the intelligent hub of the system. It is responsible for all complex, real-time logic, including orchestrating the ZKP, verifying proofs, enforcing fine-grained policies (ACPv2), detecting anomalies, and selecting adaptive cryptographic parameters.

Figure 2

Figure 2. High-level system architecture and request flow.

We divided the framework into three phases, described below.

3.1 Phase 1: system setup and on-chain registration

The initial phase establishes the foundational trust model for the entire smart home system environment. All administrative actions are performed by a designated home manager and recorded immutably on a consortium blockchain. A smart contract is implemented to govern the access policies for our smart home system.

3.1.1 Key generation and identity creation

Each IoT device d_i within the smart home system is required to generate a unique cryptographic key pair. We employ elliptic curve cryptography (ECC) over the SECP256K1 curve due to its high security-to-key-size ratio, making it ideal for resource-constrained devices. Each device d_i generates:

• a private key, sk_i ∈ Z_q*, where Z_q* is the multiplicative group of integers modulo q, and q is the order of the curve;

• a corresponding public key, PK_i = sk_i ⋅ G, where G is the generator point of the SECP256K1 curve.

3.1.2 Blockchain-based registration

The home manager registers each device d_i by invoking the smart contract function, registerDevice (deviceId, deviceType, publicKey). This transaction permanently records the device’s identity and public key PK_i on the blockchain. Similarly, it creates logical groups G_j (e.g., “Work-mode”), and devices are assigned to them using the createGroup () and addDeviceToGroup () functions. The blockchain stores a verifiable and tamper-resistant record of the system’s intended state, including

• The set of all legitimate devices, D = {d₁, d₂,…, d_n};

• The public key PK_i associated with each device d_i;

• The composition of each group G_j ⊆ D.

3.1.3 Access control policy (ACP) configuration

Our framework implements a sophisticated, two-tiered ACP architecture that strategically balances the security and immutability of the blockchain with the flexibility and low latency of off-chain computation. This hybrid approach ensures both robust, foundational security and the ability to adapt to dynamic, real-time conditions.

3.1.3.1 Layer 1: On-chain coarse-grained ACP

This layer serves as the foundational, non-negotiable security gatekeeper. The administrator defines allow/deny rules by calling the setAccessPolicy smart contract function. This function takes a user’s address, a target group, and an action, then computes a Keccak256 hash to use as a key in the accessPolicies mapping. Storing a single Boolean value against this hash is extremely gas-efficient. This rigid, on-chain policy acts as the primary gatekeeper for all requests.

Algorithm 1

Algorithm 1. On-chain access control policy definition.

Layer 2: Off-chain fine-grained ACP (ACPv2). This layer provides the intelligence and context awareness that would be impractical to implement on-chain. The administrator configures complex, contextual rules via the coordinator’s secure API. These policies, managed by the off-chain PolicyEngine, can include conditions such as rate limits (max_per_hour), time windows (not_before), and real-time telemetry requirements (max_latency, min_battery).

User registration and the on-chain revocation list (RL) are also managed in this phase via the addRL () function, creating an auditable list of untrusted participants or compromised user accounts, providing an immediate and permanent revocation mechanism.

3.2 Phase 2: architectural operational workflow

This phase demonstrates the system operational workflow or process of a user initiating the commands and the system securely executes. The diagram in Figure 3 details the operational workflow for a user request, highlighting the multi-layered policy enforcement. ZKP generation with the user application, orchestrated by the off-chain coordinator, generates a group ZKP; then the pre-chain check occurs, and the coordinator performs an initial, off-chain check against the fine-grained ACPv2 rules (e.g., rate limits). Later, the on-chain check is executed. If the pre-chain check passes, the user’s ZKP signature is submitted to the smart contract on the blockchain, where the immutable, coarse-grained ACP is validated. This two-step verification process ensures that invalid requests are rejected early on, saving on-chain resources.

Figure 3

Figure 3. Sequence diagram of the secure request flow multi-layered policy enforcement.

3.2.1 Privacy-preserving authentication via group ZKP

When a user initiates an action on group G_j, the framework initiates a group-based ZKP scheme to generate a non-interactive group signature, σ_G_j, which acts as a verifiable proof of authorization. This allows a group of devices to prove that they have collectively authorized a request without revealing their individual private keys. This process is orchestrated by the user’s client application or a trusted local gateway.

1. Orchestration. The orchestrator identifies the member devices D_j = {d₁, d₂., d_k belonging to group G_j.

2. Key loading. The orchestrator securely loads the private keys sk_i for all d_i ∈ D_j.

3. Proof generation. A non-interactive, aggregated Schnorr-like group proof is generated. Let G be the generator point, and q be the group order.

o Each device d_i (conceptually) chooses a random nonce r_i ∈ Z_q* and computes a commitment point ${\mathrm{R}}_{\mathrm{i}}{=\mathrm{r}}_{\mathrm{i}}·\mathrm{G}.$

o The commitments are aggregated: ${\mathrm{R}}_{\text{agg}}{=\mathrm{\Sigma }\mathrm{R}}_{\mathrm{i}}=\left(\mathrm{\Sigma }{\mathrm{r}}_{\mathrm{i}}\right)·\mathrm{G}.$

o A challenge c is computed as a cryptographic hash of the aggregated commitments and relevant metadata:

$\mathrm{c}=\text{Hashed}\left({\mathrm{R}}_{\text{agg}}{.\mathrm{x}\Vert \mathrm{R}}_{\text{agg}}.\mathrm{y}\Vert \text{\hspace{0.17em}metadata}\right).$

o Each device computes a response $s_i=r_i+\mathrm{c}·\text{\hspace{0.17em}sk}\mathrm{i}\left(\mathrm{mod}\mathrm{q}\right).$

o The responses are aggregated:

${\mathrm{S}}_{\text{agg}}{=\mathrm{\Sigma }\mathrm{s}}_{\mathrm{i}}=\left(\mathrm{\Sigma }{\mathrm{r}}_{\mathrm{i}}\right)+\mathrm{c}·\left(\mathrm{\Sigma }{\text{sk}}_{\mathrm{i}}\right)\left(\mathrm{mod}\mathrm{q}\right).$

4. Group signature construction. The final group signature σ_Gj is the concatenation of the aggregated components:

${\sigma \_Gj=R}_{agg}{.x\Vert R}_{agg}.y‖c‖Sagg.$

3.2.2 Multi-layered policy enforcement

• Pre-chain ACPv2 check. Before submitting the request to the blockchain, the coordinator’s PolicyEngine performs a preliminary check of the off-chain rules (e.g., rate limits and cooldowns). This proactive enforcement evaluates conditions that do not require live telemetry, such as rate limits and user cooldowns. This step saves the user gas fees and reduces blockchain load by rejecting obviously invalid requests early without costly, doomed blockchain transactions.

• On-chain request upload. If the pre-chain check passes, the user U submits the request to the blockchain by calling uploadRequest (groupId, σ_Gj). The smart contract then enforces the on-chain coarse-grained ACP. As the first line of defense, its require (accessPolicies [policyHash],…) statement will cause the transaction to revert immediately if the foundational rule is not allowed. Otherwise, the request is recorded on-chain.

