Hybrid Blockchain and Smart Contract Framework for Resilient IoT Security in Smart Homes

SHIVA SONI^*Abhilasha Singh

• SRM Institute of Science and Technology - Delhi NCR Campus, Ghaziabad, India

The rapid growth of IoT devices in smart home environments introduces significant challenges in ensuring secure, scalable, and efficient communication among heterogeneous devices. Centralized architectures suffer from a single point of failure, while blockchain-only solutions face high latency, limiting their use in real-time control. To address these issues, we propose a multi-layered decentralized framework that combines a consortium blockchain, a trusted off-chain coordinator, group-based Zero-Knowledge Proofs (ZKP), and a two-tiered Access Control Policy (ACP) architecture. The consortium blockchain provides an immutable ledger for device identities and foundational coarse-grained ACP enforcement through smart contracts, ensuring tamper-proof trust. For privacy-preserving mutual authentication, a group-based ZKP protocol enables collective device authorization without revealing sensitive keys. The off-chain coordinator complements this by enforcing dynamic security mechanisms, including fine-grained ACPv2 checks—such as rate limits, time-of-day restrictions, and device telemetry—and anomaly detection for behavioral risk assessment. This proposed hybrid structure achieves both immutability and high efficiency over the traditional methods. Performance evaluation highlights the framework's efficiency by demonstrating that the core ZKP verification for a 500-device group is completed in just 190ms. The framework drastically reduces on-chain costs, with critical access control policy transactions consuming only 82,748 gas—a reduction of over 90% compared to benchmarked on-chain systems. The complete end-to-end workflow, from user request to secure session establishment, has a latency bound of approximately 3 seconds. Formal security verification with the BAN and AVISPA tool validates resilience against common attacks, including man-in-the-middle, replay, and impersonation, while static analysis using the Slither framework confirmed the absence of critical vulnerabilities in the smart contract code. By combining an immutable on-chain foundation with intelligent, dynamic off-chain enforcement, our proposed framework provides a uniquely resilient, scalable, and adaptive security solution for modern smart home systems. [Reviewer 2, Comment-1, 3]