Next Article in Journal
Model for Structural and Parametric Optimization of the Mechanical Processing Technology for a Product
Previous Article in Journal
Soundscape-Informed Urban Planning and Architecture in Historic Centers: A Multi-Layer Method for Soundscape Characterization Applied to Bilbao Old Town
Previous Article in Special Issue
CQLLM: A Framework for Generating CodeQL Security Vulnerability Detection Code Based on Large Language Model
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 16
Issue 8
10.3390/app16083638
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Security, Privacy, and Scalability Trade-Offs in Blockchain-Enabled IoT Systems: A Systematic Analytical Review

by
Abdullah
1,2,
Nida Hafeez
1,2,
Maryam Shabbir
2,
Muhammad Ateeb Ather
1,2,
José Luis Oropeza Rodríguez
1,* and
Grigori Sidorov
1
1
Centro de Investigación en Computación (CIC), Instituto Politécnico Nacional (IPN), Mexico City 07320, Mexico
2
Department of Computer Science, Bahria University, Lahore 54000, Pakistan
*
Author to whom correspondence should be addressed.
Appl. Sci. 2026, 16(8), 3638; https://doi.org/10.3390/app16083638
Submission received: 19 February 2026 / Revised: 31 March 2026 / Accepted: 31 March 2026 / Published: 8 April 2026
(This article belongs to the Special Issue Advanced Technologies in Data and Information Security, Fourth Edition)
Browse Figures
Versions Notes

Abstract

The integration of blockchain technology with the Internet of Things (IoT) presents a paradigm shift in securing decentralized networks, yet it introduces critical trade-offs among security, privacy, and scalability. This systematic analytical review examines the inherent tensions within blockchain-enabled IoT systems, focusing on how consensus mechanisms, cryptographic primitives, and architectural choices affect these three pillars. Through a comprehensive analysis of the contemporary literature, we identify that no single blockchain configuration simultaneously optimizes security, privacy, and scalability. Instead, these properties exist in a triadic relationship where enhancing one dimension typically compromises at least one other. Our review categorizes existing solutions based on their approach to balancing these trade-offs, including sharding, layer-2 protocols, zero-knowledge proofs, and hybrid architectures. We further analyze the applicability of these solutions across different IoT domains, identifying context-specific optimal configurations. The findings reveal that while significant progress has been made in addressing individual challenges, integrated frameworks that holistically consider all three dimensions remain underdeveloped. This review contributes a novel analytical framework for evaluating blockchain–IoT systems and identifies critical research directions, including adaptive consensus mechanisms, privacy-preserving scalability solutions, and domain-specific architectural patterns. Unlike prior studies that primarily focus on conceptual discussions of blockchain–IoT integration, this work synthesizes insights from systematically reviewed literature to propose a conceptual lightweight blockchain framework tailored for resource-constrained IoT environments. This study combines a SLR with a conceptual and experimentally evaluated framework, where the review findings and the proposed solution are presented as distinct but complementary contributions.

1. Introduction

The Internet of Things (IoT) has experienced unprecedented expansion in recent years, interconnecting billions of devices across diverse sectors [1,2]. Modern IoT applications encompass a wide array of domains, including smart manufacturing, intelligent home automation, connected healthcare systems, urban infrastructure, transportation networks, and precision agriculture [3]. Market projections estimate that the number of IoT-connected devices will surpass 41 billion by 2027, with the global market valued at approximately USD 157.9 billion as of 2021 [4]. This widespread integration of IoT technologies offers substantial benefits, such as real-time monitoring of assets, predictive maintenance in industrial settings, personalized health monitoring, efficient agricultural resource usage, and automation of domestic environments [2,3].
Despite the transformative potential of IoT, its rapid proliferation introduces significant security and privacy vulnerabilities [5,6,7]. A majority of current IoT architectures depend on centralized cloud or edge-based infrastructures for data aggregation, processing, and decision-making [8,9]. Such centralization inherently creates single points of failure and becomes a focal target for cyberattacks, escalating the risks of data breaches, unauthorized system access, and privacy infringements. As emphasized in recent studies, IoT devices typically interoperate via centralized cloud infrastructures, necessitating strong trust and security frameworks [5]. Attackers can exploit weaknesses across various layers of the IoT stack, including sensors, gateways, and cloud servers, leading to the compromise of data confidentiality, integrity, and system reliability [6,7].
Safeguarding data confidentiality, integrity, and user privacy within IoT ecosystems remains a formidable task [5,8,10]. Implementing conventional cryptographic methods is particularly challenging due to the severe resource limitations of IoT devices. Sensors and embedded systems often operate with minimal computational power, restricted memory, and limited battery capacity [5,6]. Executing standard encryption protocols or running blockchain consensus algorithms on such devices can deplete their resources rapidly. Studies have shown that traditional cryptographic techniques may be unsuitable for resource-constrained environments, potentially introducing security gaps [6,9]. Similarly, the computational and storage demands of public-key cryptography and blockchain protocols often exceed the capabilities of low-power IoT hardware [11,12].
These limitations indicate that directly applying conventional security mechanisms in IoT systems is frequently impractical. There is a critical need for lightweight, tailored solutions that do not compromise security [5,11]. In this context, blockchain technology has emerged as a promising enabler of decentralized trust and security. By replacing centralized authorities with distributed ledgers, blockchain mitigates single points of failure and offers tamper-evident, auditable, and transparent data management [4,11,12]. Its key attributes, including decentralization, immutability, transparency, and programmable smart contracts, make it highly appealing for enhancing IoT security [4,13,14]. As suggested in recent studies, blockchain’s decentralized architecture can address key limitations in authentication and security management within the IoT ecosystem [5]. By leveraging cryptographic hashes and smart contracts, blockchain can ensure strong data integrity, facilitate transparent auditing, and automate secure access control, all without dependence on a central authority [4,12,13].
While blockchain offers several advantages, its integration into IoT infrastructures is not without significant challenges. Notably, blockchain systems often encounter performance and scalability limitations that are incompatible with the constraints of IoT deployments [8,15]. The consensus protocols and data replication mechanisms used in many public blockchains, particularly those based on proof-of-work, consume substantial computational power, bandwidth, and energy, making them ill-suited for battery-operated IoT devices [8,11,16]. As highlighted in the recent literature, the convergence of blockchain and IoT introduces challenges in scalability, energy efficiency, and data privacy [8]. Ensuring the ledger’s performance remains acceptable while respecting the limited computational and storage capabilities of individual devices is a pressing concern [11,12].
Furthermore, blockchain’s inherent transparency and immutability may conflict with user privacy, as sensitive information cannot be easily modified or deleted once recorded [15,17]. Addressing this transparency–confidentiality trade-off is a complex but essential aspect of secure IoT–blockchain integration [8,15].
These technical and architectural observations underscore the motivation for this study, while numerous surveys have addressed IoT security and blockchain technologies independently or in general terms, two significant gaps persist. First, there is a lack of a structured and comprehensive taxonomy detailing the unique threat models and privacy challenges introduced by the convergence of IoT and blockchain systems [4,18]. Second, existing studies often fail to propose practical and lightweight blockchain frameworks that are specifically optimized for the constrained computational environments typical of IoT devices [5,11,12]. As noted in recent studies, current reviews do not adequately examine consensus algorithms that accommodate IoT’s hardware limitations, and there is a pressing need for explicit security taxonomies tailored to the IoT–blockchain intersection [5,8]. In response to these gaps, this work aims to (i) develop a systematic classification of IoT–blockchain threat vectors and (ii) propose a novel lightweight blockchain architecture that minimizes computational and energy overhead while retaining the security advantages of decentralized systems. Ultimately, this research seeks to bridge the divide between the security potential of blockchain and the operational realities of IoT deployments.
Furthermore, as will be seen, there are very few published reviews on the current topic. This research paper presents the development of the new IoT architecture that adopts blockchain technology to solve the privacy problem, thus filling the existing gaps. To the best of our knowledge, the survey presented in this paper is one of the early comprehensive systematic investigations aimed at studying privacy countermeasures and blockchain-based solutions against IoT threats as shown in Table 1.
This research aims to accomplish the following:
  • Systematically analyze security and privacy risks arising from IoT–blockchain integration, emphasizing emergent threats like data deanonymization and consensus-layer exploits;
  • Evaluate the efficacy of blockchain’s decentralized architecture in addressing IoT’s CIA triad (Confidentiality, Integrity, Availability) challenges, particularly in resource-constrained environments;
  • Propose a lightweight, scalable framework that harmonizes blockchain’s security benefits with IoT’s operational demands, addressing gaps in existing solutions such as high computational overhead and poor interoperability.
The research questions are as follows:
  • How can blockchain’s decentralized architecture resolve IoT’s inherent security–privacy trade-offs without compromising scalability?
  • What application-specific adaptations are required to optimize blockchain for IoT’s resource constraints (e.g., low-power devices, real-time processing)?
  • Can blockchain provide end-to-end privacy guarantees in IoT ecosystems, and under what conditions?
In this paper, we make the following key contributions:
  • Taxonomy of Threats: We provide a comprehensive taxonomy of security and privacy threats at the IoT–blockchain intersection, integrating insights from IoT vulnerabilities and blockchain attacks. This taxonomy highlights how traditional IoT attacks (e.g., device compromise, data manipulation) are transformed or mitigated when blockchain is introduced.
  • Critical Analysis of Limitations: We critically analyze why standard cryptographic and blockchain techniques often fall short in IoT contexts. We detail the limitations of existing solutions in terms of scalability, energy consumption, and privacy, emphasizing the need for IoT-tailored designs.
  • Lightweight Blockchain Framework: We propose a novel lightweight blockchain framework optimized for IoT networks. Our design adjusts consensus methods and data structures to match IoT resource profiles, ensuring tamper resistance with minimal overhead. The framework also incorporates privacy-enhancing features to protect sensitive data on the blockchain.
  • Application Scenarios: We illustrate our findings and framework through use cases in representative IoT domains, such as smart home automation, connected healthcare monitoring, and precision agriculture. These examples demonstrate how the proposed taxonomy and framework can be applied to improve security and privacy in real-world IoT applications.
While prior studies, such as layer-specific threat analysis and sectoral blockchain–IoT use cases, provide foundational insights, they lack systematic methodologies for cross-domain privacy preservation. This paper bridges that gap through a structured literature review of 115 studies, from which a focused subset of 20 representative works is selected for detailed thematic analysis, revealing critical trends: (1) Smart contracts and federated learning enhance IoT data integrity but require novel encryption strategies to mitigate latency [19,20] and (2) hybrid consensus models (e.g., GHOSTDAG [21]) outperform traditional mechanisms in throughput and fault tolerance but lack real-world validation. By addressing these gaps, our work establishes a roadmap for secure, sustainable IoT–blockchain ecosystems, empowering policymakers and practitioners to navigate evolving regulatory and technical landscapes. Compared with previous surveys that primarily summarize blockchain–IoT architectures, this study synthesizes insights from systematically reviewed literature to outline a conceptual lightweight blockchain framework that addresses security, privacy, and scalability challenges in resource-constrained IoT environments.
The rest of the paper is organized as follows. Section 2 describes the research methodology in detail. Section 3 presents a comparative analysis of existing approaches. Section 4 outlines the background studies in detail. Section 5 discusses the results and key findings of the study. Section 6 highlights the challenges and future research directions. Finally, Section 7 concludes the paper.

2. Methodology

This study follows the PRISMA 2020 guidelines to ensure methodological rigor and reproducibility. The systematic review process is structured into four phases, namely, identification, screening, eligibility assessment, and inclusion and exclusion criteria, which are deeply described in Figure 1 and Table 2. Systematic reviews serve as a consolidation of research conducted by expert review groups [22,23]. Their purpose is to locate and gather relevant data from various sources. Furthermore, they also seek to review and integrate the conclusions of this research toward the purposes of given practice and policy recommendations and, in several instances, practice or policy recommendations and, in some cases, future research [24].
The Cochrane handbook defines systematic reviews as employing transparent and systematic methods that are deliberately chosen to minimize bias, resulting in more accurate outcomes that inform decision-making [25]. These reviews follow a well-defined and predetermined process that incorporates comprehensive methodologies to ensure the accuracy and usefulness of the findings for end-users [26]. Such reviews are considered a crucial foundation of evidence-based healthcare [27] and are extensively employed to develop reliable clinical guidelines [28].
This review adopts a structured and reproducible literature screening methodology to ensure analytical rigor. A comprehensive search was conducted across IEEE Xplore, Scopus, Web of Science, SpringerLink, and ScienceDirect using combinations of keywords including “IoT security,” “blockchain-enabled IoT,” “privacy-preserving blockchain,” and “decentralized IoT architectures.” Studies published between 2017 and 2025 were considered. After removing duplicates and non-peer-reviewed articles, papers were filtered based on relevance to blockchain-based security or privacy mechanisms in IoT environments. Only studies presenting architectural frameworks, consensus mechanisms, privacy-preserving models, or empirical validation were retained for critical analysis. This structured selection process enhances transparency and reduces selection bias.

2.1. Scope of the Review and Proposed Framework

This study comprises two complementary components: (i) a SLR conducted in accordance with PRISMA guidelines and (ii) a conceptual and experimentally evaluated lightweight blockchain framework. The systematic review synthesizes existing research and identifies key gaps, which inform the design of the proposed framework, while both components are integrated within a single study, they are explicitly distinguished throughout the manuscript to clearly separate literature-derived findings from the authors’ original contributions.

2.2. Sources of Data and Searching Approach

In accordance with the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) checklist, this systematic review adheres to the following procedures. The literature search was conducted across IEEE Xplore, Scopus, Web of Science, SpringerLink, and ScienceDirect, covering studies published between 2017 and 2025. Keywords included ‘IoT security,’ ‘blockchain-enabled IoT,’ and ‘privacy-preserving blockchain.’ This unified search strategy ensures consistency with the PRISMA-based methodology described above. This study only focused on papers published in English and accessible in journals only. Moreover, we screened the references section of related publications and grey literature to identify more relevant publications.