3.2.3 Coordinator-led validation

A designated coordinator, acting as a leader of a quorum of trusted devices (e.g., smart hubs and gateways), continuously polls the blockchain for new requests. Upon detecting a request from user U for group G_j:

1. Request retrieval. The coordinator calls getRequest(U) to retrieve σ_Gj and the user’s revocation status. It then calls getGroupMembers (G_j) and getDevicePublicKey (d_i) to fetch the public keys PK_i for all devices in the group.

2. ZKP verification: The coordinator verifies the group signature σ_Gj. It reconstructs R_agg from the signature and checks whether the core Schnorr equation holds

$S_{agg}.G?=R_{agg}+c.\left(\sum P{K}_i\right).$

If verification fails, the process is aborted, and a failure is logged.

3.3 Phase 3: intelligent secure communication layer and behavior analysis

After the request’s authenticity is cryptographically confirmed, the coordinator executes its intelligent security pipeline. This layer ensures that the resulting communication is not only confidential but also optimally efficient for the participating devices, and learns the pattern to secure dynamically. This is the core of intelligent enforcement, detailed in Algorithm 2.

3.3.1 Behavioral analysis

The request is passed to the AnomalyDetector. A risk score is calculated based on the user’s historical patterns and the context of the current request. If the score exceeds the threshold, the request is blocked, and the user is placed in a temporary cooldown mode via the PolicyEngine.

3.3.2 Contextual policy check

If the behavior is deemed normal, the coordinator gathers live telemetry from the devices and performs the final, context-aware ACPv2 check. This is the second point of enforcement for fine-grained policies. The coordinator’s PolicyEngine re-evaluates the policy, this time including the context-dependent rules (e.g., max_latency, min_battery) against the live data. This enables highly sophisticated, adaptive security, preventing actions under potentially compromised or unreliable conditions.

Algorithm 2

Algorithm 2. Intelligent security checks (behavioral and contextual).

3.3.3 Machine-learning-driven adaptive cryptography

The coordinator gathers real-time telemetry for the devices in group G_j. These data form a feature vector, X, for our pre-trained machine learning (ML) model.

The ML pipeline, consisting of a preprocessor and multiple trained models, predicts the optimal cryptographic parameters: $\left\{alg*,keysize*,kdf\_iter*\right\}=Model\left(X\right)$

• alg $*$ : The recommended symmetric encryption algorithm (e.g., AES-GCM or ChaCha20-Poly1305).

• key size $*$ : The optimal key size (e.g., 128, 196, or 256 bits).

• kdf_iter $*$ : The recommended number of iterations for the Kkey derivation function.

The intelligent and adaptive selection of these schemes are the key feature, so that after secure authentication, there is no place to make system vulnerable or inefficient.

3.3.4 Secure session key establishment and device control

A unique and ephemeral session key, K_session, is derived using the PBKDF2 algorithm. The inputs ensure that the key is unique to this specific session and its participants, while the parameters are supplied by the ML model.

$K\_session=PBKDF2\left(password=\sigma \_Gj,salt=nonce\_session,iterations=kdf\_iter*,dklen=keysize*/8\right)$

The derived key K_session is then securely distributed to all devices d_i ∈ D_j. This key is then notionally distributed to the group members. The “Device Control Panel” appears in the user’s GUI, populated with interactive controls (e.g., toggles and sliders) for the devices as needed in the activated group. Users can interact with smart home devices with these controls to send commands to the backend, updating the device state, and then broadcasting the change, providing a responsive and secure user experience.

Finally, the coordinator completes the whole process or system request cycle by calling uploadResponse () and clearRequest () on the smart contract, logging the final success, and making the user eligible to initiate a new request. This entire, end-to-end workflow, from administrative setup to interactive control, provides a robust, resilient, and demonstrably secure solution for next-generation smart homes.

3.4 Operational workflow

This framework’s operation flowchart in Figure 4 details the coordinator’s internal logic after a request has been successfully posted on the blockchain. The coordinator retrieves the request and public keys from the blockchain and performs a full cryptographic verification of the group ZKP. If the proof is valid, the request is passed to the ML-driven anomaly detector to assess its risk. High-risk (“risky”) requests are immediately rejected. If the behavior is deemed normal, a final, context-aware policy check is performed using live telemetry against the ACPv2 rules. Only if all checks pass is the command executed and the final result logged. This workflow ensures that every request passes cryptographic, behavioral, and contextual security checks before execution.

1. Setup phase. The administrator registers users and devices on-chain and configures both the on-chain (Layer 1) and off-chain (Layer 2) ACPs.

2. Request and authentication phase. A user initiates a request, which triggers the coordinator to orchestrate the generation of the Group ZKP σ_Gj. After passing a pre-chain ACPv2 check, the ZKP is submitted to the smart contract, which validates the on-chain ACP.

3. Post-authentication processing phase. The coordinator detects the on-chain request and executes its main pipeline.

oVerification: it first performs a full cryptographic verification of the Group ZKP σ_Gj.

oAnalysis: it then analyzes the request for behavioral anomalies.

oEnforcement: it performs a final, context-aware post-chain ACPv2 check using live telemetry.

oAdaptation: if all checks pass, it selects adaptive cryptographic parameters via ML.

o Execution and finalization: a secure session is established, the command is executed, and the coordinator logs the success on-chain and clears the request from the smart contract.

Figure 4

Figure 4. End-to-end operational workflow of the proposed framework.

4 Performance evaluation and security analysis

To validate the efficiency and performance of the proposed framework, we conducted a rigorous evaluation designed to quantify the performance against different similar schemes and formally verify the security guarantees. The analysis was structured to assess both the end-to-end system performance and the specific contributions of each architectural layer.

4.1 Experimental setup

All experiments were conducted in a simulated environment configured to reflect a realistic smart home deployment. The system specifications are detailed below. The experiments were conducted on a desktop system (Intel i7-7700, 32 GB RAM) to establish a consistent performance baseline for our algorithms. This approach isolates the computational overhead of our cryptographic and ML components from the highly variable performance of different IoT hardware, allowing for a clear and repeatable analysis. We acknowledge that absolute latency and energy consumption will differ on resource-constrained devices, such as an ESP32 or a Raspberry Pi. An evaluation of such a physical testbed is a key component of our future work. We used Ganache to simulate an EVM-compatible blockchain. Ganache is an ideal tool for this research because it allows for the precise measurement of gas consumption, a standardized, chain-agnostic metric for computational complexity. While real-world deployment would use a consortium blockchain framework such as Hyperledger Fabric or Quorum (which often do not use gas), the gas costs reported in our evaluation serve as a reliable proxy for the on-chain computational load that represents the efficiency of smart contracts that would be incurred. Our onlyManager access control patterns in the smart contract accurately model the permissioned nature of a consortium environment.

