BlocksecIOT: a lightweight ecc-block-chain framework for decentralized device authentication and anomaly detection in industrial IOT environments

Abstract

The attack surface of the Industrial Internet of Things (IIOT) is rapidly expanding, exposing systems to threats such as device impersonation, Sybil attacks, and insider adversaries. Traditional centralized Public Key Infrastructure (PKI) schemes struggle to address these challenges due to single points of failure, certificate revocation delays, and computational overhead on resource-constrained devices. This paper proposes BlockSecIOT, a lightweight authentication and anomaly detection framework for heterogeneous IIOT environments. The framework integrates ECC-256 for efficient key management, Hyperledger Fabric for decentralized device identity governance, and a Deep Autoencoder with Isolation Forest (DAE-IF) for real-time anomaly detection without labeled attack data. Smart contracts implement Role-Based Access Control (RBAC) and automatic device quarantine, enabling closed-loop security response. BlockSecIOT employs a three-message mutual authentication protocol based on ECDH-derived session keys and ECDSA verification, eliminating dependence on centralized certificate authorities. Experimental evaluation achieved F1-scores of 0.963, 0.978, and 0.941 on BATADAL, SWaT, and UNSW-NB15 datasets, respectively. The framework recorded authentication latency of 8.7 ms, detection latency of 12.4 ms, and combined response time of 21.1 ms, within the 50 ms control-cycle requirement. Hyperledger Fabric supported 847 transactions per second with 500 concurrent devices and 2.1-second block finality, while each device required only 3.1 KB storage. Results demonstrate the practicality, scalability, robustness, and energy efficiency of BlockSecIOT for enterprise-grade IIOT security deployment, ensuring resilient and secure communication across industrial cyber-physical infrastructures.