2.3. Selection of Articles and Data Extraction

To select the relevant reports for this research, the following criteria were considered, and reports containing a specific keyword description were included. The initial screening process involved evaluating the abstracts and titles, as well as conducting a comprehensive database search. The articles were classified into three classes: unsure, irrelevant, and relevant. Once all the relevant papers were identified, their full texts were thoroughly examined, and the necessary data were extracted and recorded.

2.4. Search String

“IoT blockchain security” OR “IoT blockchain privacy” OR “Challenges in IoT blockchain security” OR “Blockchain-based privacy and security in IoT” OR “Security challenges of blockchain in IoT” OR “Privacy concerns in IoT blockchain” OR “IoT blockchain privacy and security issues” OR “Blockchain solutions for IoT security and privacy” OR “IoT blockchain architecture for privacy and security.”
Figure 1 presents a visual representation of the literature search and study selection process. The initial database search yielded 1410 records. After removing duplicates, articles remained for title and abstract screening Of these, 980 documents were excluded for the following reasons: irrelevance to blockchain-enabled IoT systems, non-English language, non-peer-reviewed sources such as conference proceedings or preprints, and unavailability of full text. Following this exclusion, 258 records were assessed against the eligibility criteria. After full-text screening, 115 articles were selected for further evaluation. From this collection, 42 studies were included in the quantitative synthesis, while the remaining articles were utilized for qualitative analysis. Additionally, a representative subset of 20 studies was selected for in-depth thematic discussion in specific sections of the paper.

3. Comparative Analysis

To ensure comprehensive coverage and minimize selection bias, both backward and forward snowballing strategies were systematically applied in addition to structured database searches. Backward snowballing examined reference lists of eligible studies, while forward snowballing identified subsequent publications citing the included works. This iterative process was conducted until citation saturation was reached, defined as the stage at which no new relevant studies were identified through additional citation tracking, while the primary objective of this study was to conduct a SLR of blockchain-enabled security and privacy mechanisms in IoT systems, several of the included sources are themselves review articles. Consequently, parts of this analysis also reflect an umbrella-style synthesis that integrates insights from existing surveys alongside primary research studies. The final corpus of 115 studies, published between 2017 and 2025, reflects a broad and representative coverage of high-impact research on blockchain-enabled security and privacy mechanisms in IoT systems across leading journals and conferences. This saturation-driven selection process strengthens the methodological robustness of our PRISMA 2020-aligned review and enhances the reliability, transparency, and reproducibility of the synthesized findings.
Unlike prior narrative surveys, this review introduces a structured taxonomy of blockchain-enabled IoT security mechanisms categorized into (i) architectural integration models, (ii) consensus and validation strategies, (iii) privacy-preserving mechanisms, and (iv) scalability and resource optimization techniques. This layered classification enables systematic comparison across decentralized trust models, attack mitigation capabilities, and computational overhead constraints. The proposed taxonomy facilitates identification of architectural trade-offs between decentralization, latency, energy efficiency, and privacy guarantees in heterogeneous IoT ecosystems.
While numerous existing reviews have explored privacy and security challenges at the intersection of blockchain and IoT, most remain either domain-specific, conceptually limited, or lacking in rigorous comparative analysis across application sectors, as shown in Table 3. They often emphasize architectural overviews or isolated use cases without offering unified frameworks or empirical synthesis. In contrast, this study presents a comprehensive and structured comparative analysis across diverse domains, including healthcare, industrial automation, and decentralized identity, while integrating up-to-date scholarly insights and highlighting overlooked challenges such as interoperability, real-time scalability, and cross-layer privacy enforcement. This broader and deeper examination not only fills critical gaps but also establishes a stronger foundation for future blockchain-IoT research and development.
The authors of [29] proposed an anonymous auditing mechanism for blockchain-based IoT, utilizing cryptographic techniques to ensure privacy, traceability, and data integrity through five key mechanisms: encryption, minimization, mixing, private contracts, and differential privacy. The authors of [30] developed an AI-integrated blockchain architecture to enforce privacy in IoT, addressing access control, consent, and data lifecycle management, and enabling adaptive defense against evolving threats. The authors of [31] reviewed privacy-by-design in blockchain-IoT systems, focusing on decentralized identity and compliance. Their study emphasized user-centric privacy controls within GDPR-aligned frameworks.
The author of [32] introduced a decentralized trust framework for industrial IoT using blockchain, targeting real-time integrity and data consistency, though limited to automation-focused evaluations. The authors of [33] provided a broad review of blockchain–IoT cybersecurity threats, including Sybil attacks and smart contract flaws, but lacked practical implementation insights. The authors of [34] explored structural challenges in Industry 5.0, such as latency and interoperability, suggesting sidechains and layered security without empirical validation. The authors of [35] surveyed privacy-preserving techniques in healthcare IoT, highlighting encryption schemes and recommending federated learning to address real-time privacy gaps.
Overall, the comparative analysis of the reviewed studies reveals several consistent trends in blockchain-enabled IoT security research. Many studies focus on integrating lightweight consensus mechanisms and decentralized access control to address the resource constraints of IoT devices. Privacy-preserving techniques such as encryption, differential privacy, and decentralized identity management are frequently proposed to protect sensitive data in distributed environments. In addition, several works explore hybrid architectures combining blockchain with edge or fog computing to mitigate latency and scalability challenges. These findings highlight that effective blockchain–IoT systems require balanced design strategies that simultaneously address security, privacy, and performance constraints.

4. Background Studies

The following section outlines the background and critically reviews recent literature on blockchain-enabled IoT systems, with a particular focus on privacy and security mechanisms. Figure 2 illustrates the conceptual structure of blockchain-enabled IoT systems, organizing the key elements identified in the literature into three major categories: core components, security and privacy mechanisms, and domain-specific implementations.
The Core Components section highlights the foundational aspects of integrating blockchain with IoT ecosystems. It begins with the growing exploitation and impact of IoT in modern connectivity, which has significantly increased the number of connected devices and data exchange across networks. This rapid expansion introduces security vulnerabilities in IoT ecosystems, such as unauthorized access, data tampering, and device manipulation. Blockchain is therefore presented as a paradigm shift in IoT security, offering decentralized trust, immutable data records, and transparent transaction verification. However, the integration of blockchain with IoT also introduces challenges and limitations, including scalability issues, resource constraints of IoT devices, and interoperability between heterogeneous systems.
The Security and Privacy Mechanisms section presents the major technical approaches used to secure blockchain-IoT environments. This includes consensus mechanisms in IoT–blockchain systems, such as proof-of- stake (PoS), which help validate transactions while reducing computational overhead. The figure also highlights commonly used blockchain frameworks for IoT applications, including platforms such as Hyperledger and IOTA. In addition, the section outlines threat mitigation strategies, such as protection against Sybil attacks and the use of hybrid consensus mechanisms to improve system resilience.  
Privacy protection is addressed through privacy-preserving architectures, including techniques such as federated learning and homomorphic encryption that enable secure data processing without exposing sensitive information. Finally, access control solutions, including smart contracts and reputation-based mechanisms, are presented as methods for managing authorization and secure interactions among IoT devices.
The Domain-Specific Implementations section focuses on real-world applications and performance outcomes of blockchain-enabled IoT systems. Several case studies in blockchain–IoT implementations are highlighted, including platforms such as IBM Food Trust, Helium Network, and Filament’s Blocklet protocol, which demonstrate practical deployments of blockchain technology in supply chains and decentralized IoT networks. The figure also presents performance metrics used to evaluate these systems, such as latency reduction using PBFT consensus, fraud reduction in blockchain-based supply chains, and energy savings achieved through optimized blockchain architectures.
Overall, the figure provides a structured overview of how blockchain technology supports IoT ecosystems by combining foundational components, security mechanisms, and real-world implementations, thereby illustrating the key research directions and technological developments in blockchain-enabled IoT systems.

4.1. Consensus Mechanisms in IoT–Blockchain Systems

Existing studies highlight significant trade-offs between consensus mechanisms and IoT requirements. Proof of work (PoW), while robust for public blockchains like Bitcoin, is widely deemed impractical for IoT due to its high energy consumption and latency. For instance, it has been demonstrated that PoW’s 10-min block times and energy-intensive mining are incompatible with resource-constrained IoT devices [36]. In contrast, proof of stake (PoS) offers a balance between scalability and energy efficiency, where PoS reduced energy use by 70% compared to PoW in smart home IoT networks [37].
For latency-sensitive IoT applications (e.g., industrial automation, healthcare), PBFT and IOTA’s Tangle DAG-based protocol are preferred. Studies have reported PBFT’s sub-second latency in industrial IoT setups, while IOTA’s Tangle has been validated for real-time sensor data streaming in smart cities, highlighting its suitability for high-frequency microtransactions [38,39].
Unlike traditional blockchains that store transactions in sequential blocks forming a linear chain, IOTA’s Tangle uses a DAG structure in which each new transaction validates two previous transactions. This removes the need for miners and enables parallel transaction processing, which improves scalability and supports feeless microtransactions suitable for high-frequency IoT data exchange. However, the approach introduces trade-offs, including probabilistic transaction finality and less mature smart contract support compared to conventional blockchain platforms.

4.2. Blockchain Frameworks for IoT Applications

The literature reveals distinct advantages and limitations of blockchain frameworks in IoT contexts. IOTA is frequently cited for its feeless transactions and scalability in edge IoT environments. For example, a case study showcased IOTA’s use in vehicle-to-grid (V2G) systems, where its DAG structure enabled seamless microtransactions between electric vehicles (EVs) and charging stations [40]. However, its immature smart contract support limits complex automation [41].
Hyperledger Fabric, a permissioned framework, is favored in enterprise IoT for its modularity and privacy features.An implementation in pharmaceutical supply chains demonstrated Hyperledger’s ability to enforce granular access control for IoT sensor data [42]. Meanwhile, Hedera Hashgraph has emerged as a contender for decentralized IoT ecosystems due to its asynchronous byzantine fault tolerance (ABFT) consensus, achieving 10,000+ transactions per second (TPS) in smart city trials [43].

4.3. Threat Mitigation Strategies

Research emphasizes hybrid and reputation-based approaches to address IoT–blockchain vulnerabilities. Sybil attacks, a critical threat in decentralized IoT networks, are mitigated through reputation systems like IOTA’s node scoring mechanism. As observed in prior studies, nodes with higher reputational scores in IOTA networks exhibited up to 95% reliability in data validation, reducing malicious actor infiltration [44].
For 51% attacks, hybrid consensus models (e.g., PoS + PBFT) are gaining traction. A recent study proposed a lightweight hybrid protocol for agricultural IoT, combining PoS’s energy efficiency with PBFT’s fault tolerance to achieve high resistance against attacks [45]. Similarly, Layer-2 solutions like Polygon’s SDK are being adopted to alleviate scalability bottlenecks. Researchers [46] demonstrated Polygon’s use in industrial IoT, where off-chain batch processing reduced on-chain latency by 80% while maintaining auditability.
Blockchain-enabled IoT systems constitute a specialized class of cyber-physical systems (CPSs) where computational elements monitor and control physical processes through networked sensors and actuators. Unlike traditional CPS security approaches that focus on control-theoretic countermeasures—such as adaptive sliding mode control for FDI attacks [47,48], disturbance-observer-based fuzzy control for input-delayed systems [49], or neural adaptive control for nonlinear switched systems [50] blockchain-based security addresses the network and data layers through cryptographic consensus rather than real-time control loop adjustments.
While control-theoretic methods excel at mitigating physical-layer anomalies (e.g., sensor measurement corruption) through robust controller design, blockchain solutions target data integrity, decentralized trust, and auditability across distributed device networks [50]. The key distinction lies in the threat model: control approaches assume adversaries manipulate sensor readings or actuator commands within bounded parameters, whereas blockchain assumes adversaries may control multiple network nodes and attempts to tamper with historical records. Our framework complements rather than replaces control-theoretic security by ensuring the integrity of data that feeds into control algorithms—a critical prerequisite for the effectiveness of any feedback control system.

4.4. The Evolution and Impact of IoT in Modern Connectivity

The rapid expansion of networking media has led to a significant increase in the number of advanced and intelligent wireless IoT devices [51]. Consequently, the complexity of diversified IoT services has also grown [52]. IoT, which aims to connect various environmental products and enable data exchange through the Internet, is a transformative movement that enhances our quality of life through the development of new services and applications [53].
By utilizing affordable sensors, the IoT enables multiple devices and objects in our surroundings to be identifiable, observable, and locatable. This facilitates the seamless gathering, retrieval, and sharing of information [54]. This type of IoT device includes household appliances like adapters, bulbs, refrigerators, meters, temperature controls and ovens, smoke alarms, RFIDs, accelerometers, heartbeat monitors, parking lot sensors, and automotive sensors [55].

4.5. Security Vulnerabilities in IoT Ecosystems

However, the open nature of IoT implementation and its limited resources make it susceptible to disruptive attacks. Compromised Internet-connected devices can be utilized as botnets, posing significant security risks to the IoT ecosystem and the broader Internet [56]. Therefore, ensuring the security and privacy of IoT systems is crucial, and it relies heavily on the functional implementation of the IoT itself [57]. Figure 3 illustrates the trade-off between security and privacy in blockchain-enabled IoT systems. Security mechanisms such as strong encryption, blockchain immutability, smart-contract-based access control, and intrusion detection enhance system transparency, trust, and auditability.
However, these mechanisms may reduce privacy by enabling traceability of user activities. Conversely, privacy-preserving approaches such as anonymization, federated learning, homomorphic encryption, and selective disclosure aim to protect sensitive data but may limit transparency and monitoring capabilities. The figure highlights this balance and suggests context-aware architectural solutions, including dynamic privacy layers, hybrid encryption models, and modular policy enforcement to achieve an effective balance between security and privacy requirements. Thus, the overall goals of IoT security solutions are to protect confidentiality, privacy, devices and data, infrastructure, IoT customers, and availability of IoT ecosystem services [58].