The framework was implemented in Python (v3.12), leveraging libraries such as ECDSA for cryptographic operations and scikit-learn for the machine learning pipeline. The consortium blockchain was realized using Ganache (v2.7.1), with smart contracts written in Solidity (v0.8.9) and managed via the web3.py library; the system description is shown above Table 2. The entire experimental workflow, from administrative setup to real-time device control, was orchestrated and visualized through an interactive GUI that we developed using Flask, HTML, CSS, and JavaScript (Figure 5). Figure 5 shows how the framework is utilized. The logs and the representation of system working information are clear and understandable, providing all the functionalities, including the ACPs.

Table 2

Table 2. System description.

Figure 5

Figure 5. Interactive GUI for system administration and user operation.

4.2 System performance evaluation

Our proposed system is designed to provide efficient and scalable IoT device authentication. The system is computationally efficient, using elliptic curve cryptography (ECC) and dynamically adjusting ZKP and KDF parameters based on device capabilities and network conditions. Communication overhead is minimized by transmitting only the proof on behalf of a group during authentication and using blockchain to store public keys and metadata, with their integrity and availability guaranteed. We evaluated our framework based on the following key performance indicators:

• On-chain gas consumption: The gas required for all state-changing smart contract functions.

• Group ZKP computational overhead: The time required for proof generation and verification.

• Adaptive cryptography performance: The prediction latency of the ML model and the speed of the selected encryption/decryption algorithms.

• End-to-end authentication latency: The total time from user request to successful session establishment.

The system’s decentralized architecture, enabled by blockchain technology, allows it to scale to accommodate a large number of devices, with smart contracts automating key management device registration, storing metadata, and grouping. Additionally, the integration of ML enables the system to adapt to changing conditions in real time, ensuring efficiency and security in dynamic IoT environments.

4.2.1 Gas cost in various operations

Gas consumption is a critical metric for the economic feasibility of any blockchain-based system. We measured the gas cost for each state-changing function in our smart contract.

Table 3; Figures 6a, b present these results for both the gas used in Ganache, converted into the ETH value. The gas cost can be calculated using the formula:

$\text{gas}\_\text{price}\_\text{eth}=\text{gas}\_\text{price}\_\text{gwei\hspace{0.17em}}*0.000000001,\#\text{\hspace{0.17em}Convert\hspace{0.17em}gas\hspace{0.17em}price\hspace{0.17em}from\hspace{0.17em}Gwei\hspace{0.17em}to\hspace{0.17em}ETH},$

$\text{gas}\backslash \_\text{cost}\backslash \_\text{eth}=\text{gas}\backslash \_\text{used\hspace{0.17em}}*\text{\hspace{0.17em}gas}\backslash \_\text{price}\backslash \_\text{eth},\#\text{\hspace{0.17em}Calculate\hspace{0.17em}the\hspace{0.17em}cost\hspace{0.17em}of\hspace{0.17em}gas\hspace{0.17em}used}.$

Note: current gas price taken into account = 0.256 (Gwei).

Table 3

Table 3. Gas cost in various operations in the proposed smart contract.

Figure 6

Figure 6. (a) Gas usage cost for multiple functions in a smart contract. (b) Gas usage cost in ETH for multiple functions in a smart contract.

In proof generation, the SHA-256 hashing scheme takes an average time of 0.008 ms. To comprehensively evaluate the computational overhead of the proposed ZKP mechanism, we measured both the proof generation verification time under varying group sizes.

Each reported value in Table 4; Figure 7 presents the mean ± standard deviation (σ) computed over 50 independent experimental runs, providing statistically validated performance insights. The results show that, as the group size increases, from 10 to 50 devices, the proof generation time scales approximately linearly—from 9.12 ms to 39.41 ms—while the proof verification time remains nearly constant, increasing only marginally from 3.05 ms to 4.29 ms. The low variance (σ < 1 ms in all cases) indicates excellent consistency and reproducibility, demonstrating that the group-based aggregation strategy minimizes performance fluctuation even under larger device groups, and the fixed proof size of 128 bytes for each group makes it suitable and efficient for resource-constrained smart home IoT devices.

Table 4

Table 4. Mean ± standard deviation of zero-knowledge proof (ZKP) proof generation and verification.

Figure 7

Figure 7. Average computational overhead of zero-knowledge proofs (ZKPs).

The performance of the ZPK scheme is evaluated by measuring the proof size, proof generation time, and proof verification time. A key derivation function is used to communicate securely, generating a variable key size in bytes for communication; it usually takes approximately 0.7 ms for 50 devices.

4.2.2 Summary of off-chain performance

Our framework’s off-chain coordinator is responsible for the intelligent and adaptive components of our security model. The performance of these components was evaluated to ensure they provide their advanced security features with minimal latency.

Adaptive cryptography: The core motivation for our adaptive model is the performance difference between cryptographic primitives on typical IoT hardware. Our benchmarks showed that for a 113-byte message, ChaCha20-Poly1305 is faster for encryption (0.006 ms vs. 0.010 ms for AES-GCM), while AES-GCM is faster for decryption (0.007 ms vs. 0.011 ms), especially with hardware support. To exploit this trade-off, our machine learning pipeline demonstrated high precision and speed. The model for selecting the optimal encryption algorithm achieved 88.1% accuracy. The key size prediction model had 77.1% accuracy, and the KDF iteration prediction model achieved an R² value of 0.42. The entire prediction process, which selects all parameters, adds a negligible latency of only ∼16 ms per request, allowing the system to wisely balance security and efficiency in real time.

Behavioral anomaly detection: The anomaly detection model, critical for identifying insider threats, was also highly effective. It achieved a detection accuracy of 98.1% in our evaluation against a simulated attack dataset. Its real-time scoring process is extremely lightweight, adding an average latency of only ∼4 ms per request.

Access control policy enforcement: The off-chain, fine-grained ACPv2 checks, managed by the PolicyEngine, are nearly instantaneous, with a mean execution time of 1.2 ms (±0.6 ms SD).

Total end-to-end latency: When combined, the entire end-to-end workflow—from user request, through ZKP generation and validation, on-chain transaction finality, and all off-chain security checks—was measured to be approximately 3,000 ms for a ten-device group. The majority of this latency is attributable to the deliberate architectural choices of on-chain transaction confirmation and the coordinator’s polling interval rather than computational overhead.

4.3 Comparative analysis

To evaluate the computational efficiency and stability of the proposed group-based ZKP verification process, we conducted a comparative analysis against two well-known schemes: SEAS and UGPA. We began by acknowledging the architectural differences — SEAS and UGPA adopt non-blockchain, certificate-based registration models, while our framework employs a blockchain-based, decentralized, and anonymous registration mechanism. This results in a slightly higher one-time registration cost in our scheme, which is an intentional trade-off for enhanced decentralization, auditability, and trust elimination of a central authority.

To ensure a fair and consistent comparison, all schemes were normalized under equivalent experimental conditions, such as with a similar hardware configuration, an identical cryptographic primitive (256-bit elliptic curve SECP256k1), and consistent device counts ranging from 100 to 500 devices. UGPA inherently performs individual proof verification, SEAS employs batch verification, whereas our scheme performs group-based ZKP verification anchored on blockchain identity management. Each reported value represents the mean of 50 independent experimental trials, and the standard deviation (σ) is presented to quantify performance consistency and statistical reliability.

Table 5; Figure 8 show the comparative computational overhead for ZKP verification across different numbers of devices. The results demonstrate that our proposed scheme achieves up to a 47% improvement over SEAS (batch verification) and approximately a 97% improvement over UGPA (individual verification). For instance, with 500 devices, UGPA requires approximately 7800 ms, SEAS takes 320 ms, whereas our group-based scheme completes verification in an average of 190 ms for the same. The inclusion of standard deviation illustrates the stability of our approach: performance variation remained below 2% of the mean, confirming the robustness and predictability of the proposed verification model under varying network and device loads. These results confirm that the hybrid blockchain–ZKP design not only enhances security and decentralization but also ensures statistically reliable, low-latency, and scalable authentication suitable for real-time smart home and IoT applications.

Table 5

Table 5. Computational overhead of zero-knowledge proof verification (ms).

Figure 8

Figure 8. Average computational overhead in ZKP proof verification.

The cost comparison of different operations performed in our system was also compared with its competitive frameworks, as shown in Figures 9a–c.

Figure 9

Figure 9. (a) ACP cost comparison. (b) Contract deployment comparison. (c) Registration cost comparison.

Here, we can clearly see the difference that registration cost is only higher in our case with comparison to T. Sultana Sultana et al. (2020), Sivaselvan et al. (2020), and Hasan et al. (2023), while other ones we have optimized so much in comparison to cost also other parameters and overall cost has been reduced in these comparative papers or studies. The integrated hybrid ACPs in our scheme were much more cost-effective in comparison with these schemes, drastically reducing the cost of ACPs in comparison to what was outlined in the studies by M.U. Rahman, S.Y.A. Zaidi, N. Sivaselvan, and Md. Rahat, while maintaining the higher security of our framework. Contract deployment cost optimization was also quite impressive compared to the works of Sivaselvan et al. (2020), Rahman (2020), Sultana et al. (2020), and Zaidi et al. (2021), and was somewhat reduced compared to the results obtained by Md. Rahat.

Compared to existing systems, our proposed system offers several advantages, including improved performance, scalability, and adaptability. It eliminates single points of failure, addresses high complexity and storage overhead, and improves upon ZKP-based systems by dynamically adjusting parameters and making it suitable for different kinds of devices due to hybrid encryption. Our framework demonstrates a deliberate architectural trade-off: a modest and acceptable increase in gas costs for registerDevice and uploadRequest is incurred to support the significantly enhanced security and privacy guarantees of the group-based ZKP scheme.

4.4 Security analysis

The proposed mutual authentication scheme and overall framework were analyzed to evaluate security, privacy, and various types of attacks. Our system uses ZKPs, blockchain, ACPs, and ML-based hybrid encryption and anomaly detection, making it immutable, and an adaptive security scheme prevents attacks such as MITM and replay attacks. A key derivation function powered by ML helps establish a secure connection between the devices. Table 6 presents the superiority of our framework over other schemes.

Table 6

Table 6. Comparative analysis with different schemes.

4.4.1 Threat and adversary model

The proposed hybrid framework operates in an open and dynamic smart-home environment, where multiple heterogeneous IoT devices, users, and coordinators interact through partially trusted networks. To ensure a comprehensive assessment, the threat model explicitly considers both outsider and insider adversaries, each capable of performing active or passive attacks.

4.4.1.1 Outsider adversaries

These include external entities such as eavesdroppers, remote attackers, or unauthorized users who have no legitimate credentials within the system. Their primary objectives are to intercept communications, replay legitimate requests, impersonate registered devices, or inject forged commands. They are modeled with full network-level visibility and control (as per the Dolev–Yao intruder assumption). These adversaries can capture, replay, or modify packets, but they cannot break standard cryptographic primitives such as elliptic curve operations or secure hash functions.

4.4.1.2 Insider adversaries

Insiders represent compromised or malicious devices within a registered group, and potentially dishonest users who attempt privilege escalation or denial-of-service from within the trusted perimeter. An insider may attempt to collude with other devices, reuse previously valid proofs, or leak partial cryptographic information. The framework assumes that a subset of devices may be compromised at any given time, but not all members of a group. Specifically, our group-based ZKP remains secure even if up to n − 1 of the n group members are compromised because forging a valid aggregated proof requires knowledge of all private keys.

4.4.1.3 Passive vs. active behavior

• Passive attackers only observe the network and attempt to infer sensitive information from intercepted messages. These threats are mitigated through the zero-knowledge property of the ZKP protocol, which ensures that no secret information is leaked during proof generation or verification.

• Active attackers can modify or inject data, perform replay attacks, collude, attempt to impersonate users, or disrupt the access control workflow. Active threats are mitigated by a combination of blockchain immutability, anomaly-based detection, rate-limiting, and fine-grained off-chain policies enforced by the ACP (ACPv2) engine.

4.4.1.4 Coordinator and blockchain trust boundaries

The off-chain coordinator is a semi-trusted component responsible for dynamic policy evaluation and behavioral analysis. While it cannot be assumed to be fully honest, its activities are auditable because every authorization decision and ZKP verification event is anchored to the consortium blockchain. This prevents unilateral malicious behavior by the coordinator. Even if the coordinator is compromised, it cannot forge ZKPs or alter blockchain-verified device identities.

4.4.1.5 Attack capabilities and assumptions

• Attackers may gain access to device firmware, network traffic, or local storage temporarily.

• Cryptographic primitives (e.g., elliptic curve signatures, SHA-256, and PBKDF2 HMAC) are assumed to be secure.

• Blockchain nodes follow the consensus protocol honestly, but the network itself is untrusted.

• Anomaly detection and ACPv2 mitigate persistent or coordinated attacks by dynamically isolating compromised entities.

4.4.2 Resilience to common security threats

To validate the robustness of our framework, we conducted a formal security analysis of our mutual authentication scheme. The combination of the group-based ZKP, the immutable blockchain, and the intelligent off-chain coordinator ensures resilience against a wide range of security threats. We analyzed the framework against the following critical security properties:

A. Confidentiality. Confidentiality is maintained, so the long-term private keys (sk_i) of the devices are never transmitted over the network. They are used locally by the coordinator to generate the response component of the ZKP. Furthermore, the final ephemeral session key (K_session) is derived using the secure PBKDF2-HMAC function, ensuring that the communication channel is protected.

B. Mutual authentication. The framework establishes strong mutual authentication. A group of devices authenticates itself to the system by successfully generating a valid ZKP, which can only be done with knowledge of the correct private keys. The system (via the coordinator and smart contract) authenticates itself to the user by correctly processing the request and ultimately executing the command, which is only possible if it has access to the legitimate on-chain state.

C. Integrity. Data integrity is guaranteed cryptographically. The ZKP’s challenge component (c = H (R_agg.x ||R_agg.y|| metadata)) creates a secure binding between the proof and the specific request context (the metadata). Any tampering with the metadata during transmission would result in a mismatched challenge during verification, causing the proof to fail.