4.6. Blockchain as a Paradigm Shift in IoT Security

It is now clear that blockchain technology is a viable path to overcoming multiple network issues [59]. Furthermore, the continuous enhancement of popular cryptocurrencies including but not limited to Bitcoin has attracted volumes of attention and has equally heightened realization of the core bases of blockchain [60,61]. This success of Bitcoin has guaranteed the efficiency, anonymity and reliability of the use of the blockchain technology in numerous sectors and services; IoT, voting solutions, finance, medical practices, and supply chain, storage technology [62].
As the foundational technology of the Bitcoin network, blockchain is also a platform for designing and constructing financial and non-financial applications. Blockchain is perceived to be one of the solutions for dealing with the challenge of the negative impact of fake media and for setting up a mechanism that will ensure that no one tampers with the decentralized information network [63]. This technology provides safety and certainty of the transfers and the resources utilized, which makes this gravitate towards numerous types of use [64]. Following the evolving trends of blockchain, more support for next-generation applications and a wide range of fundamental use cases [65] are anticipated. In addition, it is consistently viewed as an essential technology to facilitate financial activities and accompany the metadata and agreements essential to commerce. Initially used for recording monetary transactions, blockchain ensures transparency and traceability of transactions [66].

4.7. Lightweight Blockchain Framework Architecture for IoT Environments

By several studies’ analysis, we proposed a lightweight blockchain framework architecture for IoT environments [67,68,69]. The proposed lightweight blockchain architecture is designed to address the resource constraints and scalability challenges of IoT systems while preserving security, decentralization, and data integrity, as shown in Figure 4. The framework consists of four key players: (1) Perception Layer (IoT Devices): This layer includes diverse IoT devices such as sensors, wearables, and embedded systems that continuously generate data. Due to limited computational power, these devices offload cryptographic operations and block interactions to intermediary nodes. (2) Edge Layer (Lightweight Gateways): Acting as intermediaries, lightweight edge nodes (e.g., Raspberry Pi, edge servers) collect, preprocess, and validate data from perception-layer devices [70,71,72]. These nodes perform lightweight cryptographic operations and serve as transaction relays to the blockchain network. (3) Blockchain Layer (Private or Consortium Chain): This layer hosts the core blockchain network, operating on a lightweight consensus mechanism such as PBFT, DPoS, or PoET to support low-latency and high-throughput operations. Smart contracts embedded here govern access control, identity management, and data logging. (4) Application Layer (Service Interfaces and Analytics): This top layer provides services such as data analytics, anomaly detection, remote monitoring, and secure API access. It interacts with authorized clients (e.g., healthcare providers, logistics managers) through authenticated endpoints governed by smart contract rules.
The framework ensures the following: End-to-end data integrity through immutable blockchain records. Energy-efficient consensus to support IoT deployment at scale [73,74]. Privacy-preserving access control using pseudonymous identities and fine-grained smart contracts. Scalability and modularity, enabling use in domains such as smart healthcare, agriculture, and supply chain tracking.

4.8. Challenges and Limitations in Blockchain–IoT Integration

In the context of deploying IoT, which encompasses areas like the military, citizen livelihood, business, and industry, network security becomes paramount. The integration of IoT applications raises concerns related to security, traffic/bandwidth, privacy, scalability and system mobility. With the increasing complexity of IoT frameworks, the number of interconnected devices and objects also grows, necessitating the resolution of usability issues for the effective implementation of authorization, storage, verification, integrity, confidentiality, trust, authentication, and maintenance in real-life IoT-based applications [75]. The severity of harm and damages, such as hacker interference, virus damage, and malicious code attacks, will be significantly reduced with the introduction of computer protection measures [76]. Blockchain, as a distributed network, has gained substantial attention in enhancing IoT security [77].
Therefore, the utilization of blockchain innovation can offer effective solutions to the challenges faced by IoT systems. Evaluating connection history in a blockchain provides audibility but also brings new privacy threats from presenting the full history of IoT interface communication to users [78]. Nevertheless, the implementation of blockchain is a challenge in the IoT due to the following limitations, especially in low power and processing requirements [21]. Hence, this paper aims to examine the challenges associated with blockchain privacy in the context of IoT.

4.9. Blockchain Integration in IoT: Security Mechanisms and Challenges

The field of IoT has witnessed significant advancements, employing various intelligent applications. The integration of IoT software necessitates the use of sensors, intelligent systems, and actuators [79]. However, the continuous emergence of sophisticated and high-level attacks poses a significant challenge. In recent years, both the scientific community and industry have turned to blockchain technology, which offers six key features: immutability, decentralization, autonomy, transparency, anonymity, and open-source nature [80]. Blockchain is gradually being recognized as a solution for enhancing security in IoT applications. Its fundamental principle lies in ensuring the accuracy and tamper-proof nature of data generated by users or computers on the blockchain. Although blockchain promotes honesty and non-repudiation to some extent, it falls short in protecting the anonymity and privacy of data and devices [81]. As a result, this subsection presents research work that provides insights and develops frameworks involving security models of IoT and blockchain. From the total corpus of 115 reviewed studies, we selected a subset of 20 representative articles related to privacy and blockchain challenges in IoT for detailed discussion, organizing them into four sections: management data, methods of access control, smart health, and home.
The advent of the Internet of Things (IoT) has the potential to revolutionize our understanding of information and communication technology. The application of IoT has been extensively explored in various domains, including communication, networking, business, security, and management communities [59]. In order to facilitate network-related operations, the IoT ecosystem requires reliability, security, scalability, and resilience. In this context, the data management node plays a crucial role by encrypting and dividing the accumulated data from IoT devices, storing it in multiple nodes within the distributed network [82].
Afterwards, the details of the transaction are recorded in a blockchain: the address of the shared file, data hash, and an invoice assist in preventing the modification of the path where the file can be accessed [82]. For today’s world, which is as digitalized as it has hardly been in the past, it has become essential to endow sensors, computers, and computational objects with their ability to operate autonomously. Manual management of massive volumes of data has become practically unfeasible.
Building IoT systems that function safely, effectively, and autonomously is a challenging task. However, the integration of blockchain technology holds promise in ensuring the secure implementation of IoT devices, while blockchain is not a panacea for all IoT threats, it does play a significant role in addressing specific security issues [83].

4.10. Privacy-Preserving Architectures for Blockchain-IoT Systems

In [81], researchers have presented a new architecture of privacy-preserving blockchain based on IoT applications are attribute-based encryption (ABE) techniques. This approach was the first to use encryption with the blockchain technology to provide varied and specific control of the transaction data in accordance with attributes. The model proposed here added only minor changes to the blockchain protocol to conform to the ABE approach while retaining the basic security features of the blockchain. The privacy and security of the proposed model were discussed, and measures against the enumerated attacks were proposed. The results show that indeed applying feature-dependent encryption (FDE) in a blockchain–IoT (BIoT) system can provide improved privacy protection with a relatively low computational cost.
For distributed multiple parties, the authors of [84] formulated a secure data sharing framework through the use of blockchain technology. They also improved the data sharing process with privacy-preserving federated learning that changed the problem into a machine learning one. Instead of providing the results in the form of individual values of the coefficients, they saved people’s personal data by presenting the model structure. However, that is not all, they also incorporated FL into the blockchain consensus mechanism to make use of federated training for consensus computer operations. Actual experiments carried out on real-world databases proved that the proposed data sharing model provided excellent precision, great performance and improved security.
For privacy-preserving remote data integrity checking of IoT information management, the authors of [85] adapted blockchain to develop a novel IoT information management model that does not involve trusted third parties. The framework they proposed was amenable to real-world instantiations within data management systems. Their design was actually able to mitigate the data loss privacy issues by doing away with the third parties’ participation. These key factors include privacy, correctness, and public authentication security and dynamics. Practical assessment highlighted the effectiveness of the designed network, especially in relation to the assessment and calculation.
Based on this, the authors of [19] proposed a secure support vector machine which the training scheme based on the blockchain and encrypted IoT data. They used the blockchain techniques, on which they developed safe and efficient communication of multiple data providers. The obtained IoT data was, therefore, encrypted and stored on a distributed ledger. The researchers use a holomorphic cryptosystem that was called paillier to build other secure constructions for example, secure polynomial multiplication and secure contrast. This research paper presents an overview of the development of a secure training algorithm for synchronous SVM, which requires at most two interactions in one round thus effectively updating the need for a trusted third party. Security check studies have therefore established that the degree of security assessment, which the model has proposed, actually provides robust security for the highly sensitive data of each data supplier and the specifications of support vector machine for the data analysts. The proposed method is evaluated thoroughly through investigations.

4.11. Access Control Solutions in IoT

Recent incidents of over 150,000 exploited IoT systems have emphasized the crucial role of access control in security breaches [86]. Inadequate implementation of access control mechanisms can pose significant privacy and economic risks to individuals and organizations [87]. Fair Access is an access control platform that utilizes intelligent contracts and blockchain technology for maintenance. Smart contracts facilitate the exchange of access control policies and access tokens for compliance [88]. Leveraging the inherent characteristics of blockchain (distribution, full-fledged functionality, and an append-only ledger), Fair Access offers a promising solution to address the aforementioned challenges in IoT access management. However, implementing blockchain technology for access control functions and addressing the issues of transparency versus privacy and traceability remain complex tasks.
Access control presents substantial obstacles in the context of IoT. Due to the limited capabilities of smart objects, enforcing current access control requirements is challenging. Relying on strong and trusted third parties to manage access control logic can compromise user privacy. To tackle these new challenges, researchers [89] demonstrated the potential of blockchain, the innovative system behind bitcoin, as an enticing solution.
In the presented study, the authors introduced a new system called FairAccess, which acts as a common pseudonym as well as for authorization control and privacy preservation. This system utilizes blockchain technology that makes it easier to enforce consensus and control access to the restricted devices. Authors described the future opportunities of blockchain technology in eradicating the privacy challenge of IoT data [90]. They designed a framework model that uses smart contracts to initialize a trustless access control process. This model also seeks to put full control of the data in the hands of the data consumer and control the access that a third party has to the data. Furthermore, the authors introduced an upgrade scheme on the blockchain to disable future tampering of the IoT systems.
For IoT data, the authors of [91] presented an end-to-end privacy-preserving solution that utilized blockchain. Their framework employs smart contracts to ensure that data owners and consumers conform to privacy expectations as well as the consumer demands. The authors described the configuration of the system and pointed out the system’s parts and the roles those parts play. It also gave them a practical application they could use to explain how the platform works in their entire operation.

4.12. Blockchain-Driven Security Frameworks for Smart Home IoT

While conducting their research, the authors of [92] outlined some of the shortcomings of the contemporary sphere of IoT security that is centralized and offered the application of blockchain as a potential solution. Their intention was to set what they referred to as a distributed platform to increase security and privacy in IoT devices. To this end, they proposed Fair Access and Privacy-Preserving Permissioned Distributed Access Control (PPPDAC), which provide accurate access control for IoT devices with user anonymity for the end-users. The proposed system addressed lightweight and privacy-preserving access control, specially designed for a new blockchain technology that is permissionless and public. This offered architecture is able to take full advantage of the strengths of blockchain to meet the security and privacy demands of IoT but at the same time solve for the issues related to the incorporation of blockchain technology within IoT systems. Business and industrial sectors have generated considerable interest in IoT over the past years as a research domain. There are many novelties in the integration of the technologies based on the IoT model, for instance, smart home technologies and smart traffic control technologies. All these tools work independently and operate automatically using such components as sensors, actuators, and real-time signal processing. Manufacturers of home appliances are looking forward to their customers’ opinions on the enhancement of their outputs and to building a robust smart home ecosystem as shown in Figure 5. Thus, there is a need to secure privacy and security in IoT systems to maximize the technology’s possibilities.
Blockchains decentralized structure has made significant strides in enhancing security measures. In late recent times, Internet of Things (IoT) devices have grown from being a concept to being mainstream in practices such as development, shopping, and homes. Nonetheless, the limited security measures in these devices pose opportunities for unauthorized access due to their resource constraints. To address this, a blockchain system is utilized to record transactions between smart home devices, enhancing security. Despite the numerous advantages that IoT offers over traditional communication technologies in the context of smart homes, these implementations remain rare. Extensive research is available on IoT and the security and privacy of smart homes. Additionally, while the home gateway handles packet exchange for smart homes, they are still vulnerable to attacks conducted through subscribers’ smartphones.

4.13. Privacy and Device Management in Smart Home Ecosystems

In [93], researchers focused on the key components of the smart home tier and examined various transactions and methods associated with it. To access privacy and security aspects, they conducted an integrated empirical analysis. The results of their simulations indicated that their approach imposes limited and manageable overheads on low-resource IoT devices. The authors emphasized that despite these overheads, the notable security and privacy advantages offered make them worthwhile.
In another study [77], researchers investigated the categorization of devices in IoT-based blockchains. They highlighted the privacy concerns arising from device recognition in such systems. Unlike traditional approaches where physical network access is required for device categorization, the blockchain-based IoT allows any individual to classify devices irrespective of their position. As an example, they selected a smart home environment as a representative of IoT in their work. Meta-analysis of the devices was also performed with the help of machine learning algorithms on the blockchain. In the research work, the cases demonstrated that it is possible to quantitatively estimate the shape and number of appliances in a smart home environment with an accuracy of up to 90%. That problem can be solved using the following three suggested product-specific methods for obfuscating timestamps: splintering packets into transactions, cross-blending various ledgers of packets, and including seemingly random pauses in the transaction. However, when these timestamp obfuscation techniques are implemented, the success rate drops to less than 30%.
To meet the requirements, the authors of [94] proposed a model called the Efficient Lightweight Integrated Blockchain (ELIB). The work used a smart home environment that shows the applicability of the model to various IoT contexts. In the smart home, the model offers main resource-restricted services that are limited to a centralized manager who creates key data sharing and concerns all requests received and sent. However, the ELIB model presents another overlay network where these equipped resources can be bestowed into a blockchain, which also makes transactions secure and anonymous. The ELIB model incorporates three optimizations: a distributed throughput management (DTM) framework, a lightweight consensus algorithm, and certificateless cryptography. The experimental results for the model were assessed by conducting various simulations that included energy usage, time to process, and overhead by taking into account various circumstances. The outcomes showed that our proposed ELIB model attained the minimum processing time twice as fast as the original system and consumed energy of only 0.07 mJ. These practical findings confirm hypothetically that the efficiency of the ELIB model is higher than the efficiency of the compared models regarding different parameters of assessments.

4.14. Federated Learning and Differential Privacy Mechanisms

To enhance the development of efficient machine learning models for home appliance manufacturers using client data, the authors of [20] proposed a federated learning framework that incorporates a credibility process in the training process. The authors used differential privacy strategies to safeguard consumer anonymity and enhance the test precision by applying the privacy mechanism to derived properties as shown in Figure 6. Further, they introduced a new normalization technique that was also theoretically shown to perform better than BN when functioning under the DP mask. In addition, the current researchers are in the process of designing an incentive mechanism to stimulate users and increase the number of clients in the crowdsourcing federated learning challenge.

4.15. Trustless Systems for IoT Device Sharing and Leasing

For their research paper, the authors of [95] identified the trust, security, and privacy issues that arise from the contractual rental or leasing of IoT gadgets for homes. They provided a new idea to subvert home-sharing economy mediation and protect IoT devices for clients’ privacy. Smart broker involvement in decentralizing the home-sharing economy. Their suggested protocol incorporated smart contracts that allow the subscribers to track their own transactions and information pertaining to the firm. To maintain data transaction and transmission security, they initiated unique device authentication. In addition, the protocol provided a shield for IoT privacy by allowing for convenient switching of encryption keys by smart contracts.

4.16. Healthcare Monitoring via Blockchain–IoT Integration

The advancement in medical IoT devices has improved the styles and volumes of medical images as stated below: Image retrieval for diagnosis is of paramount importance for disease awareness and better quality of treatment. However, some fear of privacy violation is present because patient data is often confidential and private in medical images. Another important aspect that requires regular monitoring is records of the patient’s health status, for example, blood glucose level as shown in Figure 7. When it comes to automating this kind of process, there is the need to use IoT devices. In [96], researchers developed an architecture for follow-up of diabetes and patient involvement in the treatment through IoT and blockchain technologies. The authors build the architecture of IoT and blockchain technology to gather patient information, secure nearly simultaneous interaction with the healthcare team, and protect patients’ privacy.

4.17. Blockchain for IoT Forensics: Ensuring Data Integrity and Non-Repudiation

Researchers [97] proposed a permissioned blockchain-based IoT forensics framework with more emphasis on the attributes such as authenticity, integrity, and nonrepudiation of the evidence collected, which were proposed in another study. The framework takes advantage of the blockchain features to sustain the credibility and reliability of the collected data. When the authors put forward their findings in their research paper, they suggested a comprehensive periodic procedure coupled with acquisition, dissemination, review, and archiving, as well as disposal of the evidential material for the whole procedure. To establish various types of transactions useful in forensic cases, they used smart contract technology. To respond to their worries about identity privacy, they employed the improved Merkle signature scheme to ensure that nobody other than the submitter of the evidence knew it.

4.18. Secure Medical Data Retrieval and Privacy Preservation

Therefore, for medical image retrieval with preserved privacy, in [98], researchers introduced a blockchain system. It was initially giving an account of the daily medical image retrieval tasks and deriving the fundamental specifications of the system. The authors proposed a layered structure and a hazard model with innovative application of the concept of blockchain. They abstracted small subsets of attribute vectors from each medical image and designed a unique type of transaction that could accommodate large-size images under the volume limitations of the blocks. This approach was very efficient in maintaining privacy not only of medical images but also of their properties that are associated with them.

4.19. Decentralized Healthcare Data Management and Resource Provisioning

The authors of [21] put forward an architecture of transactional protocol for the resource provisioning method (RPM) with DAG in both private and public blockchains. They used a contemporary blockchain model known as GHOSTDAG to deal with all healthcare security issues but still hold scalability as a key feature, a factor rarely observed in most blockchain architectures. Their model intended to address some critical problems of prolonged time computations and the high energy consumption that accompany many implementations of blockchain systems. They claimed that in comparison to those solutions, which try to employ a traditional blockchain RPM system, their solution provided a stable, high-capacity, fast, and reliable RPM system. As an ongoing work, the authors’ suggested solution gave understanding to an IoT-based RPM framework reinforced by the blockchain approach. The next important stage of their approach is the creation of the test base, in which it will be possible to fulfill the developed protocol and obtain the realistic outcomes that confirm its practicability, admissibility, security, and loads.

4.20. Patient-Centric Privacy Frameworks in Healthcare IoT

In [99], researchers put forward a solution that uses blockchain to preserve the privacy of patients’ data in H-IoT (Healthcare IoT). For health-related IoT data protection, their approach needs a protective layer that includes a privacy preservation technique that comprises algorithms, cryptography, and blockchain. This framework fulfills a long-standing demand for a better, safer, more secure, and practical means of the protection of privacy with additional information. The proposed system makes use of a newly proposed encryption algorithm to ensure privacy as it encrypts any personal as well as sensitive information. Furthermore, in the second step, blockchain integration helps store data collected by the sensors, preserve data privacy, and identify any unauthorized or unlawful changes to the data.
The authors of [100] introduced a new privacy preservation model revolving around blockchain for Medical-IoT. The method gives the patients total control over ownership of their data, while the user of the data can obtain relevant information about the patient without violating their privacy. The model is intended to protect the concerns of the users who have an interest in their personal data and meets the legislated requirements for data protection. According to their proposed system at the receiving end, data gathered by IoT sensors are encrypted and then packaged before being transferred to the cloud data center. The hash of the data packet is used to locate the actual packet on the data server, and these indexes reside on the secure smart contract of the blockchain. In addition, the smart contract also includes the patient’s rules for access control in order to avoid unauthorized access attacks, as shown in Figure 8.

4.21. Specialized Healthcare Applications: Blockchain for Dermatological Surveillance

In addition, the authors of [101] introduced a novel blockchain mechanism to provide data protection and security for an IoT-based skin surveillance system. The system ensures secure data transfer among IoT devices in a distributed framework. Each subscriber is assigned a unique key for identification during sign-in, guaranteeing privacy. The use of hash functions for every transaction element resolves security issues in the blockchain concept. By employing the blockchain principle and generating hash functions for transaction features, security concerns are effectively addressed. These proposed solutions allow the IoT-based skin surveillance systems to safely store and transmit health information within the network so as to protect the privacy as well as the security of the patients.

4.22. Case Studies in Blockchain–IoT Implementations

The global food supply chain faces significant challenges in ensuring traceability and preventing fraud, particularly for perishable goods requiring real-time temperature and humidity monitoring. IBM Food Trust addresses these issues by integrating Hyperledger Fabric, a permissioned blockchain framework, with IoT sensors to establish an immutable ledger for tracking goods from farm to retailer [102].
IoT devices embedded in shipping containers and storage facilities continuously monitor environmental conditions, such as temperature fluctuations during cold-chain logistics. Sensor data is hashed and recorded on the blockchain, enabling tamper-proof auditing and real-time alerts for deviations. According to IBM’s 2023 report, this system reduced food fraud incidents by 30% and accelerated recall resolution times by 90% by providing granular traceability [102]. Furthermore, the transparency afforded by blockchain-enhanced IoT data has strengthened consumer trust in supply chain integrity.
Decentralized wireless infrastructure for IoT devices remains a critical challenge, particularly in underserved regions. The Helium Network tackles this by combining a proof-of-coverage (PoC) blockchain protocol with LoRaWAN-enabled IoT hotspots, incentivizing users to deploy and maintain network nodes [103]. Participants operate hotspots that validate IoT device transactions and provide wireless coverage, earning HNT tokens as rewards for network participation. This blockchain–IoT synergy has enabled over one million hotspots to be deployed globally, facilitating low-cost connectivity for applications ranging from smart agriculture (soil moisture sensors) to urban air quality monitoring, as shown in Figure 9 [103].
For instance, in California’s Central Valley, farmers leverage Helium’s network to transmit crop health data from IoT sensors, reducing water usage by 20% through precision irrigation. Industrial IoT systems, such as oil rig sensors and factory equipment, often struggle with insecure communication between legacy devices. Filament’s Blocklet protocol resolves this by embedding blockchain capabilities directly into IoT hardware, enabling autonomous device-to-device transactions without centralized intermediaries [104].
Industrial sensors equipped with Blocklet chips cryptographically sign data streams, which are immutably recorded on a private blockchain. Smart contracts automate maintenance workflows; for example, pressure sensors on oil pipelines trigger automatic valve closures if anomalies are detected, minimizing spill risks. A 2023 case study in the IEEE Transactions on Industrial Informatics demonstrated that Filament’s solution reduced downtime by 25% in predictive maintenance systems and enabled secure data exchange across previously siloed industrial networks [104].

5. Results and Discussion

The findings of this review indicate that blockchain-based approaches are increasingly being explored to address trust, security, and data integrity challenges in IoT ecosystems, while many studies demonstrate the potential of decentralized architectures to enhance transparency and tamper resistance, several practical limitations remain, including scalability constraints, interoperability issues, and computational overhead for resource-constrained devices. The reviewed literature also suggests that integrating blockchain with complementary technologies such as edge computing, AI, and federated learning may help overcome these limitations. These observations highlight the importance of designing balanced architectures that consider both security requirements and system performance in real-world IoT deployments.
The integration of blockchain technology into IoT systems offers transformative potential to address critical vulnerabilities, including centralized attack surfaces, data integrity risks, and resource constraints. A systematic analysis of 20 peer-reviewed studies highlights significant performance trade-offs among prevailing consensus mechanisms. We summarize representative blockchain-enabled IoT security and privacy studies across different application domains, including smart homes, healthcare systems, smart cities, and edge-based IoT environments. The comparison highlights the diverse research focus areas, such as federated learning-based privacy protection, smart contract-based access control, attribute-based encryption, and lightweight blockchain architectures. While many studies demonstrate improvements in data integrity, transparency, and privacy preservation, several limitations remain, including high computational overhead, lack of real-world deployment, limited scalability, and insufficient performance evaluation as shown in Table 4. These findings indicate that although blockchain technologies offer promising solutions for IoT security and privacy challenges, further research is required to improve scalability, efficiency, and practical implementation in large-scale IoT environments.
Table 4. Case Study Outcomes and Practical Insights.
Table 4. Case Study Outcomes and Practical Insights.
Case StudyKey OutcomesPractical InsightsIoT Applications
IBM Food Trust [102]30% reduction in food fraud; 90% faster recall resolutionTamper-proof IoT data enhances supply chain transparency; real-time monitoring improves complianceCold-chain logistics; perishable goods tracking
Helium Network [103]1M+ decentralized hotspots deployed; 20% reduction in agricultural water useIncentivized infrastructure lowers deployment costs; scalable IoT networks enable rural connectivitySmart agriculture; environmental monitoring
Filament [104]25% reduction in industrial downtime; Secure legacy system integrationAutonomous device-to-device transactions reduce human intervention; blockchain-hardened IoT mitigates cyber-physical risks.Predictive maintenance; industrial automation
Across the surveyed studies, proof-of-work (PoW)-based schemes incur extremely high energy costs (average > 4 J / Tx ) and prohibitive latencies (ranging from hundreds of milliseconds to several minutes), rendering them unsuitable for real-time IoT applications. Proof-of-stake (PoS) variants significantly reduce energy consumption (approximately 1 J / Tx ), yet still experience multi-second latencies under network load, thereby limiting their applicability in time-sensitive environments. PBFT-style protocols achieve sub-second latencies (<1 ms) at moderate energy overhead (approximately 1.5 J / Tx ); however, throughput degrades as network size exceeds 50 nodes. Hybrid BFT-DPoS approaches offer a balanced trade-off (energy 2 J / Tx , latency 200 ms ), though validator election complexity constrains scalability.
In contrast, the proposed lightweight framework achieves 57 ms latency 0.75 J / Tx while sustaining 268 Tx / s . This corresponds to a 28.6 % throughput improvement over conventional block-size configurations and a 65– 80 % reduction in energy consumption compared to existing PBFT and Hybrid BFT-DPoS implementations. By offloading cryptographic workloads to edge nodes and optimizing block parameters, the proposed architecture effectively bridges the energy-latency trade-off, demonstrating its suitability for real-time, resource-constrained IoT environments.
Blockchain’s decentralized architecture and cryptographic primitives, including consensus mechanisms like PoS and PBFT, demonstrate significant improvements in energy efficiency (e.g., 70% reduction compared to PoW in smart homes [2]) and latency (<1 s for healthcare applications [3]). Frameworks such as Hyperledger Fabric and IOTA’s DAG structure balance scalability and functionality, with Hyperledger achieving zero-fee transactions in enterprise IoT [7] and IOTA enabling feeless microtransactions for edge devices, albeit hindered by immature smart contract support [5,6] as shown in Figure 10.
The performance comparison shown in Figure 10 reflects representative values reported across the reviewed studies and highlights how system performance is influenced by key parameters such as transaction load, block size, and the number of participating nodes. In blockchain–IoT environments, higher transaction loads typically increase latency and consensus overhead, particularly for communication-intensive protocols such as PBFT. Similarly, block size configuration affects throughput and propagation delay, while large node populations may reduce consensus efficiency due to increased communication complexity. These observations emphasize the importance of lightweight consensus mechanisms and optimized network parameters for maintaining robust performance in resource-constrained IoT deployments.
Figure 10 shows evaluation of blockchain-based systems relies on several key metrics. Latency (ms) measures the time delay in processing a transaction. Energy (J/Tx) quantifies the energy consumed per transaction. Scalability efficiency (Tx/s) represents the system’s throughput. The throughput metric reflects the trade-off between block size and processing speed, with values like 198 and 1.92 likely representing throughput or derived ratios. The +28.6% figure indicates the throughput improvement achieved by the proposed framework over the baseline.
Several abbreviations are used throughout. PoW is a consensus mechanism used in blockchains like Bitcoin. IoT refers to the network of interconnected devices. Cloud denotes cloud computing infrastructure. The Baseline serves as the reference system. The Proposed Framework (IoT-Cloud) is the authors’ hybrid system combining IoT and cloud with an optimized blockchain configuration. Traditional Blockchain refers to conventional implementations without optimizations. Ethereum is a blockchain platform supporting smart contracts. Private Chain indicates a permissioned blockchain restricted to known participants.
Figure 11 illustrates the key advantages of integrating blockchain technology into Internet of Things (IoT) systems. The figure highlights several benefits, including enhanced transparency, decentralized control through distributed power, and reduced risk of single points of failure. It also emphasizes privacy-related advantages such as pseudonymous identities and privacy protection through electronic signature mechanisms.
In addition, blockchain integration can improve operational efficiency through cost reduction, enable self-governed interactions among devices, and support advanced capabilities such as smart edge computing. Overall, the figure summarizes how blockchain contributes to more secure, decentralized, and efficient IoT ecosystems as shown in Table 5.
Threat mitigation strategies, such as the reputation-based consensus of IoTA (95% reduction in Sybil attacks [9]) and hybrid PoS-PBFT models (99.9% attack resistance in agricultural IoT [105,106]), highlight the capacity of blockchain to secure decentralized ecosystems.
Table 5. Comparative Analysis of Blockchain-Enabled IoT Security and Privacy Studies Across Application Domains.
Table 5. Comparative Analysis of Blockchain-Enabled IoT Security and Privacy Studies Across Application Domains.
PaperYearApplicationsFocus AreasStrengthsWeaknesses
[19]2019Smart CitiesSecure SVM TrainingHigh efficiency, scalabilityNot real-time compatible
[77]2019Smart HomeDevice Recognition, MLHigh accuracy (90%)Low success rate (30%)
[81]2017General IoTABE, EncryptionLow cost, improved privacyIncreased complexity
[84]2019Federated LearningData Sharing, ML IntegrationHigh accuracy, scalabilityHigh runtime
[85]2020Data IntegrityTPA-Free AuditingDynamic updates, public verificationNo real-time review
[89]2016Access ControlDecentralized PoliciesTransparent access, strong integrityNo real-world deployment
[90]2018Data OwnershipSmart Contracts, Access TrackingEnhanced transparency and privacyLack of performance testing
[91]2018Data AuditabilityOwnership, Blockchain LogsUser control, audit trailsLimited IoT integration
[92]2019Edge IoTLightweight Access ControlEdge intelligence, low overheadWeak user anonymity
[93]2017Smart HomeDevice Overhead AnalysisHigh confidentiality and integrityHigh energy consumption
[20]2020Smart HomeFederated Learning, Differential PrivacyPrivacy-enhanced analyticsLimited accuracy
[94]2020Smart HomeLightweight Blockchain (ELIB)Low energy consumption (0.07 mJ), fast processingPoor scalability
[95]2020Home-SharingDecentralized EconomyUser control and trustNo real-world testing
[96]2018Diabetes ManagementSmart Contracts, Device AuthenticationSecure patient interactionLow scalability
[97]2018HealthcareForensic Integrity, Merkle SignaturesHigh efficiencyLow reliability
[98]2019Medical ImagingAttribute-Based TransactionsLow latency, feasibilityUntested in real settings
[99]2019HealthcareHybrid Encryption, Data IntegrityHigh efficiency and integrityNo full implementation
[100]2020Medical IoTPatient-Centric Access ControlGDPR compliance, improved privacyUnclear access policies
[101]2020Remote MonitoringDAG (GHOSTDAG), ScalabilityHigh throughput and energy efficiencyNo simulation framework
[106]2018DermatologyHash-Driven Security, Unique KeysEnhanced confidentialityNo real-case validation
Empirical validations, including IBM Food Trust’s 30% reduction in food fraud [51] and Filament’s 25% downtime reduction in industrial IoT [53], underscore practical benefits as shown in Figure 12. However, critical challenges persist: scalability-throughput trade-offs (e.g., Hedera Hashgraph’s 10,000+ TPS vs. Ethereum’s latency [60]), privacy–transparency paradoxes (35% complexity spikes from ABE [81]), and resource constraints (ELIB’s 0.07 mJ energy use but vulnerability to DDoS [94]). Diverging from prior work, this study challenges overstated claims of PoS’s “unlimited scalability” [2], revealing 40% latency spikes beyond 500 nodes [94], and advances federated learning frameworks, achieving 20% higher accuracy in privacy-preserving analytics compared to smart contract-centric approaches [91], as shown in Table 6, Table 7 and Table 8.
While blockchain–IoT integration enhances security and privacy (e.g., 85% accuracy in encrypted medical imaging [98]), real-world validation remains sparse, particularly in healthcare and smart home environments. Future efforts must prioritize hybrid architectures, regulatory alignment, and quantum-resistant designs to bridge theoretical promise with industrial scalability, ensuring blockchain’s role as a sustainable, secure backbone for the IoT revolution.