D. Zero-knowledge property. Our scheme is based on a Schnorr-like protocol, a form of Σ-protocol, which is a proof of knowledge. By using a freshly generated, unpredictable random nonce (r_i) for each session, the generated proof reveals no information about the underlying private keys (sk_i). An adversary observing multiple proofs cannot derive any secret information, thereby preserving the zero-knowledge property.

E. Unforgeability. An external attacker cannot forge a valid group proof without knowledge of all the private keys of the group members. The aggregated response S_agg = Σ(r_i + c ⋅ sk_i) is computationally infeasible to generate without knowing the individual sk_i values—a security guarantee that rests on the hardness of the elliptic curve discrete logarithm problem (ECDLP).

F. Forward secrecy. The framework ensures forward secrecy. Each session uses a freshly generated, random nonce (r_i) to construct the proof. The final session key (K_session) is derived from this ephemeral proof (σ_Gj) and a unique session nonce. Therefore, compromising the devices’ long-term private keys does not compromise the confidentiality of any past session keys.

G. Replay and impersonation resistance. Replay and impersonation attacks are mitigated by the inclusion of unique and timely information in the signed metadata. By including a timestamp or a sequential nonce in the metadata, a replayed signature will result in a verification failure because the verifier will construct the hash with the current timestamp/nonce, thus ensuring proofs are unique and unforgeable.

H. Collusion resistance. The proposed group-based ZKP mechanism is built on an aggregated Schnorr signature construction, which provides strong resistance to collusion among devices. A valid group proof requires contributions from all n devices in the group, each using its private key (sk _i ) to generate a response share. Consequently, an adversary would need to compromise all n private keys to forge a valid aggregated proof. The system, therefore, tolerates up to n − 1 compromised devices within a group of size n without losing its cryptographic integrity. This threshold ensures that partial collusion cannot generate a valid proof, since each missing secret component disrupts the aggregated Schnorr equation. In addition to these cryptographic guarantees, the framework integrates behavioral detection through the anomaly detector, which continuously monitors group behavior. If a significant fraction of devices (e.g., >40%) exhibits correlated abnormal activity or policy violations, the system flags the group for administrative review and temporarily restricts access. Thus, even if multiple devices are compromised, the hybrid cryptographic–behavioral defense ensures both mathematical collusion resistance and runtime anomaly resilience.

I. Insider threat. These are managed by the two-tiered ACP. The off-chain policy engine enforces dynamic rules (e.g., rate limits), while the anomaly detector identifies and flags suspicious behavior, triggering cooldowns or administrative alerts.

J. Denial-of-service (DoS). This attack involving request-flooding is handled by the off-chain coordinator’s rate-limiting and cooldown mechanisms, which protect on-chain resources.

K. Eavesdropping and MITM. These attacks are mitigated by using ephemeral session keys derived via PBKDF2-HMAC for all post-authentication communication.

4.4.3 Smart contract security analysis using Slither

To ensure the security and robustness of our on-chain components, we conducted a comprehensive security audit of the Homechain smart contract using Slither, a state-of-the-art static analysis framework for Solidity smart contracts. Slither performs advanced vulnerability detection, optimization analysis, and code quality assessment through taint analysis and program comprehension.

The analysis was performed on the deployed Homechain smart contract (Solidity v0.8.9) using Slither’s complete suite of detectors. The contract was examined for common vulnerabilities, including reentrancy, integer overflows/underflows, access control issues, and logical errors. The analysis also assessed code optimization opportunities and provided insights into the contract’s architecture.

4.4.3.1 Security findings

The Slither analysis revealed that our smart contract implementation demonstrates strong security characteristics: we have zero high- and medium-severity security issues, while there are two low-severity issues, both related to built-in symbol shadowing, which have no impact on contract security or functionality. These issues represent code style recommendations rather than actual security vulnerabilities and do not affect the contract’s operational safety or efficiency. A comprehensive analysis of all 13 contract functions, shown in Table 7, confirmed their security integrity:

Table 7

Table 7. Summary of our smart contract’s security.

All functions demonstrated proper access control patterns, safe arithmetic operations, and appropriate visibility settings. The contract effectively implements the checks–effects–interactions pattern throughout, preventing common vulnerability patterns. A security analysis confirmed that our smart contract provides a secure foundation for the hybrid framework, successfully implementing the coarse-grained access control policies while maintaining the blockchain’s immutability and auditability guarantees without introducing vulnerabilities.

4.4.4 Formal verification using AVISPA and BAN tools

To formally demonstrate the soundness of the authentication protocol, we conducted an analysis using Burrows–Abadi–Needham (BAN) logic. Formal verification would demonstrate that the protocol correctly establishes mutual belief in a shared, fresh session key between the verifier and the legitimate device group.

To complement the BAN logic analysis, we modeled the protocol in High-Level Protocol Specification Language (HLPSL) and verified it using the AVISPA tool under the strong Dolev–Yao intruder model. Both the On-the-fly Model-Checker (OFMC) and the Constraint-Logic-based Attack Searcher (CL-ATSE) back-ends returned a result of SAFE. This outcome confirms that the protocol is formally secure against a range of symbolic attacks, including MITM, replay, and impersonation attacks, validating the security claims of our framework. The Slither test for smart contracts also demonstrates the security or vulnerability of our Solidity code.

5 Discussion

This section provides a critical interpretation of our experimental findings, discusses the architectural trade-offs inherent in our hybrid design, and contextualizes the results in relation to the broader challenges of IoT security.

5.1 Architectural trade-offs: the semi-trusted coordinator

While the off-chain coordinator plays a central role in enforcing fine-grained policies and adaptive security logic, our framework does not rely on it as a single point of trust. Its actions are anchored and verifiable through on-chain events and signed interactions. Every decision made by the coordinator—such as ZKP verification, device revocation, or access policy updates—is reflected in the blockchain via smart contract calls (uploadRequest, addRL, and setAccessPolicy) and is auditable in immutable logs. Thus, while a coordinator compromise could disrupt availability, it cannot fundamentally break the system’s cryptographic trust or integrity. To further mitigate this single-point-of-failure risk in a production environment, future research should explore replacing the single coordinator with a Byzantine-resilient cluster or securing its execution within a trusted execution environment (TEE).

Thus, even in the event of a partial coordinator compromise, blockchain-layer verification and anomaly-based behavioral detection prevent cascading failures, maintaining the trust and integrity of the system.

5.2 Scalability in large-scale deployments

Our evaluation validated the framework’s performance for up to 500 devices, with a maximum of 50 devices per group. The framework design supports horizontal scalability through the following mechanisms:

• Group-based ZKP aggregation. The group-based architecture inherently aids scalability, as performance depends on the number of active groups rather than the total number of registered devices. Verification complexity grows logarithmically with group size due to elliptic curve point aggregation.

• On-chain modularity. Each group maintains its own on-chain identifiers and policy mappings, enabling the blockchain layer to scale linearly with the number of groups, rather than the number of devices.