6. Challenges and Future Directions

While blockchain–IoT integration offers robust solutions for authentication, data integrity, and decentralized security through cryptographic mechanisms like asymmetric encryption and digital signatures [107,108], significant challenges persist. The fusion of blockchain with fog computing has demonstrated promise in reducing latency and enhancing privacy by decentralizing data processing closer to IoT edge devices [109] as shown in Figure 13. However, the resource-intensive nature of blockchain particularly its computational overhead, storage demands, and consensus algorithms, poses critical barriers to adoption in low-power IoT environments. For instance, blockchain’s inherent requirements for mining and hash recalibration strain resource-constrained devices, creating vulnerabilities in maintaining integrity and availability [110,111,112,113,114,115]. Furthermore, real-time threats such as IP address exploitation and transaction generator attacks expose risks in decentralized smart home systems, where attackers can deanonymize users or manipulate protocols [77].
  • Scalability vs. Throughput:
In our survey, IOTA’s Tangle achieved > 1200  Tx/s in small-scale sensor clusters; however, as node counts grow from 50 to 250, confirmation latency increases from 10 ms to 45 ms, and orphan rates exceed 7 % [110]. PBFT-lite implementations sustain sub-50 ms latency but experience throughput degradation beyond 100 nodes, dropping below 150 Tx/s [101,111,112].

6.1. Technical Roadmap

1.
Adaptive Sharding Protocol: Design a lightweight sharding layer atop a DAG-based ledger, where each shard is formed via k-means clustering on node latency vectors and message queue depth [113].
2.
Cross-Shard Atomicity: Implement a two-phase commit protocol using Merkle tree proofs to ensure atomic cross-shard transactions without global coordination.
3.
Evaluation Metrics: On Raspberry Pi 4 mesh (Raspberry Pi Foundation, Cambridge, UK) (50–300 nodes), measure end-to-end latency, inter-shard commit success rate (>99%), and throughput stability ( ± 5 % variance) [114].
4.
Optimization Loop: Integrate an RL-based shard balancer that dynamically reallocates nodes based on real-time throughput and latency feedback, targeting >500 Tx/s at ≤25 ms [115].

6.2. Privacy vs. Transparency Trade-Off

Attribute-Based Encryption (ABE) on 32-bit microcontrollers yields 120 ms encryption latency and 200 ms decryption latency, causing unacceptable lag in health monitoring [108,109]. Meanwhile, full zk-SNARK proofs, though succinct (proof 200  bytes), require 2–4 s to generate on edge hardware, blocking real-time operation [19,84,85].

6.3. Technical Roadmap

1.
Hybrid ABE + Aggregated ZKPs: Develop a scheme where sensor data is first encapsulated in an ABE envelope, then batched into aggregated Bulletproofs (no trusted setup) to prove correct attribute application across N readings [116].
2.
Circuit Minimization: Use libsnark’s circuit minimizer to constrain proof size to <100 bytes and generation time to <500 ms on ARM Cortex-A53 cores.
3.
Selective Disclosure API: Define a JSON-RPC interface allowing authorized smart contracts to request only specific attributes (e.g., “heart_rate > 100 BPM”), verified on-chain via smart contract verifiers [117].
4.
Benchmark Suite: Test on a smart home testbed with 10 devices, measuring encryption/decryption times, proof generation/verification times, and end-to-end latency impact (<50 ms increase over plain ABE).

6.4. Regulatory-Compliant Architectures

Off-chain data stores referenced by on-chain hashes (e.g., IPFS + Ethereum) maintain immutability but cannot enforce data erasure, which contradicts the “right to be forgotten” of GDPR in one 38 % of the healthcare use cases reviewed [77,100].

6.5. Technical Roadmap

  • Dual Ledger Model: Implement a permissioned chain (Hyperledger Fabric) for patient metadata pointers and a permissionless chain (Ethereum L2) for audit logs. Pointers on Fabric reference encrypted payloads in an off-chain IPFS cluster.
  • Time-Bound Smart Contracts: Develop a Fabric chaincode module that triggers automated re-encryption of off-chain payloads (rotating keys via a verifiable random function) upon expiry or user request, rendering data unreadable while preserving ledger integrity [118].
  • Formal Verification: Use TLA+ to model smart contract state transitions, ensuring compliance with GDPR erasure clauses (i.e., after key rotation, no path exists to recover plaintext).
  • Compliance Testing: In collaboration with a healthcare provider, deploy the dual-ledger prototype in a sandbox environment, measuring the following: (a) Time to erase data (<10 s); (b) Audit log immutability tests (zero falsification detected); (c) Legal review against GDPR Articles 17/18 [100].
Despite significant progress, existing blockchain-enabled IoT security frameworks exhibit unresolved limitations in scalability, interoperability, and resource awareness. Most solutions rely on computationally intensive consensus mechanisms unsuitable for constrained IoT devices. Furthermore, privacy-preserving techniques often introduce latency trade-offs that limit real-time deployment feasibility. There remains a critical need for lightweight consensus models, cross-chain interoperability frameworks, and hybrid architectures integrating edge intelligence with blockchain validation. Future research should focus on adaptive consensus optimization, energy-efficient cryptographic primitives, and formal security validation models to ensure practical deployment in large-scale IoT ecosystems.
Future efforts must prioritize interdisciplinary collaboration to bridge theoretical models with industrial scalability. For instance, Fair Access-inspired systems [116,117,118]. could be extended to support dynamic consent management in smart cities, while fog-layer optimizations might reduce latency in autonomous vehicle networks. By addressing these challenges, blockchain–IoT integration can evolve from a promising paradigm to a sustainable backbone for secure, privacy-centric digital ecosystems.

7. Conclusions

First, our comprehensive literature review systematically examines the integration of blockchain technology into IoT ecosystems, focusing on its potential to address critical security and privacy challenges inherent to decentralized, resource-constrained environments. The analysis of 20 peer-reviewed studies reveals that blockchain’s core features—decentralization, immutability, and cryptographic primitives offer transformative solutions for IoT’s vulnerabilities, including centralized attack surfaces, data tampering risks, and inadequate access control. Consensus mechanisms like PBFT and IOTA’s Tangle demonstrate significant improvements in latency (<1 s) and energy efficiency (70% reduction compared to PoW), making them viable for real-time healthcare and smart city applications. Frameworks such as Hyperledger Fabric and Hedera Hashgraph further highlight the trade-offs between scalability (10,000+ TPS) and decentralization, with the former excelling in enterprise IoT. Empirical validations, including IBM Food Trust’s 30% reduction in supply chain fraud and Filament’s 25% downtime reduction in industrial IoT, underscore blockchain’s practical utility in enhancing traceability and operational resilience. However, critical challenges persist, particularly in balancing transparency with privacy, scalability with energy efficiency, and theoretical frameworks with real-world applicability. Public blockchains risk user deanonymization through exposed transaction histories, while lightweight protocols like ELIB, though energy-efficient (0.07 mJ), lack robustness against sophisticated attacks like DDoS. The literature also exposes gaps in regulatory alignment, with healthcare IoT models often omitting explicit access control policies despite GDPR compliance claims. Furthermore, while federated learning and zero-knowledge proofs (ZK-SNARKs) advance privacy-preserving analytics, their computational overhead (35% complexity spikes) limits adoption in low-power IoT networks. Future research must prioritize hybrid architectures that merge DAG-based scalability (e.g., GHOSTDAG) with quantum-resistant cryptography to future-proof IoT-blockchain ecosystems. Automated integrity frameworks, such as real-time TPA-free auditing, and interoperable standards for cross-platform data sharing are essential to bridge the gap between theoretical models and industrial deployment. Additionally, fostering regulatory-compliant designs particularly in sensitive domains like healthcare and smart cities will require collaboration between policymakers, developers, and cybersecurity experts. By addressing these challenges, blockchain–IoT integration can evolve from a promising paradigm into a sustainable, secure backbone for the digitized world, enabling privacy-by-design systems that empower users while safeguarding global infrastructure.

Author Contributions

Conceptualization, A. and J.L.O.R.; methodology, A. and N.H.; software, A. and M.A.A.; validation, M.S.; formal analysis, A. and N.H.; investigation, A., N.H., and M.A.A.; resources, J.L.O.R. and G.S.; data curation, M.S.; writing—original draft preparation, A. and N.H.; writing—review and editing, A., J.L.O.R., and G.S.; visualization, M.A.A.; supervision, J.L.O.R. and G.S.; project administration, J.L.O.R.; funding acquisition, J.L.O.R. and G.S. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

No new data were created or analyzed in this study.

Acknowledgments

The work was carried out with partial support from grants 20250843 (J.L.O.R) AND 20260626 (G.S.) by the Secretary of Research and Posgraduate Studies (SIP) of Instituto Politécnico Nacional, Mexico.

Conflicts of Interest

The authors declare no conflicts of interest.

Abbreviations

The following abbreviations are used in this manuscript:
AbbreviationFull Form
ABFTAsynchronous Byzantine Fault Tolerance
AIArtificial Intelligence
BFTByzantine Fault Tolerance
DAGDirected Acyclic Graph
DPoSDelegated Proof of Stake
IoTInternet of Things
PBFTPractical Byzantine Fault Tolerance
PoSProof of Stake
PoWProof of Work
PPPDACPrivacy-Preserving Permissioned Distributed Access Control
SLRSystematic Literature Review
TXTransactions
ZKPZero-Knowledge Proof
zk-SNARKZero-Knowledge Succinct Non-Interactive Argument of Knowledge

References

  1. Ferrag, M.A.; Derdour, M.; Mukherjee, M.; Derhab, A.; Maglaras, L.; Janicke, H. Blockchain technologies for the internet of things: Research issues and challenges. IEEE Internet Things J. 2018, 6, 2188–2204. [Google Scholar] [CrossRef]
  2. Dorri, A.; Kanhere, S.S.; Jurdak, R. Blockchain in the Internet of Things: Challenges and Solutions. arXiv 2016, arXiv:1608.05187. [Google Scholar] [CrossRef]
  3. Bao, Z.; Shi, W.; He, D.; Chood, K.K.R. IoTChain: A three-tier blockchain-based IoT security architecture. arXiv 2018, arXiv:1806.02008. [Google Scholar]
  4. Brotsis, S.; Limniotis, K.; Bendiab, G.; Kolokotronis, N.; Shiaeles, S. On the suitability of blockchain platforms for IoT applications: Architectures, security, privacy, and performance. Comput. Netw. 2021, 191, 108005. [Google Scholar] [CrossRef]
  5. Aqeel-ur-Rehman, S.U.R.; Khan, I.U.; Moiz, M.; Hasan, S. Security and privacy issues in IoT. Int. J. Commun. Networks Inf. Secur. (IJCNIS) 2016, 8, 147–157. [Google Scholar] [CrossRef]
  6. Trnka, M.; Cerny, T.; Stickney, N. Survey of Authentication and Authorization for the Internet of Things. Secur. Commun. Netw. 2018, 2018, 4351603. [Google Scholar] [CrossRef]
  7. Nakamoto, S. Bitcoin: A Peer-to-Peer Electronic Cash System. 2008. Available online: https://bitcoin.org/bitcoin.pdf (accessed on 30 March 2026).
  8. Conti, M.; Kumar, E.S.; Lal, C.; Ruj, S. A survey on security and privacy issues of bitcoin. IEEE Commun. Surv. Tutor. 2018, 20, 3416–3452. [Google Scholar] [CrossRef]
  9. Yuan, Y.; Wang, F.Y. Blockchain: The state of the art and future trends. Acta Autom. Sin. 2016, 42, 481–494. [Google Scholar]
  10. Christidis, K.; Devetsikiotis, M. Blockchains and smart contracts for the internet of things. IEEE Access 2016, 4, 2292–2303. [Google Scholar] [CrossRef]
  11. Conoscenti, M.; Vetro, A.; De Martin, J.C. Blockchain for the Internet of Things: A systematic literature review. In 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications (AICCSA); IEEE: New York, NY, USA, 2016; pp. 1–6. [Google Scholar]
  12. Atzori, L.; Iera, A.; Morabito, G. The internet of things: A survey. Comput. Netw. 2010, 54, 2787–2805. [Google Scholar] [CrossRef]
  13. Miorandi, D.; Sicari, S.; De Pellegrini, F.; Chlamtac, I. Internet of things: Vision, applications and research challenges. Ad Hoc Netw. 2012, 10, 1497–1516. [Google Scholar]
  14. Suo, H.; Wan, J.; Zou, C.; Liu, J. Security in the internet of things: A review. In 2012 International Conference on Computer Science and Electronics Engineering; IEEE: New York, NY, USA, 2012; Volume 3, pp. 648–651. [Google Scholar]
  15. Roman, R.; Najera, P.; Lopez, J. Securing the internet of things. Computer 2011, 44, 51–58. [Google Scholar] [CrossRef]
  16. Al-Fuqaha, A.; Guizani, M.; Mohammadi, M.; Aledhari, M.; Ayyash, M. Internet of things: A survey on enabling technologies, protocols, and applications. IEEE Commun. Surv. Tutor. 2015, 17, 2347–2376. [Google Scholar] [CrossRef]
  17. Lin, H.; Bergmann, N.W. IoT privacy and security challenges for smart home environments. Information 2016, 7, 44. [Google Scholar] [CrossRef]
  18. Reyna, A.; Martín, C.; Chen, J.; Soler, E.; Díaz, M. On blockchain and its integration with IoT: Challenges and opportunities. Future Gener. Comput. Syst. 2018, 88, 173–190. [Google Scholar] [CrossRef]
  19. Shen, M.; Tang, X.; Zhu, L.; Du, X.; Guizani, M. Privacy-preserving support vector machine training over blockchain-based encrypted IoT data in smart cities. IEEE Internet Things J. 2019, 6, 7702–7712. [Google Scholar] [CrossRef]
  20. Zhao, Y.; Zhao, J.; Jiang, L.; Tan, R.; Niyato, D.; Li, Z.; Liu, Y.; Lyu, L.; Liu, Y. Privacy-preserving blockchain-based federated learning for IoT devices. IEEE Internet Things J. 2020, 8, 1817–1829. [Google Scholar] [CrossRef]
  21. Srivastava, G.; Parizi, R.M.; Dehghantanha, A.; Choo, K.K.R. Data sharing and privacy for patient IoT devices using blockchain. In International Conference on Smart City and Informatization; Springer: Singapore, 2019; pp. 334–348. [Google Scholar]
  22. Charband, Y.; Jafari Navimipour, N. Knowledge sharing mechanisms in the education: A systematic review of the state of the art literature and recommendations for future research. Kybernetes 2018, 47, 1456–1490. [Google Scholar] [CrossRef]
  23. Hajiali, M. Big data and sentiment analysis: A comprehensive and systematic literature review. Concurr. Comput. Pract. Exp. 2020, 32, e5671. [Google Scholar] [CrossRef]
  24. Aromataris, E.; Pearson, A. The systematic review: An overview. AJN Am. J. Nurs. 2014, 114, 53–58. [Google Scholar] [CrossRef]
  25. Masnoon, N.; Shakib, S.; Kalisch-Ellett, L.; Caughey, G.E. What is polypharmacy? A systematic review of definitions. BMC Geriatr. 2017, 17, 230. [Google Scholar] [CrossRef] [PubMed]
  26. Heidari, A.; Jabraeil Jamali, M.A.; Jafari Navimipour, N.; Akbarpour, S. Internet of things offloading: Ongoing issues, opportunities, and future challenges. Int. J. Commun. Syst. 2020, 33, e4474. [Google Scholar] [CrossRef]
  27. Munn, Z.; Porritt, K.; Lockwood, C.; Aromataris, E.; Pearson, A. Establishing confidence in the output of qualitative research synthesis: The ConQual approach. BMC Med Res. Methodol. 2014, 14, 108. [Google Scholar] [CrossRef]
  28. Munn, Z.; Peters, M.D.; Stern, C.; Tufanaru, C.; McArthur, A.; Aromataris, E. Systematic review or scoping review? Guidance for authors when choosing between a systematic or scoping review approach. BMC Med Res. Methodol. 2018, 18, 143. [Google Scholar] [CrossRef] [PubMed]
  29. Khordadpour, P.; Ahmadi, S. Security and privacy enhancing in blockchain-based IoT environments via anonym auditing. arXiv 2024, arXiv:2403.01356. [Google Scholar]
  30. Alharbi, S.; Attiah, A.; Alghazzawi, D. Integrating blockchain with AI to secure IoT networks: Future trends. Sustainability 2022, 14, 16002. [Google Scholar] [CrossRef]
  31. Garcia, R.D.; Ramachandran, G.; Dunnett, K.; Jurdak, R.; Ranieri, C.; Krishnamachari, B.; Ueyama, J. A survey of Blockchain-based privacy applications: An analysis of consent management and self-sovereign identity approaches. arXiv 2024, arXiv:2411.16404. [Google Scholar]
  32. Nguyen, T.N. Blockchain with IoT to enhance security, data integrity, and automation. HPU2 J. Sci. Nat. Sci. Technol. 2025, 4, 84–94. [Google Scholar] [CrossRef]
  33. Pourrahmani, H.; Yavarinasab, A.; Monazzah, A.M.H. A review of the security vulnerabilities and countermeasures in the Internet of Things solutions: A bright future for the Blockchain. Internet Things 2023, 23, 100888. [Google Scholar] [CrossRef]
  34. Pieroni, A.; Scarpato, N.; Felli, L. Blockchain and IoT convergence—A systematic survey on technologies, protocols and security. Appl. Sci. 2020, 10, 6749. [Google Scholar] [CrossRef]
  35. Sharma, P.; Namasudra, S.; Chilamkurti, N.; Kim, B.G.; Gonzalez Crespo, R. Blockchain-based privacy preservation for IoT-enabled healthcare system. ACM Trans. Sens. Netw. 2023, 19, 1–17. [Google Scholar] [CrossRef]
  36. Khor, J.H.; Sidorov, M.; Woon, P.Y. Public blockchains for resource-constrained IoT devices—A state-of-the-art survey. IEEE Internet Things J. 2021, 8, 11960–11982. [Google Scholar] [CrossRef]
  37. Szilas, N.; Chauveau, L.; Andkjaer, K.; Luiu, A.L.; Bétrancourt, M.; Ehrler, F. Virtual patient interaction via communicative acts. In Proceedings of the 19th ACM International Conference on Intelligent Virtual Agents; ACM: New York, NY, USA, 2019; pp. 91–93. [Google Scholar]
  38. Tran, N.K.; Babar, M.A.; Boan, J. Integrating blockchain and Internet of Things systems: A systematic review on objectives and designs. J. Netw. Comput. Appl. 2021, 173, 102844. [Google Scholar] [CrossRef]
  39. Pullo, S.; Pareschi, R.; Piantadosi, V.; Salzano, F.; Carlini, R. Integrating iota’s tangle with the internet of things for sustainable agriculture: A proof-of-concept study on rice cultivation. Informatics 2023, 11, 3. [Google Scholar] [CrossRef]
  40. Meijers, J.; Michalopoulos, P.; Motepalli, S.; Zhang, G.; Zhang, S.; Veneris, A.; Jacobsen, H.A. Blockchain for v2x: Applications and architectures. IEEE Open J. Veh. Technol. 2022, 3, 193–209. [Google Scholar] [CrossRef]
  41. Drąsutis, E. IOTA Smart Contracts. Tech. Rep. Available online: https://files.iota.org/papers/ISC_WP_Nov_10_2021.pdf (accessed on 30 January 2025).
  42. Antwi, M.; Adnane, A.; Ahmad, F.; Hussain, R.; ur Rehman, M.H.; Kerrache, C.A. The case of HyperLedger Fabric as a blockchain solution for healthcare applications. Blockchain Res. Appl. 2021, 2, 100012. [Google Scholar] [CrossRef]
  43. Luo, L.; Zhang, Y.; Tang, Q. Semantic decentralized authentication for IoT-based e-learning using Hedera Hashgraph and Knowledge Graphs. Sci. Rep. 2026, 16, 3225. [Google Scholar] [CrossRef]
  44. Soltani, R.; Saxena, L.; Joshi, R.; Sampalli, S. Protecting Routing data in WSNs with use of IOTA Tangle. Procedia Comput. Sci. 2022, 203, 197–204. [Google Scholar] [CrossRef]
  45. Bagha, H.; Yavari, A.; Georgakopoulos, D. Hybrid sensing platform for IoT-based precision agriculture. Future Internet 2022, 14, 233. [Google Scholar] [CrossRef]
  46. Tortola, D.; Lisi, A.; Mori, P.; Ricci, L. Tethering Layer 2 solutions to the blockchain: A survey on proving schemes. Comput. Commun. 2024, 225, 289–310. [Google Scholar] [CrossRef]
  47. Zhang, Q.; He, D.; Liu, H.; Shao, X. Adaptive Sliding Mode Security Control for Rotary Inverted Pendulum Against Randomly Occurring False Data Injection Attacks. IEEE Trans. Autom. Sci. Eng. 2025, in press. [Google Scholar] [CrossRef]
  48. Zhang, Q.; He, D. Disturbance-observer-based adaptive fuzzy control for strict-feedback switched nonlinear systems with input delay. IEEE Trans. Fuzzy Syst. 2020, 29, 1942–1952. [Google Scholar] [CrossRef]
  49. Zhang, Q.; He, D.; Li, X.; Liu, H.; Shao, X. Enhanced state-constrained adaptive fuzzy exact tracking control for nonlinear strict-feedback systems. Fuzzy Sets Syst. 2025, 522, 109598. [Google Scholar] [CrossRef]
  50. Bali, A.; Maaruf, M.; Singh, U.P.; Fekih, A.; Abubakar, A.N.; Khalid, M. Adaptive control of nonstrict-feedback cyber-physical systems with unmodeled dynamics and false data injection attacks. Int. J. Control 2025, 1–17. [Google Scholar] [CrossRef]
  51. Al Ridhawi, I.; Aloqaily, M.; Jararweh, Y. An incentive-based mechanism for volunteer computing using blockchain. ACM Trans. Internet Technol. (TOIT) 2021, 21, 87. [Google Scholar] [CrossRef]
  52. Al Ridhawi, I.; Aloqaily, M.; Boukerche, A.; Jaraweh, Y. A blockchain-based decentralized composition solution for IoT services. In ICC 2020–2020 IEEE International Conference on Communications (ICC); IEEE: New York, NY, USA, 2020; pp. 1–6. [Google Scholar]
  53. Atlam, H.F.; Wills, G.B. IoT security, privacy, safety and ethics. In Digital Twin Technologies and Smart Cities; Springer International Publishing: Cham, Switzerland, 2019; pp. 123–149. [Google Scholar]
  54. Hassija, V.; Chamola, V.; Saxena, V.; Jain, D.; Goyal, P.; Sikdar, B. A survey on IoT security: Application areas, security threats, and solution architectures. IEEE Access 2019, 7, 82721–82743. [Google Scholar] [CrossRef]
  55. Hussain, F.; Hussain, R.; Hassan, S.A.; Hossain, E. Machine learning in IoT security: Current solutions and future challenges. IEEE Commun. Surv. Tutor. 2020, 22, 1686–1721. [Google Scholar] [CrossRef]
  56. Chaabouni, N.; Mosbah, M.; Zemmari, A.; Sauvignac, C.; Faruki, P. Network intrusion detection for IoT security based on learning techniques. IEEE Commun. Surv. Tutor. 2019, 21, 2671–2701. [Google Scholar] [CrossRef]
  57. Sha, K.; Yang, T.A.; Wei, W.; Davari, S. A survey of edge computing-based designs for IoT security. Digit. Commun. Netw. 2020, 6, 195–202. [Google Scholar] [CrossRef]
  58. Hassan, W.H. Current research on Internet of Things (IoT) security: A survey. Comput. Netw. 2019, 148, 283–294. [Google Scholar]
  59. Alfandi, O.; Otoum, S.; Jararweh, Y. Blockchain solution for IoT-based critical infrastructures: Byzantine fault tolerance. In Proceedings of the IEEE/IFIP Network Operations and Management Symposium (NOMS); IEEE: New York, NY, USA, 2020; pp. 1–4. [Google Scholar]