Although the current prototype executes coordinator tasks sequentially within a single process for controlled evaluation, the system architecture is inherently parallelizable. Each device group’s operations—including ZKP generation and verification, anomaly detection, and ACPv2 policy enforcement—are fully independent. This design allows for future deployment in multi-threaded or containerized environments, where multiple coordinators can run concurrently without shared state interference. While the present implementation is single-threaded for reproducibility, the architecture readily supports horizontal scaling in large-scale smart home deployments.

5.3 Key management and semi-automated revocation

Our framework implements a comprehensive, two-stage revocation and response mechanism that combines the immediate reaction of off-chain intelligence with the permanent immutability of the blockchain. The addRL () function in our smart contract provides the mechanism for permanent, on-chain revocation. This is an irreversible, admin-triggered action that guarantees that a compromised entity is permanently barred from the system.

Crucially, our framework already implements a form of semi-automated, temporary revocation through the synergy of the AnomalyDetector and the PolicyEngine. As demonstrated in our implementation, if the anomaly detector calculates a risk score for a user that exceeds the defined threshold (0.42), it automatically triggers the PolicyEngine to place that user in a cooldown state for 10 min. This action serves as an immediate, automated suspension that neutralizes a potential threat in real-time without requiring administrative intervention.

This two-stage process is a key strength of our hybrid design. The automated off-chain cooldown handles immediate threats and provides a rapid response, while the on-chain revocation list offers a mechanism for the permanent, deliberate exclusion of known malicious actors. This approach effectively combines the rapid response of an AI-driven system with the deliberate, human-in-the-loop confirmation required for irreversible on-chain actions.

5.4 Machine learning models pipeline

To evaluate and support the adaptive components of our framework, we designed a comprehensive ML pipeline responsible for two major intelligence functions:

• adaptive cryptographic parameter prediction;

• behavioral anomaly detection for insider threat mitigation.

5.4.1 Adaptive cryptography model

To enable dynamic and context-aware cryptographic selection, we implemented a multi-task learning framework comprising three predictive models.

5.4.2 Dataset and methodology for reproducibility

To train and validate the models, we generated a realistic synthetic dataset containing 10,000 samples, designed to emulate a wide range of smart home device profiles and operating conditions.

• Features. The feature set included numerical telemetry (Battery_Level, Data_Size_MB, and Network_Latency) and categorical device capabilities (Encryption_Support and Hardware_Support).

• Target variables. The models were trained to predict three targets: Best_Algorithm, Key_Size, and KDF_Iterations.

• Preprocessing and validation. The dataset was split into an 80% training set and a 20% test set. All features were preprocessed using one-hot encoding for categorical variables and standard scaling for numerical ones. To ensure that the models were robust and not overfit, we validated their performance using five-fold cross-validation on the training data before final evaluation on the unseen test set.

5.4.3 Performance and results

The pipeline demonstrated strong and credible performance, proving its effectiveness for real-time decision-making. The performance of each predictive model on the final test set is as follows:

• Encryption algorithm predictor. A regularized RandomForestClassifier determines the optimal algorithm (AES-GCM or ChaCha20-Poly1305). The model achieved a final test accuracy of 88.1%, demonstrating its reliability in balancing security and performance based on device context. Cross-validation makes it strong, with an accuracy of 87.35% ± 0.85.

• Key size predictor. Another RandomForestClassifier predicts the appropriate key size (128, 192, or 256 bits). The model achieved a test accuracy of 77.1%, effectively managing the trade-off between security strength and computational load. Cross-validation scores well with an accuracy of 78.84% ± 1.06.

• KDF iteration estimator. A GradientBoostingRegressor was used to predict the optimal number of PBKDF2 iterations. It obtained a final test R-squared value of 0.42 and a mean absolute error (MAE) of 15,231. Cross-validation highlights its accuracy with an R-squared value of 0.42 ± 0.01. This result indicates that the model successfully captured a significant trend, explaining 42% of the variance in a complex and noisy relationship. This data-driven estimation is a substantial improvement over a static configuration.

The complete inference process for the entire pipeline—covering all three model predictions—requires approximately 16 ms per request. This negligible latency, especially when compared to network and blockchain transaction times, confirms the real-time feasibility of our adaptive cryptography approach.

5.4.4 Anomaly detection model

In addition to adaptive cryptography, the off-chain coordinator hosts a self-evolving anomaly detection engine designed to identify insider threats and compromised device behavior in real time. Unlike static ML models that depend on pre-existing labeled datasets, this hybrid engine learns continuously from operational logs collected during normal system activity. These logs, which are maintained in security_events.jsonl, include event metadata such as device group size, latency, action ID, battery level, signature validity, and access control outcomes.

5.4.5 Hybrid learning and feature extraction

The anomaly detection framework combines rule-based reasoning with unsupervised learning to ensure continuous adaptation.

• Rule-based scoring. Initially, the system applies a set of expert-defined heuristics to assess event risk based on parameters such as network latency, failed authentication ratio, and unusual access time. Each event receives a preliminary risk score of 0 to 1.

• Isolation forest classifier. Once a sufficient number of events (≥50) are logged, the isolation forest model is dynamically fitted to the feature set extracted from historical records. This model learns the normal behavioral baseline of devices and identifies statistically rare patterns as anomalies.

• Feature vector. The feature vector is used by both components, including hours, day_of_week, latency, battery_level, signature_validity, denial_flag, recent_fail_ratio, action_id, and group_size.

This hybrid approach allows the model to immediately detect clear violations via rules while continuously refining its ability to spot more subtle, evolving threats through the ML component. The model operates in an incremental learning loop, retraining itself periodically (after every 50 new events) to adapt to evolving user and device behavior without manual intervention.

5.4.6 Methodology and performance evaluation

To validate the model’s effectiveness, we developed a comprehensive evaluation methodology:

• Training and test data. A large dataset of 2,100 events was synthetically generated for training and then intentionally “contaminated” with ∼5% anomalous events to create a robust decision boundary. A separate, unseen test dataset of 1,100 events (containing 1,000 normal and 100 simulated attack events) was used for the final evaluation.

• Threshold optimization. To find the optimal balance between attack detection and user experience, we systematically evaluated performance across a range of detection thresholds, selecting the value that maximized the F1-score.

The evaluation confirmed that the model is both highly effective and reliable. Optimal performance was achieved with a detection threshold of 0.42. The key performance metrics are summarized in Table 8.

Table 8

Table 8. Key performance metrics of anomaly detection model.

These strong results validate the efficacy of our hybrid design. Perfect precision is a critical outcome that ensures the system is highly reliable and does not disrupt legitimate users. The high recall rate of 79% confirms its effectiveness in identifying a large majority of threats. This trade-off—guaranteeing zero false positives while still catching the majority of attacks—represents a conservative and user-centric security posture, which is ideal for a smart home environment. We acknowledge that these results are based on a simulated environment; the model’s performance on real-world “0-day” threats would depend on a continuous learning loop.

5.4.7 Integration with policy engine

The anomaly detection module operates in conjunction with the ACP engine (ACPv2). If the anomaly score for a user or device exceeds a threshold (default = 0.42), the coordinator dynamically enforces cooldowns or temporarily restricts access. This real-time fusion of behavioral intelligence and policy enforcement ensures proactive mitigation of insider and stealth attacks, reinforcing the system’s resilience without affecting legitimate operations.

5.5 Evaluation scope and future directions

Our performance evaluation focused on the critical metrics of latency and on-chain computational cost (gas) to validate the core efficiency of our hybrid architecture. However, a comprehensive real-world assessment requires a broader set of metrics. We have identified the following as crucial next steps for future research:

• Energy consumption. A key concern for battery-powered IoT devices is energy drain. Future work will involve deploying the ZKP generation and cryptographic functions on actual IoT hardware (e.g., the ESP32) to measure the precise energy consumption in joules per operation. This will be essential to validate the real-world benefits of our adaptive cryptography model.

• Throughput under stress. Our current evaluation measures latency on a per-request basis. A full scalability analysis will require stress-testing the off-chain coordinator to measure its throughput (requests per second) under a high-concurrency workload, identifying potential bottlenecks in the real system for accurate measurement.

• Storage overhead. While gas costs for transactions are low, the long-term storage overhead on the blockchain is another important consideration. We will analyze the state growth of smart contracts over an extended period of simulated use to project the long-term storage requirements of the system.

6 Conclusion and future work

In modern smart home IoT environments, there is a pressing need for security frameworks that deliver decentralized trust while maintaining the low-latency performance essential for real-time interactions. To meet this demand, we introduced a hybrid, two-tiered access control policy (ACP) framework that strategically integrates blockchain immutability with intelligent off-chain enforcement. This design not only resolves the trust issue but also enhances the stability and adaptability of the overall system.

At its core, the on-chain layer employs smart contracts to enforce foundational, coarse-grained rules, offering a tamper-proof and auditable trust anchor with predictable gas costs. Complementing this, the off-chain coordinator manages fine-grained, context-aware ACPv2 policies and orchestrates a group-based zero-knowledge proof (ZKP) for privacy-preserving authorization. Together, these layers ensure both immutability and real-time adaptability. In performance evaluation, the proposed framework achieved ZKP authentication for a 500-device group in just 190 ms, reduced on-chain gas costs for access control by up to 90% compared to benchmarked systems, and leveraged 88.1% and 98.1% accurate machine learning models for adaptive cryptography and anomaly detection, respectively. The entire secure workflow, from user request to session establishment, was completed with an end-to-end latency of approximately 3s for 10 devices in a group. Our evaluation confirmed the framework’s practicality: smart contracts maintained low-cost enforcement, the ZKP protocol was utilized efficiently, and formal BAN and AVISPA analysis validated resilience against replay, impersonation, man-in-the-middle attacks, and many other attacks, while static analysis with Slither confirmed that the smart contract is free from critical vulnerabilities.

In the future, we have identified several avenues for the advancement of our framework:

• Real-world deployment on constrained IoT hardware (e.g., smart plugs, thermostats, and surveillance cameras) to evaluate latency, energy use, and reliability under practical network conditions and on-porting the blockchain layer to Hyperledger Fabric for production-grade consortium operation.

• For advanced privacy-preserving techniques regarding future security considerations, we acknowledge that the current design relies on elliptic curve cryptography (ECC) and Schnorr-like ZKPs, which may become vulnerable in a post-quantum adversarial landscape. To address this, our future work will focus on integrating post-quantum cryptographic primitives—such as lattice-based zero-knowledge proofs or PQ-secure signatures—to enhance long-term resilience against quantum attacks. This will ensure that the proposed framework can evolve alongside emerging cryptographic threats.

• AI-driven reinforcement learning can further enhance the system’s adaptability. We plan to replace the current static anomaly detection model with a fully advanced AI-driven reinforcement learning agent. This would enable the framework to autonomously adapt its ACPv2 policies and risk thresholds in response to newly observed or evolving threat patterns, creating a truly self-defending system.

In conclusion, our hybrid multi-layered framework represents a robust, scalable, and future-ready solution for secure IoT ecosystems, combining blockchain-based immutability, efficient ZKP authorization, and intelligent off-chain enforcement into a cohesive and resilient security architecture.

Data availability statement

The original contributions presented in the study are included in the article/Supplementary Material; further inquiries can be directed to the corresponding author.

Author contributions

SS: Conceptualization, Formal Analysis, Methodology, Validation, Writing – original draft, Writing – review and editing. AS: Investigation, Methodology, Supervision, Validation, Visualization, Writing – review and editing.

Funding

The authors declare that no financial support was received for the research and/or publication of this article.

Conflict of interest

The authors declare that the research was conducted in the absence of any commercial or financial relationships that could be construed as a potential conflict of interest.

Generative AI statement

The authors declare that no Generative AI was used in the creation of this manuscript.

Any alternative text (alt text) provided alongside figures in this article has been generated by Frontiers with the support of artificial intelligence and reasonable efforts have been made to ensure accuracy, including review by the authors wherever possible. If you identify any issues, please contact us.

Publisher’s note

All claims expressed in this article are solely those of the authors and do not necessarily represent those of their affiliated organizations, or those of the publisher, the editors and the reviewers. Any product that may be evaluated in this article, or claim that may be made by its manufacturer, is not guaranteed or endorsed by the publisher.

References

Abomhara, M., and Køien, G. M. (2014). “Security and privacy in the internet of things: current status and open issues,” in 2014 international conference on privacy and security in mobile systems (PRISMS) (IEEE), 1–8. doi:10.1109/PRISMS.2014.6970594

CrossRef Full Text | Google Scholar

Al Hwaitat, A. K., Almaiah, M. A., Ali, A., Al-Otaibi, S., Shishakly, R., Lutfi, A., et al. (2023). A new blockchain-based authentication framework for secure IoT networks. Electronics 12 (17), 3618. doi:10.3390/electronics12173618

CrossRef Full Text | Google Scholar

Ali, A., Almaiah, M. A., Al-Zahrani, M., Al-Wesabi, F. N., and Nemri, N. (2023). A novel hybrid approach using blockchain and machine learning for secure and efficient IoT-Based smart home systems. Electronics 12 (4), 910. doi:10.3390/electronics1204091010.48550/ar

CrossRef Full Text | Google Scholar

Alruwaili, F. F., Alohali, M. A., Aljaffan, N., Alhashmi, A. A., Mahmud, A., and Assiri, M. (2024). A decentralized approach to smart home security: blockchain with red-tailed hawk-enabled deep learning. IEEE Access 12, 14146–14156. doi:10.1109/ACCESS.2024.3352502

CrossRef Full Text | Google Scholar

Asghar, I., Khan, M. A., Ahmad, T., Ullah, S., Mansoor ul Hassan, K., and Buriro, A. (2023). Fortifying smart home security: a robust and efficient user-authentication scheme to counter node capture attacks. Sensors 23 (16), 7268. doi:10.3390/s23167268