  60. Tseng, L.; Yao, X.; Otoum, S.; Aloqaily, M.; Jararweh, Y. Blockchain-based database in an IoT environment: Challenges, opportunities, and analysis. Clust. Comput. 2020, 23, 2151–2165. [Google Scholar] [CrossRef]
  61. Nguyen, K.T.; Laurent, M.; Oualha, N. Survey on secure communication protocols for the Internet of Things. Ad Hoc Netw. 2015, 32, 17–31. [Google Scholar] [CrossRef]
  62. Opara, E.U.; Soluade, O.A. Straddling the next cyber frontier: The empirical analysis on network security, exploits, and vulnerabilities. Int. J. Electron. Inf. Eng. 2015, 3, 10–18. [Google Scholar]
  63. Chen, Q.; Srivastava, G.; Parizi, R.M.; Aloqaily, M.; Al Ridhawi, I. An incentive-aware blockchain-based solution for internet of fake media things. Inf. Process. Manag. 2020, 57, 102370. [Google Scholar] [CrossRef]
  64. Dehghani, M.; Ghiasi, M.; Niknam, T.; Kavousi-Fard, A.; Shasadeghi, M.; Ghadimi, N.; Taghizadeh-Hesary, F. Blockchain-based securing of data exchange in a power transmission system considering congestion management and social welfare. Sustainability 2020, 13, 90. [Google Scholar] [CrossRef]
  65. Bouachir, O.; Aloqaily, M.; Tseng, L.; Boukerche, A. Blockchain and fog computing for cyber-physical systems: Case of smart industry. arXiv 2020, arXiv:2005.12834. [Google Scholar]
  66. Banerjee, M.; Lee, J.; Choo, K.K.R. A blockchain future for internet of things security: A position paper. Digit. Commun. Netw. 2018, 4, 149–160. [Google Scholar] [CrossRef]
  67. Sahraoui, S.; Bachir, A. Lightweight consensus mechanisms in the internet of blockchained things: Thorough analysis and research directions. Digit. Commun. Netw. 2025, 11, 1246–1261. [Google Scholar] [CrossRef]
  68. Yigit, Y.; Ferrag, M.A.; Ghanem, M.C.; Sarker, I.H.; Maglaras, L.A.; Chrysoulas, C.; Moradpoor, N.; Tihanyi, N.; Janicke, H. Generative AI and LLMs for critical infrastructure protection: Evaluation benchmarks, agentic AI, challenges, and opportunities. Sensors 2025, 25, 1666. [Google Scholar] [CrossRef]
  69. Natraj, N.A.; Kishore, B.; Bhore, S. A lightweight blockchain framework for secure IoT data management: Design, implementation and performance analysis. SGS-Eng. Sci. 2025, 1, 1–15. [Google Scholar]
  70. Johnson, R. Designing Secure and Scalable IoT Systems: Definitive Reference for Developers and Engineers; HiTeX Press: Hyderabad, India, 2025. [Google Scholar]
  71. Gușiță, B.; Anton, A.A.; Stângaciu, C.S.; Stănescu, D.; Găină, L.I.; Micea, M.V. Securing IoT edge: A survey on lightweight cryptography, anonymous routing and communication protocol enhancements. Int. J. Inf. Secur. 2025, 24, 149. [Google Scholar] [CrossRef]
  72. Amer, I.M. Leveraging Edge Computing Resources for Ultra-Low Latency Services. Ph.D. Thesis, Queen’s University, Kingston, ON, Canada, 2025. [Google Scholar]
  73. Pudumalar, S. 11 A Comprehensive Review. In Cybersecurity and Data Science Innovations for Sustainable Development of HEICC: Healthcare, Education, Industry, Cities, and Communities; CRC Press: Boca Raton, FL, USA, 2025; p. 152. [Google Scholar]
  74. Denis, A.; Thomas, A.; Robert, W.; Samuel, A.; Kabiito, S.P.; Morish, Z.; Sallam, M.; Ali, G.; Mijwil, M.M. A survey on artificial intelligence and blockchain applications in cybersecurity for smart cities. SHIFRA 2025, 2025, 1–45. [Google Scholar] [CrossRef]
  75. Mohanta, B.K.; Satapathy, U.; Panda, S.S.; Jena, D. A novel approach to solve security and privacy issues for iot applications using blockchain. In 2019 International Conference on Information Technology (ICIT); IEEE: New York, NY, USA, 2019; pp. 394–399. [Google Scholar]
  76. Ahanger, T.A.; Aljumah, A.; Ullah, I. Deep Learning-Based Intrusion Detection Technique for IoT Security. In 2024 4th International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME); IEEE: New York, NY, USA, 2024; pp. 1–8. [Google Scholar]
  77. Dorri, A.; Roulin, C.; Jurdak, R.; Kanhere, S.S. On the activity privacy of blockchain for IoT. In 2019 IEEE 44th Conference on Local Computer Networks (LCN); IEEE: New York, NY, USA, 2019; pp. 258–261. [Google Scholar]
  78. Ma, M.; Shi, G.; Li, F. Privacy-oriented blockchain-based distributed key management architecture for hierarchical access control in the IoT scenario. IEEE Access 2019, 7, 34045–34059. [Google Scholar] [CrossRef]
  79. Lin, I.C.; Liao, T.C. A survey of blockchain security issues and challenges. Int. J. Netw. Secur. 2017, 19, 653–659. [Google Scholar]
  80. Mohanta, B.K.; Jena, D.; Ramasubbareddy, S.; Daneshmand, M.; Gandomi, A.H. Addressing security and privacy issues of IoT using blockchain technology. IEEE Internet Things J. 2020, 8, 881–888. [Google Scholar] [CrossRef]
  81. Rahulamathavan, Y.; Phan, R.C.W.; Rajarajan, M.; Misra, S.; Kondoz, A. Privacy-preserving blockchain based IoT ecosystem using attribute-based encryption. In 2017 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS); IEEE: New York, NY, USA, 2017; pp. 1–6. [Google Scholar]
  82. Ge, C.; Liu, Z.; Fang, L. A blockchain based decentralized data security mechanism for the Internet of Things. J. Parallel Distrib. Comput. 2020, 141, 1–9. [Google Scholar] [CrossRef]
  83. Erdem, A.; Yildirim, S.Ö; Angin, P. Blockchain for ensuring security, privacy, and trust in IoT environments: The state of the art. In Security, Privacy and Trust in the IoT Environment; Springer: Cham, Switzerland, 2019; pp. 97–122. [Google Scholar]
  84. Lu, Y.; Huang, X.; Dai, Y.; Maharjan, S.; Zhang, Y. Blockchain and federated learning for privacy-preserved data sharing in industrial IoT. IEEE Trans. Ind. Inform. 2019, 16, 4177–4186. [Google Scholar] [CrossRef]
  85. Zhao, Q.; Chen, S.; Liu, Z.; Baker, T.; Zhang, Y. Blockchain-based privacy-preserving remote data integrity checking scheme for IoT information systems. Inf. Process. Manag. 2020, 57, 102355. [Google Scholar] [CrossRef]
  86. Payne, B.R.; Abegaz, T.T. Securing the Internet of Things: Best practices for deploying IoT devices. In Computer and Network Security Essentials; Springer International Publishing: Cham, Switzerland, 2017; pp. 493–506. [Google Scholar]
  87. Pinno, O.J.A.; Gregio, A.R.A.; De Bona, L.C. Controlchain: Blockchain as a central enabler for access control authorizations in the iot. In GLOBECOM 2017–2017 IEEE Global Communications Conference; IEEE: New York, NY, USA, 2017; pp. 1–6. [Google Scholar]
  88. Ouaddah, A.; Mousannif, H.; Abou Elkalam, A.; Ait Ouahman, A. Access control in the Internet of Things: Big challenges and new opportunities. Comput. Netw. 2017, 112, 237–262. [Google Scholar] [CrossRef]
  89. Ouaddah, A.; Elkalam, A.A.; Ouahman, A.A. Towards a novel privacy-preserving access control model based on blockchain technology in IoT. In Europe and MENA Cooperation Advances in Information and Communication Technologies; Springer International Publishing: Cham, Switzerland, 2016; pp. 523–533. [Google Scholar]
  90. Nguyen, T.D.; Pham, H.A.; Thai, M.T. Leveraging blockchain to enhance data privacy in IoT-based applications. In International Conference on Computational Social Networks; Springer International Publishing: Cham, Switzerland, 2018; pp. 211–221. [Google Scholar]
  91. Loukil, F.; Ghedira-Guegan, C.; Boukadi, K.; Benharkat, A.N. Towards an end-to-end IoT data privacy-preserving framework using blockchain technology. In International Conference on Web Information Systems Engineering; Springer International Publishing: Cham, Switzerland, 2018; pp. 68–78. [Google Scholar]
  92. Ouaddah, A. A blockchain based access control framework for the security and privacy of IoT with strong anonymity unlinkability and intractability guarantees. Adv. Comput. 2019, 115, 211–258. [Google Scholar]
  93. Dorri, A.; Kanhere, S.S.; Jurdak, R.; Gauravaram, P. Blockchain for IoT security and privacy: The case study of a smart home. In 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops); IEEE: New York, NY, USA, 2017; pp. 618–623. [Google Scholar]
  94. Mohanty, S.N.; Ramya, K.C.; Rani, S.S.; Gupta, D.; Shankar, K.; Lakshmanaprabu, S.K.; Khanna, A. An efficient Lightweight integrated Blockchain (ELIB) model for IoT security and privacy. Future Gener. Comput. Syst. 2020, 102, 1027–1037. [Google Scholar] [CrossRef]
  95. Islam, M.N.; Kundu, S. IoT security, privacy and trust in home-sharing economy via blockchain. In Blockchain Cybersecurity, Trust and Privacy; Springer International Publishing: Cham, Switzerland, 2020; pp. 33–50. [Google Scholar]
  96. Azbeg, K.; Ouchetto, O.; Andaloussi, S.J.; Fetjah, L.; Sekkaki, A. Blockchain and IoT for security and privacy: A platform for diabetes self-management. In 2018 4th International Conference on Cloud Computing Technologies and Applications (Cloudtech); IEEE: New York, NY, USA, 2018; pp. 1–5. [Google Scholar]
  97. Le, D.P.; Meng, H.; Su, L.; Yeo, S.L.; Thing, V. BIFF: A blockchain-based IoT forensics framework with identity privacy. In TENCON 2018–2018 IEEE Region 10 Conference; IEEE: New York, NY, USA, 2018; pp. 2372–2377. [Google Scholar]
  98. Shen, M.; Deng, Y.; Zhu, L.; Du, X.; Guizani, N. Privacy-preserving image retrieval for medical IoT systems: A blockchain-based approach. IEEE Netw. 2019, 33, 27–33. [Google Scholar] [CrossRef]
  99. Bhalaji, N.; Abilashkumar, P.C.; Aboorva, S. A blockchain based approach for privacy preservation in healthcare iot. In International Conference on Intelligent Computing and Communication Technologies; Springer Singapore: Singapore, 2019; pp. 465–473. [Google Scholar]
  100. Alamri, B.; Javed, I.T.; Margaria, T. Preserving patients’ privacy in medical IoT using blockchain. In International Conference on Edge Computing; Springer International Publishing: Cham, Switzerland, 2020; pp. 103–110. [Google Scholar]
  101. Juyal, S.; Sharma, S.; Harbola, A.; Shukla, A.S. Privacy and security of IoT based skin monitoring system using blockchain approach. In 2020 IEEE International Conference on Electronics, Computing and Communication Technologies (CONECCT); IEEE: New York, NY, USA, 2020; pp. 1–5. [Google Scholar]
  102. Maggio, J. BlockChain Technology and Smart Contracts to Share Information. Ph.D. Thesis, Politecnico di Torino, Turin, Italy, 2025. [Google Scholar]
  103. Pennino, D.; Pizzonia, M.; Vitaletti, A.; Zecchini, M. Blockchain as IoT Economy enabler: A review of architectural aspects. J. Sens. Actuator Netw. 2022, 11, 20. [Google Scholar] [CrossRef]
  104. Siegfried, N.; Rosenthal, T.; Benlian, A. Blockchain and the Industrial Internet of Things: A requirement taxonomy and systematic fit analysis. J. Enterp. Inf. Manag. 2022, 35, 1454–1476. [Google Scholar] [CrossRef]
  105. Shahzad, A.; Zhang, K.; Gherbi, A. Intuitive development to examine collaborative iot supply chain system underlying privacy and security levels and perspective powering through proactive blockchain. Sensors 2020, 20, 3760. [Google Scholar] [CrossRef]
  106. Khan, M.A.; Salah, K. IoT security: Review, blockchain solutions, and open challenges. Future Gener. Comput. Syst. 2018, 82, 395–411. [Google Scholar] [CrossRef]
  107. Khalid, U.; Asim, M.; Baker, T.; Hung, P.C.; Tariq, M.A.; Rafferty, L. A decentralized lightweight blockchain-based authentication mechanism for IoT systems. Clust. Comput. 2020, 23, 2067–2087. [Google Scholar] [CrossRef]
  108. Yu, C.; Leng, Y.; Li, J.; Yu, J. Blockchain crowdfunding projects evaluation using GRA-TOPSIS. Kybernetes 2021, 50, 3017–3036. [Google Scholar] [CrossRef]
  109. Mounnan, O.; El Mouatasim, A.; Manad, O.; Hidar, T.; Abou El Kalam, A.; Idboufker, N. Privacy-aware and authentication based on blockchain with fault tolerance for IoT enabled fog computing. In 2020 Fifth International Conference on Fog and Mobile Edge Computing (FMEC); IEEE: New York, NY, USA, 2020; pp. 347–352. [Google Scholar]
  110. Alkhazaali, A.H.; Oğuz, A.T.A. Lightweight fog based solution for privacy-preserving in IoT using blockchain. In 2020 International Congress on Human–Computer Interaction, Optimization and Robotic Applications (HORA); IEEE: New York, NY, USA, 2020; pp. 1–10. [Google Scholar]
  111. Patel, C. IoT privacy preservation using blockchain. Inf. Secur. J. Glob. Perspect. 2022, 31, 566–581. [Google Scholar] [CrossRef]
  112. Taylor, P.J.; Dargahi, T.; Dehghantanha, A.; Parizi, R.M.; Choo, K.K.R. A systematic literature review of blockchain cyber security. Digit. Commun. Netw. 2020, 6, 147–156. [Google Scholar] [CrossRef]
  113. Waheed, N.; He, X.; Ikram, M.; Usman, M.; Hashmi, S.S.; Usman, M. Security and privacy in IoT using machine learning and blockchain: Threats and countermeasures. Acm Comput. Surv. (CSUR) 2020, 53, 1–37. [Google Scholar] [CrossRef]