PubMed Abstract | CrossRef Full Text | Google Scholar

Baccouri, S., Farhat, H., Azzabi, T., and Attia, R. (2024). Lightweight authentication scheme based on elliptic curve el gamal. J. Inf. Telecommun. 8 (2), 231–261. doi:10.1080/24751839.2023.2281143

CrossRef Full Text | Google Scholar

Batal, S., Hraoui, S., and Berrada, M. (2025). “Managing access control for AI APIs via blockchain smart contracts,” in 2025 5th international conference on innovative research in Applied Science, engineering and Technology (IRASET) (IEEE), 1–11. doi:10.1109/IRASET64571.2025.11008265

CrossRef Full Text | Google Scholar

Dorri, A., Kanhere, S. S., Jurdak, R., and Gauravaram, P. (2017). “Blockchain for IoT security and privacy: the case study of a smart home,” in 2017 IEEE international conference on pervasive computing and communications workshops (PerCom workshops) (IEEE), 618–623. doi:10.1109/PERCOMW.2017.7917634

CrossRef Full Text | Google Scholar

Farooq, M. S., Khan, S., Rehman, A., Abbas, S., Khan, M. A., and Hwang, S. O. (2022). Blockchain-based smart home networks security empowered with fused machine learning. Sensors 22 (12), 4522. doi:10.3390/s22124522

PubMed Abstract | CrossRef Full Text | Google Scholar

Feist, J., Grieco, G., and Groce, A. (2019). “Slither: a static analysis framework for smart contracts,” in 2019 IEEE/ACM 2nd international workshop on emerging trends in software engineering for blockchain (WETSEB) (IEEE), 8–15. doi:10.1109/wetseb.2019.00008

CrossRef Full Text | Google Scholar

Fugkeaw, S., Rattana, A., Jongvijitkun, C., and Nongya, P. (2025). “AC-Devchain: an efficient context-aware access control in devsecops using blockchain,” in 2025 17th international conference on knowledge and smart technology (KST) (IEEE), 346–351. doi:10.1109/KST65016.2025.11003315

CrossRef Full Text | Google Scholar

Hasan, M. R., Alazab, A., Joy, S. B., Uddin, M. N., Uddin, M. A., Khraisat, A., et al. (2023). Smart contract-based access control framework for internet of things devices. Computers 12 (11), 240. doi:10.3390/computers12110240

CrossRef Full Text | Google Scholar

Lavin, R., Liu, X., Mohanty, H., Norman, L., Zaarour, G., and Krishnamachari, B. (2024). A survey on the applications of zero-knowledge proofs. arXiv Prepr. arXiv:2408.00243.

Google Scholar

Li, S., Xu, L. D., and Zhao, S. (2015). The internet of things: a survey. Inf. Syst. Front. 17 (2), 243–259. doi:10.1007/s10796-014-9492-7

CrossRef Full Text | Google Scholar

Lin, C., He, D., Kumar, N., Huang, X., Vijayakumar, P., and Choo, K. K. R. (2019). HomeChain: a blockchain-based secure mutual authentication system for smart homes. IEEE Internet Things J. 7 (2), 818–829. doi:10.1109/JIOT.2019.2944400

CrossRef Full Text | Google Scholar

Liu, W., Wang, X., and Peng, W. (2020). “NCZKP based privacy-preserving authentication scheme for the untrusted gateway node smart home environment,” in 2020 IEEE symposium on computers and communications (ISCC) (IEEE), 1–6. doi:10.1109/ISCC50000.2020.9219704

CrossRef Full Text | Google Scholar

Liu, P., Xu, Y., Wang, Y., and Fan, P. (2024). A blockchain empowered smart home access scheme based on zero-trust Architecture. J. Electr. Syst. 20 (3), 43–49. doi:10.52783/jes.2356

CrossRef Full Text | Google Scholar

Menon, S., Anand, D., Verma, S., Kaur, M., Jhanjhi, N. Z., Ray, S. K., et al. (2023). Blockchain and machine learning inspired secure smart home communication network. Sensors 23 (13), 6132. doi:10.3390/s23136132

PubMed Abstract | CrossRef Full Text | Google Scholar

Moon, A. H., Iqbal, U., and Bhat, G. M. (2016). Mutual entity authentication protocol based on ECDSA for WSN. Procedia Comput. Sci. 89, 187–192. doi:10.1016/j.procs.2016.06.038

CrossRef Full Text | Google Scholar

Rahman, M. U. (2020). Scalable role-based access control using the eos blockchain.

Google Scholar

Rasheed, A. A., Mahapatra, R. N., and Hamza-Lup, F. G. (2019). Adaptive group-based zero knowledge proof-authentication protocol in vehicular ad hoc networks. IEEE Trans. Intelligent Transp. Syst. 21 (2), 867–881. doi:10.1109/TITS.2019.2899321

CrossRef Full Text | Google Scholar

Sahraoui, S., and Bachir, A. (2025). Lightweight Consensus mechanisms in the internet of blockchained things: thorough analysis and research directions. Digital Commun. Netw. 11, 1246–1261. doi:10.1016/j.dcan.2024.12.007

CrossRef Full Text | Google Scholar

Sivaselvan, N., Bhat, V., and Rajarajan, M. (2020). “Blockchain-based scheme for authentication and capability-based access control in IoT environment,” in 2020 11th IEEE annual ubiquitous computing, electronics and Mobile communication conference (UEMCON) (IEEE), 0323–0330.

Google Scholar

Skarmeta, A. F., Hernandez-Ramos, J. L., and Moreno, M. V. (2014). “A decentralized approach for security and privacy challenges in the internet of things,” in 2014 IEEE world forum on internet of Things (WF-IoT) (IEEE), 67–72.

Google Scholar

Soni, S., and Singh, A. (2025). “Analyzing blockchain technology for enhancing security in smart home systems: current developments and future directions,” in 2025 3rd international conference on disruptive technologies (ICDT) (IEEE), 1331–1336.

Google Scholar

Su, Z., Wang, S., Cai, H., Huang, J., Chen, Y., Zhang, X., et al. (2024). A secure and efficient authentication scheme for large-scale IoT devices based on zero-knowledge proof. Electronics 13 (18), 3735. doi:10.3390/electronics13183735

CrossRef Full Text | Google Scholar

Sultana, T., Almogren, A., Akbar, M., Zuair, M., Ullah, I., and Javaid, N. (2020). Data sharing system integrating access control mechanism using blockchain-based smart contracts for IoT devices. Appl. Sci. 10 (2), 488. doi:10.3390/app10020488

CrossRef Full Text | Google Scholar

Wishwasara, J. (2023). Zero knowledge proofs: a comprehensive review of applications, protocols, and future directions in cybersecurity. United Kingdom: Staffordshire University. doi:10.13140/RG.2.2.11606.22080

CrossRef Full Text | Google Scholar

Zaidi, S. Y. A., Shah, M. A., Khattak, H. A., Maple, C., Rauf, H. T., El-Sherbeeny, A. M., et al. (2021). An attribute-based access control for IoT using blockchain and smart contracts. Sustainability 13 (19), 10556. doi:10.3390/su131910556

CrossRef Full Text | Google Scholar