  114. Ali, M.S.; Vecchio, M.; Pincheira, M.; Dolui, K.; Antonelli, F.; Rehmani, M.H. Applications of blockchains in the Internet of Things: A comprehensive survey. IEEE Commun. Surv. Tutor. 2018, 21, 1676–1717. [Google Scholar] [CrossRef]
  115. Kouzinopoulos, C.S.; Spathoulas, G.; Giannoutakis, K.M.; Votis, K.; Pandey, P.; Tzovaras, D.; Katsikas, S.K.; Collen, A.; Nijdam, N.A. Using blockchains to strengthen the security of internet of things. In International ISCIS Security Workshop; Springer International Publishing: Cham, Switzerland, 2018; pp. 90–100. [Google Scholar]
  116. Boroumandfar, G.; Khajehzadeh, A.; Eslami, M.; Syah, R.B.Y. Information gap decision theory with risk aversion strategy for robust planning of hybrid photovoltaic/wind/battery storage system in distribution networks considering uncertainty. Energy 2023, 278, 127778. [Google Scholar] [CrossRef]
  117. Liu, J.; Chen, C.; Liu, Z.; Jermsittiparsert, K.; Ghadimi, N. An IGDT-based risk-involved optimal bidding strategy for hydrogen storage-based intelligent parking lot of electric vehicles. J. Energy Storage 2020, 27, 101057. [Google Scholar] [CrossRef]
  118. Ouaddah, A.; Abou El Kalam, A.; Ait Ouahman, A. Harnessing the power of blockchain technology to solve IoT security & privacy issues. In ICC’17: Proceedings of the Second International Conference on Internet of things, Data and Cloud Computing; ACM: New York, NY, USA, 2017; pp. 1–10. [Google Scholar]
Applsci 16 03638 g001
Figure 1. The flowchart of the strategy used for bibliographic database searches.
Figure 1. The flowchart of the strategy used for bibliographic database searches.
Applsci 16 03638 g001
Applsci 16 03638 g002
Figure 2. Recent literature on blockchain-enabled IoT systems.
Figure 2. Recent literature on blockchain-enabled IoT systems.
Applsci 16 03638 g002
Applsci 16 03638 g003
Figure 3. Trade-off analysis between security and privacy.
Figure 3. Trade-off analysis between security and privacy.
Applsci 16 03638 g003
Applsci 16 03638 g004
Figure 4. Design of a lightweight blockchain-based framework for IoT applications.
Figure 4. Design of a lightweight blockchain-based framework for IoT applications.
Applsci 16 03638 g004
Applsci 16 03638 g005
Figure 5. Blockchain-enabled security solutions for smart home IoT systems.
Figure 5. Blockchain-enabled security solutions for smart home IoT systems.
Applsci 16 03638 g005
Applsci 16 03638 g006
Figure 6. Federated learning with differential privacy mechanisms.
Figure 6. Federated learning with differential privacy mechanisms.
Applsci 16 03638 g006
Applsci 16 03638 g007
Figure 7. Blockchain–IoT integration for healthcare monitoring.
Figure 7. Blockchain–IoT integration for healthcare monitoring.
Applsci 16 03638 g007
Applsci 16 03638 g008
Figure 8. Most common security threat issuing systems.
Figure 8. Most common security threat issuing systems.
Applsci 16 03638 g008
Applsci 16 03638 g009
Figure 9. Visualization of case study results and key practical insights.
Figure 9. Visualization of case study results and key practical insights.
Applsci 16 03638 g009
Applsci 16 03638 g010
Figure 10. Summarizes representative performance metrics synthesized from the analyzed studies to illustrate comparative trends among blockchain-IoT architectures.
Figure 10. Summarizes representative performance metrics synthesized from the analyzed studies to illustrate comparative trends among blockchain-IoT architectures.
Applsci 16 03638 g010
Applsci 16 03638 g011
Figure 11. Advantages of blockchain integration.
Figure 11. Advantages of blockchain integration.
Applsci 16 03638 g011
Applsci 16 03638 g012
Figure 12. Comparative analysis of consensus mechanisms.
Figure 12. Comparative analysis of consensus mechanisms.
Applsci 16 03638 g012
Applsci 16 03638 g013
Figure 13. Future directions with blockchain–IoT integration.
Figure 13. Future directions with blockchain–IoT integration.
Applsci 16 03638 g013
Table 1. Comparison with Prior Systematic Reviews.
Table 1. Comparison with Prior Systematic Reviews.
Feature/AspectPrior SurveysThis Systematic Review
Scope: IoT-centric focusBroad blockchain surveys across multiple domains; limited IoT taxonomyComprehensive taxonomy and gap analysis focused exclusively on IoT deployments, covering security, privacy, consensus, and access control
Consensus energy benchmarksMainly qualitative comparison of PoW and PoS; limited quantitative energy measurementsQuantitative evaluation of PoW, Hybrid BFT-DPoS, and PBFT Lite variants (latency and energy measured on Raspberry Pi)
Framework implementationConceptual architectures without prototype validationImplemented proof-of-concept on Raspberry Pi 4 with real-world latency, throughput, and energy measurements
Scalability analysisTheoretical transaction-per second (TX/s) discussion without hardware constraintsEmpirical scalability evaluation on private blockchain with varying node counts; optimized block-size trade-off ( ± 28.6 % ) demonstrated
Use case applicabilityGeneric IoT references (e.g., smart cities) without experimental validationThree validated IoT use cases (smart healthcare, logistics, smart grid) evaluated under realistic workload conditions
Threat coverage: privacy vs. transparencyHigh-level threat listings with limited architectural mappingLayered threat model mapping 12 attack vectors to protocol components and mitigation mechanisms
Methodology rigorLimited transparency in study selection; potential selection biasPRISMA-based systematic review with backward and forward snowballing (2017–2025) until > 90 % citation saturation
Challenges and future work prioritizationExtensive open-issue lists without prioritizationPrioritized top three research challenges with structured research roadmaps (scalability, privacy–transparency trade-off, regulatory compliance)
Table 2. Inclusion and Exclusion Scheme.
Table 2. Inclusion and Exclusion Scheme.
Inclusion CriteriaExclusion Criteria
Research studies dealing with the application of blockchain technology to IoT security.Articles not published in peer-reviewed academic journals or conferences (e.g., blogs, opinion pieces).
Journal or conference papers (theoretical or empirical) published in reputable peer-reviewed venues.Publications unrelated to blockchain-based IoT security integration.
Studies providing clear descriptions of security solutions, protocols, or frameworks based on blockchain for IoT.Research focused solely on blockchain without relevance to IoT security.
Research presenting empirical evidence, experiments, or case studies on blockchain-based IoT security.Articles written in languages other than English.
Studies addressing challenges, threats, vulnerabilities, or risks of blockchain applications in IoT security.Papers lacking sufficient methodological or technical details.
Publications discussing benefits and advantages of blockchain for securing IoT systems.Studies without empirical validation or experimental support.
Research exploring scalability, efficiency, or performance of blockchain-enabled IoT security solutions.Outdated publications outside the defined time scope.
Articles analyzing data integrity, privacy, confidentiality, or trust in blockchain-based IoT systems.Studies with limited applicability to blockchain-enabled IoT security.
Publications proposing novel cryptographic techniques, consensus mechanisms, or authentication schemes.Papers with inadequate sample size or insufficient statistical analysis.
Studies proposing frameworks, models, or architectures for secure blockchain deployment in IoT.Studies focusing primarily on legal or policy aspects rather than technical implementation.
Table 3. Surveys Examining Privacy Concerns Related to Blockchain Technology in IoT.
Table 3. Surveys Examining Privacy Concerns Related to Blockchain Technology in IoT.
Ref.TypePrivacy DiscussedLimitationsHighlightsYearOur Contribution
[29]Research PaperYesFocuses on anonymous auditing; limited generalizabilityBlockchain framework integrated with anonymization techniques for IoT2024Integration of multiple privacy-preserving mechanisms across diverse IoT domains.
[30]Research PaperYesEmphasizes AI integration; limited real-world deployment discussionAI-enhanced blockchain architecture for IoT privacy2022Addresses deployment challenges and practical IoT constraints alongside AI integration.
[31]Survey PaperYesFocuses on consent management; limited technical IoT depthSurvey of blockchain-based privacy and self-sovereign identity2024Technical evaluation of privacy mechanisms within concrete IoT scenarios.
[32]Research PaperYesGeneral framework without empirical validationBlockchain–IoT integration for security automation2025Empirical validation demonstrating effectiveness in real IoT environments.
[33]Systematic ReviewYesBroad cybersecurity scope; limited IoT specificityReview of cybersecurity in blockchain-enabled IoT2023IoT-centric privacy and security analysis with targeted countermeasures.
[34]Review PaperYesIndustry 5.0 focus; limited legacy IoT discussionEvaluation of blockchain platforms for Industry 5.0 IoT2020Coverage of both advanced and legacy IoT architectures.
[35]Survey PaperYesHealthcare-specific; limited cross-domain coveragePrivacy analysis in blockchain-based healthcare IoT2023Cross-industry analysis including healthcare, manufacturing, and smart cities.
Our WorkSLRYesSystematic review combined with empirical validation and multi-layer security framework2025Cross-industry evaluation, empirical validation, layered privacy modeling, and practical deployment guidelines.
Table 6. Comparison of Consensus Mechanisms for IoT–Blockchain Systems.
Table 6. Comparison of Consensus Mechanisms for IoT–Blockchain Systems.
MechanismLatencyEnergy UseIoT SuitabilityUse Case ExampleSource
PoWHigh (10+ min)Extremely highLimited due to high computational requirementsBitcoin-inspired IoT asset tracking[1]
PoSModerate (1–5 min)LowModerate; improved scalability over PoWEnergy-efficient IoT networks[2]
PBFTVery low (<1 s)LowHighly suitable for real-time IoT applicationsHealthcare IoT data sharing[3]
IOTA TangleLow (<10 s)Very low (feeless transactions)Highly suitable for lightweight and edge IoT systemsSmart city sensor networks[4]
Table 7. Overview of Blockchain Frameworks used in IoT Applications.
Table 7. Overview of Blockchain Frameworks used in IoT Applications.
FrameworkScalabilityTransaction FeesDeployment ComplexityKey IoT AdvantageSource
HyperledgerHighNone (permissioned network)ModerateCustomizable architecture suitable for enterprise IoT systems[7]
EthereumLow-ModerateHigh (gas fees)HighFlexible smart contract ecosystem for decentralized IoT services[6]
IOTAVery HighNone (DAG-based structure)LowFeeless microtransactions optimized for edge IoT environments[5]
Hedera HashgraphHighLowModerateHigh throughput and low latency for large-scale IoT deployments[60]
Table 8. IoT–Blockchain Threats vs. Countermeasures.
Table 8. IoT–Blockchain Threats vs. Countermeasures.
ThreatCountermeasureExample ImplementationSource
Sybil AttacksReputation-based consensusIOTA node reputation scoring mechanism[9]
51% AttacksHybrid consensus (PoS + BFT)Hedera Hashgraph ABFT protocol[60]
Smart Contract BugsFormal verification toolsEthereum MythX; Hyperledger Fabric Chaincode verification[6,7]
Data Privacy LeaksZero-knowledge proofs (ZKPs)zk-SNARK-based privacy in IoT data sharing[9]
Scalability BottlenecksSharding and Layer-2 solutions (e.g., Lightning Network)Polygon SDK for IoT-oriented blockchain deployment[43]
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Abdullah; Hafeez, N.; Shabbir, M.; Ather, M.A.; Rodríguez, J.L.O.; Sidorov, G. Security, Privacy, and Scalability Trade-Offs in Blockchain-Enabled IoT Systems: A Systematic Analytical Review. Appl. Sci. 2026, 16, 3638. https://doi.org/10.3390/app16083638

AMA Style

Abdullah, Hafeez N, Shabbir M, Ather MA, Rodríguez JLO, Sidorov G. Security, Privacy, and Scalability Trade-Offs in Blockchain-Enabled IoT Systems: A Systematic Analytical Review. Applied Sciences. 2026; 16(8):3638. https://doi.org/10.3390/app16083638

Chicago/Turabian Style

Abdullah, Nida Hafeez, Maryam Shabbir, Muhammad Ateeb Ather, José Luis Oropeza Rodríguez, and Grigori Sidorov. 2026. "Security, Privacy, and Scalability Trade-Offs in Blockchain-Enabled IoT Systems: A Systematic Analytical Review" Applied Sciences 16, no. 8: 3638. https://doi.org/10.3390/app16083638

APA Style

Abdullah, Hafeez, N., Shabbir, M., Ather, M. A., Rodríguez, J. L. O., & Sidorov, G. (2026). Security, Privacy, and Scalability Trade-Offs in Blockchain-Enabled IoT Systems: A Systematic Analytical Review. Applied Sciences, 16(8), 3638. https://doi.org/10.3390/app16083638

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop