# Cybersecurity in a Scalable Smart City Framework Using Blockchain and Federated Learning for Internet of Things (IoT)

^{1}

^{2}

^{3}

^{4}

^{5}

^{*}

## Abstract

**:**

## Highlights

**What are the main findings?**

- Implementation of blockchain enhances the security and scalability of smart city frameworks.
- Federated Learning enables efficient and privacy-preserving data sharing among IoT devices.

**What are the implications of the main finding?**

- The proposed framework significantly reduces the risk of data breaches in smart city infrastructures.
- Improved data privacy and security can foster greater adoption of IoT technologies in urban environments.

## Abstract

## 1. Introduction

**Framework Design**: The BFLIoT framework represents the first comprehensive integration of blockchain and federated learning, addressing the unique security and scalability challenges of smart city IoT systems. The framework’s security is underpinned by a foundational proof based on the intractability of the Discrete Logarithm (DL) problem, which demonstrates its robustness against sophisticated cyber threats.**Comprehensive Performance Analysis**: Extensive simulations are conducted to evaluate the framework’s performance across various smart city applications, focusing on key metrics of Quality of Service (QoS) such as throughput, reliability, and energy consumption. This analysis provides valuable insights into the practical viability of the BFLIoT framework in real-world scenarios.**Scalable and Efficient Data Processing**: The method optimizes the placement and operation of EC devices, enabling efficient local data processing and reducing the reliance on central servers. This scalability is crucial for handling the large data volumes typical of smart city environments, ensuring that the system maintains real-time processing capabilities.**Advanced Anomaly Detection Framework**: The framework includes a dynamic anomaly detection system that adapts to evolving data patterns. The globally refined model from FL enhances the accuracy of detecting irregularities and potential security threats, improving the overall security and reliability of smart city operations.**Formal Security Verification**: The BFLIoT protocol’s security is thoroughly verified using ProVerif, a tool for the formal verification of cryptographic protocols. This formal analysis confirms the framework’s resilience against a wide range of cyber threats, establishing a high level of confidence in its security architecture.

**version**2.05). Section 6 focuses on the performance analysis, detailing the simulation setup and its findings. Finally, Section 7 concludes the paper and suggests directions for future research.

## 2. Literature Review

#### 2.1. Evolution of IoT Security Challenges

#### 2.2. Blockchain and AI in IoT Security: A Review of Recent Studies

#### 2.3. Common Challenges and Strategic Gaps Identified across Studies

**Scalability and Efficiency:**The exponential growth of IoT networks—comprising billions of interconnected devices—has led to significant increases in data generation and transaction volumes. Traditional blockchain frameworks, particularly those relying on proof-of-work (PoW) mechanisms [30], struggle to handle this scale. Solutions like the SC-CAAC scheme [26] and the BHIIoT approach [32], while innovative, suffer from scalability bottlenecks, which result in delayed transactions and increased operational costs. These delays compromise the real-time functionality required by smart city applications, ultimately negating some of blockchain’s core advantages, such as decentralization and transparency. The inability of current frameworks to efficiently scale for large, real-time IoT environments exposes a critical knowledge gap—the need for new architectures or consensus mechanisms that can handle large-scale IoT systems without compromising performance.

**Complexity and Implementation Hurdles:**Integrating blockchain into IoT networks introduces a high degree of complexity, particularly when combined with advanced technologies like ML and encryption. Solutions that aim to integrate these technologies often demand a robust technical infrastructure and require expertise in multiple domains. This creates a substantial barrier to entry, particularly in settings with limited resources. For instance, the BHIIoT framework [32], while addressing scalability, suffers from complexity in terms of deployment and ongoing management. This complexity makes it harder to use these solutions in real-world situations and slows down their wider adoption. The lack of simple and efficient frameworks shows the need for solutions that make it easier to set up and manage blockchain and IoT technologies.

**Resource Constraints:**IoT devices typically have limited processing power, memory, and energy resources, which make it challenging to directly implement blockchain solutions. For instance, systems like privacy-preserving logistics IoT [29] demonstrate how blockchain’s cryptographic processes and ledger maintenance tasks can overwhelm IoT devices, leading to high energy consumption and computational demands. Although alternatives such as off-chain processing or lighter protocols have been proposed, they often come at the cost of reduced security or loss of blockchain’s core benefits, such as immutability and transparency. This gap between the theoretical advantages of blockchain and its practical limitations in resource-constrained environments reveals the need for new solutions that can maintain security and efficiency while minimizing resource demands.

**Interoperability and Standardization:**The lack of interoperability between various blockchain platforms and IoT protocols presents another significant challenge. The heterogeneity of IoT devices and protocols, combined with the fragmented landscape of blockchain technologies, makes it difficult to achieve seamless communication across different systems. Existing frameworks, such as the BLISS security system [30], fail to fully address the need for standardized protocols and interfaces that would enable efficient cross-platform integration. This issue becomes particularly acute in large-scale IoT environments where diverse devices need to securely and efficiently share data. The absence of a unified framework that supports diverse IoT and blockchain technologies highlights a pressing need for solutions that promote interoperability and standardization.

## 3. Problem Statement

#### 3.1. BFLIoT Framework and Segmentation

**Privacy Preservation:**By keeping data local to the IoT devices, FL significantly enhances privacy. Sensitive data, such as personal or public movement patterns, is never transmitted to a central server, reducing the risk of data breaches and enhancing trust in the system.**Scalability:**With thousands of IoT devices continuously generating data, centralized systems would face significant challenges in handling this volume of information. FL decentralizes computation, minimizing the need for extensive server resources and allowing the system to scale effectively in large smart city environments.**Real-Time Anomaly Detection:**The BFLIoT framework is designed to adapt to changing conditions within the city. FL facilitates real-time updates to anomaly detection models, allowing the system to continuously improve its ability to detect cyber threats or system failures without compromising security.

**Decentralized Data Storage and Integrity:**Blockchain stores encrypted data and FL model updates in an immutable, distributed ledger. Each IoT device contributes to the ledger by adding blocks containing encrypted data or model parameters. The distributed nature of Blockchain ensures that no single point of failure exists, enhancing the system’s fault tolerance and security.**Tamper-Resistant and Transparent Transactions:**By using Blockchain, the BFLIoT framework guarantees that once data or model updates are recorded, they cannot be altered or tampered with. This immutability is critical for securing sensitive data and ensuring that any malicious attempt to manipulate the system would be detectable by the decentralized network of nodes.**Secure Data Sharing through Smart Contracts:**Blockchain’s smart contracts are leveraged to manage access control and automate data sharing across IoT devices. Smart contracts allow for automated execution of predefined rules, such as determining which entities can access certain data or model updates without relying on intermediaries. This automation not only ensures security but also improves system efficiency by reducing the need for manual intervention.**Validation of FL Updates:**Blockchain serves as the validation mechanism for FL model updates. Before updates are aggregated into the global model, they are verified and added to the Blockchain ledger, ensuring that only valid, secure contributions from authenticated devices are incorporated. This guarantees the trustworthiness of the learning process, preventing malicious data injections or model poisoning attacks.

#### 3.2. Why Blockchain over Traditional Encryption (e.g., HTTPS)?

**Immutability and Data Integrity:**Traditional encryption methods like HTTPS secure data by encrypting it during transmission and storage, ensuring it is inaccessible to unauthorized parties. However, once the data reaches its destination, there is no built-in mechanism to prevent it from being altered or tampered with. Blockchain, on the other hand, provides an immutable ledger, meaning once data is recorded in a block, it cannot be altered or deleted without being detected. This ensures data integrity over time, making it especially valuable in environments where the authenticity and accuracy of data are paramount.

**Blockchain Advantage:**Blockchain guarantees immutability, ensuring that all transactions and data entries are tamper-proof and verifiable. This provides a level of trust and security that traditional encryption methods do not inherently offer.

**Decentralization and Trust lessness:**HTTPS relies on centralized servers to manage encryption keys and validate data exchanges. This creates single points of failure and requires trust in the central authority managing the server. In contrast, Blockchain is a decentralized system where multiple nodes in the network participate in validating transactions. This trustless environment ensures that no single entity has control over the data, and the system can continue to operate even if some nodes fail or are compromised.

**Blockchain Advantage:**The decentralized nature of Blockchain removes reliance on any single trusted party, providing greater resilience against failures and attacks and making the system more robust and reliable in a large-scale IoT environment.

**Tamper-Resistant and Transparent Data:**Encryption alone does not provide mechanisms for auditing or ensuring transparency. HTTPS can secure data during transmission, but it does not offer a method to track or verify the history of data once it has been exchanged. Blockchain’s distributed ledger records every transaction in a transparent and traceable manner. Each transaction is linked to the previous one, creating a chronological chain of records that can be audited at any time, ensuring accountability.

**Blockchain Advantage:**Blockchain provides real-time transparency and traceability, allowing any participant to audit the history of data and ensure that no unauthorized changes have been made. This is particularly important in smart city IoT systems, where regulatory compliance and data accountability are critical.

**Consensus-Based Validation:**With HTTPS, while data is encrypted during transmission, it is up to the central server or authority to verify the validity of the data. This can lead to vulnerabilities if the central server is compromised. Blockchain uses a consensus mechanism (such as Proof-of-Stake) to validate transactions before they are recorded. This ensures that only valid, authenticated data is added to the Blockchain, providing a much stronger validation process than simple encryption.

**Blockchain Advantage:**The consensus mechanisms in Blockchain ensure that all data added to the ledger is verified and trusted, preventing malicious actors from injecting false or harmful data into the system.

**Smart Contracts for Automated Access Control:**Traditional encryption methods like HTTPS do not offer automated mechanisms for controlling how and when data is accessed. Blockchain enables the use of smart contracts, which are self-executing pieces of code that can enforce rules and policies. These smart contracts can automatically grant or deny access to data based on predefined conditions, ensuring secure, automated data management without the need for manual intervention.

**Blockchain Advantage:**Smart contracts provide a higher level of automation and security in managing data access, reducing human errors, and increasing the overall efficiency of the system. They also help in enforcing security policies dynamically.

#### 3.3. Mathematical Formulation for QoS in BFLIoT Systems

**Data throughput:**In the context of the IoT, throughput refers to the efficiency and speed at which transactions and data exchanges are processed within the network, which is crucial for maintaining real-time learning and decision-making capabilities across a vast array of connected devices. Equation (11) defines the throughput:

- $\tau $: Represents the throughput of the system, typically measured as the amount of data processed per unit of time.
- ${\sum}_{i=1}^{n}|{d}_{i}|$: represents the summation of the absolute values of data $({d}_{i})$ processed, from $i=1$ to $n$, where $i$ indexes each data transaction or piece of data processed, and $n$ is the total number of transactions or data pieces processed in the given period.
- $T$: Represents the total period over which the throughput is measured. This could be in seconds, minutes, hours, etc., depending on the context of the measurement.

**Energy efficiency:**In a blockchain-integrated FL framework for the IoT, managing energy consumption involves optimizing computational processes, communication protocols, and data handling to ensure the system’s sustainability, efficiency, and cost-effectiveness despite the inherent challenges posed by the diversity and energy limitations of IoT devices. We define energy efficiency as the ratio between the consumed energy (E

_{c}) and the total quantity of data processed, as expressed by Equation (12):

**Reliability:**In the context of the IoT, it represents the system’s ability to operate correctly and consistently over time without failures. This metric is crucial in distributed networks where consistent operation is vital for data integrity, user trust, and overall system performance. Equation (13) defines the reliability:

- $R$ stands for the system’s reliability over time, indicating the probability of failure-free operation throughout a specific period t.
- $\lambda $ represents the failure rate of the system, which quantifies the frequency of failures per unit of time. A lower failure rate corresponds to higher reliability.

**Latency:**Latency, in the context of networked systems, typically shows the time necessary for a data packet to travel from its source to its destination. In the framework of a secure and scalable blockchain-integrated framework for FL across the Internet of Things (IoT), latency is a critical metric that can significantly impact the overall performance and responsiveness of the system. The equation for latency can be represented as follows:

- $LT$ denotes the latency, measured as the total time taken for a data transaction.
- $D$ represents the distance traveled by the data packet, which can be the physical distance between devices in an IoT environment.
- $S$ is the speed of the data transmission, which can be influenced by the medium of transmission (e.g., fiber optics, wireless) and the bandwidth of the network.
- $P$ accounts for the processing time required at each node the data packet encounters, including delays introduced by routing decisions, data processing, and any queuing that may occur within the network infrastructure or the blockchain system itself.

## 4. Proposed Method

**Step 1: Data Collection and Processing**

**Step 2: Cryptographic Foundations**

- The choice of a bilinear map $e$ a pairing function over cryptographic groups $G$ and ${G}_{T}$, along with the choice of a prime number $q$, underpins the robustness of our encryption scheme, enabling secure interactions within the framework. Additionally, specifying four secure hash functions for distinct aspects of the encryption process further tailors our cryptographic measures to address diverse security requirements, ensuring comprehensive data protection across the IoT infrastructure.
- The allocation of hash functions within our cryptographic framework plays an important role in enhancing data security and integrity. Four secure hash functions are defined for their specific roles in the encryption process:
- ○
- ${H}_{1}:{(0,1)}^{\ast}\to {\mathbb{Z}}_{q}^{\ast}$ maps binary strings to integers within ${\mathbb{Z}}_{q}^{\ast}$, facilitating secure numerical operations.
- ○
- ${H}_{2}:{(0,1)}^{\ast}\to G$ transforms binary strings into elements of the cryptographic group $G$, ensuring that data can be securely embedded within this group.
- ○
- ${H}_{3}:{G}_{T}\to {(0,1)}^{\ast}$ performs the inverse operation, converting group elements back into binary strings, which is essential for data retrieval and processing.
- ○
- ${H}_{4}:{(0,1)}^{\ast}\to {(0,1)}^{\ast}$ is designed to maintain data integrity, providing a reliable mechanism for verifying the unaltered state of data throughout the encryption and decryption processes.

**Step 3: Integration and Secure Operation of EC**

**Step 4: Federated Learning on Encrypted Data**

**Step 5: Secure Handling of Gradients**

**Step 6: Global Model Update and Deployment**

**Step 7: Anomaly Detection Framework**

**Step 8: Enhancing Federated Learning**

**Step 9: Consensus Mechanism and Model Integration**

**Step 10: Advanced Model Deployment and Data Decryption**

Algorithm 1: Proposed Method for a single node |

Input: Collection of IoT Devices D, Set of Edge Computing Devices EC, Data Authorization Center (DAC)Output: Securely processed data with high Quality of Service (QoS)01: > Cryptographic Setup for DAC 02: if DAC. Setup Complete () == False then 03: DAC. Initialize Cryptographic Parameters() 04: for each hash Function in (H1, H2, H3, H4) do 05: DAC. Configure (hash Function) 06: end for 07: DAC. Generate Public Key () 08: end if 09: 10: > Data Processing for Each IoT Device (Single Node) 11: for each device in D do 12: if device. HasData () then 13: Raw Data = device. Collect Data () 14: Normalized Data = Normalize Data (Raw Data) 15: Encrypted Data = Encrypt Data(Normalized Data, DAC. PublicKey) 16: Blockchain. Store(Encrypted Data) 17: else 18: Continue 19: end if 20: end for 21: 22: > Integration and Secure Operation of Edge Computing Devices (EC) 23: for each EC_device in EC do 24: if EC_device. Is Registered With(DAC) == False then 25: ECID = EC_device. Generate Unique Identifier() 26: EC_device.Register(ECID, DAC) 27: end if 28: Key Pair = DAC. Generate Secure Key For (EC_device) 29: EC.Store Key Pair(Key Pair) 30: end for 31: 32: > Federated Learning on Encrypted Data 33: GM = Initialize Global Model() 34: for Round = 1 to Number Of Rounds do 35: Local Models = [] 36: for each EC_device in EC do 37: Encrypted Data = EC_device. Fetch Encrypted Data From Blockchain() 38: if EncryptedData != None then 39: Local Model = EC_device. TrainModel On Encrypted Data() 40: Local Models. Append (Local Model) 41: end if 42: end for 43: GM = Aggregate Models (Local Models) 44: end for 45: 46: > Secure Handling of Gradients 47: for each EC_device in EC do 48: Gradients = EC_device. Compute Encrypted Gradients() 49: if Gradients. Is Valid() then 50: Secure Gradients = Encrypt(Gradients, PublicKey_FL) 51: Blockchain. Store (Secure Gradients) 52: end if 53: end for 54: Aggregated Gradients = Aggregate Encrypted Gradients From Blockchain() 55: GM = Update Global Model (GM, Aggregated Gradients) 56: 57: > Anomaly Detection Framework 58: for each EC_device in EC do 59: Encrypted Data = EC_device. Fetch Encrypted Data From Blockchain() 60: Decrypted Data = Decrypt(Encrypted Data, EC_device. Private Key) 61: Anomalies = Detect Anomalies (Decrypted Data, GM) 62: EC_device. Report Anomalies(Anomalies) 63: end for 64: 65: > Consensus on Model Updates and Blockchain Integration 66: if Reach Consensus On (GM) then 67: Blockchain. Update Global Model(GM) 68: else 69: Log Error(“Consensus not reached”) 70: end if 71: 72: > Advanced Model Deployment and Data Decryption 73: for each EC_device in EC do 74: Deploy (GlobalModel_new, EC_device) 75: Encrypted Data = EC_device. Retrieve Encrypted Data() 76: if Verify Integrity (Encrypted Data) then 77: Decrypted Data = Decrypt (Encrypted Data, EC_device. Private Key) 78: EC_device. Process Data (Decrypted Data) 79: end if 80: end for |

## 5. Security Proof with Enhanced Mathematical Rigor

#### 5.1. Encryption Scheme and Security

**Key Generation**

**Semantic Security Indistinguishability under chosen-plaintext attack (IND-CPA)**

**Reduction to DL Problem**

- Eventually, $\mathcal{A}$ outputs a guess for the encryption of ${m}_{0}$ or ${m}_{1}$. Since $\mathcal{B}$ can simulate the encryption oracle without knowing $s$ (only using ${g}^{x}$), any advantage $\mathcal{A}$ has in distinguishing the encryptions directly translates into $\mathcal{B}$’s ability to compute ${g}^{x}$.
- If $\mathcal{A}$ succeeds with a non-negligible advantage, $\mathcal{B}$ uses this advantage to solve the DL problem, contradicting our assumption that the DL problem is hard.

**Random Oracle Model**

**Security Argument**

**Federated Learning and Differential Privacy**

**Blockchain Integration and PoW**

#### 5.2. Security Analysis

**Confidentiality of Data Transmission and Storage**

**Robust Access Control Mechanism**

**Anonymity Through Pseudonyms**

**Unlinkability of Device Requests**

**Replay Attack Resistance**

**Modification Attack Resistance**

**Impersonation Attack Resistance**

#### 5.3. Formal Analysis Using ProVerif

- (1)
- Query not attacker(s) is true.
- (2)
- Query not attacker(lsk(i)) is true.
- (3)
- Query not attacker(lpk(i)) is true.
- (4)
- Query not attacker(ask(i)) is true.
- (5)
- Query not attacker(lsesb(i)) is true.
- (6)
- Query not attacker(lskb(i)) is true.
- (7)
- Query not attacker(m(i)) is true.
- (8)
- Non-interference RIDi is true.
- (9)
- Query inj-event(endES_Veri) ==> ==> inj-event(endSDi_Sig) is true.

## 6. Performance Analysis

#### Performance Evaluation

**Initial Configuration:**

- Encryption time ${T}_{\mathrm{e}\mathrm{n}\mathrm{c}}$ is calculated as $6{T}_{m}+{T}_{e}+6{T}_{h}+2{T}_{a}\approx 38.789$ ms. This calculation includes the time to process six messages, perform basic encryption, hash six times, and authenticate twice.
- Re-encryption time ${T}_{\mathrm{r}\mathrm{e}-\mathrm{e}\mathrm{n}\mathrm{c}}$ = $3{T}_{bp}+{T}_{m}+2{T}_{gtmul}\approx 38.451$ ms. Proxy re-encryption uses three base proxy operations, message processing, and two group theory-based multiplications.
- Decryption time ${T}_{\mathrm{d}\mathrm{e}\mathrm{c}}$ is $4{T}_{bp}+(n+3){T}_{m}+{T}_{mtp}+4{T}_{gtmul}+3{T}_{h}+(n+1){T}_{a}\approx 325.895$ ms. Decryption involves multiple base proxy operations, message processing, message-to-proxy conversion, several group theory-based multiplications, hashing, and authentication steps. Here, n refers to the number of messages being decrypted, adding complexity to the process.

**Second Configuration:**

- Re-encryption time ${T}_{\mathrm{r}\mathrm{e}-\mathrm{e}\mathrm{n}\mathrm{c}}$ is $2{T}_{bp}+{T}_{e}+2{T}_{m}+{T}_{gtmul}\approx 38.091$ ms. This process reduces the number of base proxy operations from three to two. It also adjusts encryption time and message processing to optimize the re-encryption time.
- Decryption time ${T}_{\mathrm{d}\mathrm{e}\mathrm{c}}$ is $2{T}_{bp}+{T}_{gtmul}\approx 108.874$ ms. Decryption in this configuration is simplified, involving only two base proxy operations and one group theory-based multiplication. This results in a much faster decryption time compared to the initial configuration.

**Third Configuration:**

- Encryption time ${T}_{\mathrm{e}\mathrm{n}\mathrm{c}}$ is ${T}_{m}+{T}_{h}+{T}_{gtmul}\approx 5.651$ ms. The encryption process is highly optimized, with minimal message processing, one hashing operation, and one group theory-based multiplication, resulting in a much faster encryption time.
- Re-encryption Time ${T}_{\mathrm{r}\mathrm{e}-\mathrm{e}\mathrm{n}\mathrm{c}}$ is $2{T}_{bp}+3{T}_{m}+2{T}_{e}+{T}_{h}+{T}_{a}+2{T}_{gtmul}\approx 48.723$ ms. Although encryption is faster, re-encryption remains more complex, involving two base proxy operations, three message processing steps, two encryption operations, one hashing operation, one authentication step, and two group theory-based multiplications.
- Decryption time ${T}_{\mathrm{d}\mathrm{e}\mathrm{c}}$ is $2{T}_{bp}+{T}_{mtp}+2{T}_{gtmul}\approx 112.276$ ms.

**Degraded Configuration 1:**

- Encryption time ${T}_{\mathrm{e}\mathrm{n}\mathrm{c}}$ = $6{T}_{m}+{T}_{e}+6{T}_{h}+2{T}_{a}\approx 48.789$ ms. Encryption becomes slower, possibly due to increased message size or processing demands.
- Re-encryption time ${T}_{\mathrm{r}\mathrm{e}-\mathrm{e}\mathrm{n}\mathrm{c}}$ is $3{T}_{bp}+{T}_{m}+2{T}_{gtmul}\approx 48.451$ ms.

- Decryption time ${T}_{\mathrm{d}\mathrm{e}\mathrm{c}}$ is $4{T}_{bp}+(n+3){T}_{m}+{T}_{mtp}+4{T}_{gtmul}+3{T}_{h}+(n+1){T}_{a}\approx 425.895$ ms.

**Degraded Configuration 2:**

- Re-encryption time ${T}_{\mathrm{r}\mathrm{e}-\mathrm{e}\mathrm{n}\mathrm{c}}$ is $2{T}_{bp}+{T}_{e}+2{T}_{m}+{T}_{gtmul}\approx 48.091$ ms. Despite reductions in base proxy operations, re-encryption remains slow.
- Decryption time ${T}_{\mathrm{d}\mathrm{e}\mathrm{c}}$ is $2{T}_{bp}+{T}_{gtmul}\approx 208.874$ ms.

**Degraded Configuration 3:**

- Encryption time ${T}_{\mathrm{e}\mathrm{n}\mathrm{c}}$ is ${T}_{m}+{T}_{h}+{T}_{gtmul}\approx 15.651$ ms.
- Re-encryption time ${T}_{\mathrm{r}\mathrm{e}-\mathrm{e}\mathrm{n}\mathrm{c}}$ is $2{T}_{bp}+3{T}_{m}+2{T}_{e}+{T}_{h}+{T}_{a}+2{T}_{gtmul}\approx 58.723$ ms,
- Decryption time ${T}_{\mathrm{d}\mathrm{e}\mathrm{c}}$ is $2{T}_{bp}+{T}_{mtp}+2{T}_{gtmul}\approx 212.276$ ms.

**Degraded Configuration 4:**

- Encryption time ${T}_{\mathrm{e}\mathrm{n}\mathrm{c}}$ is calculated as $6{T}_{m}+{T}_{e}+6{T}_{h}+2{T}_{a}\approx 68.789$ ms.

- Re-encryption time ${T}_{\mathrm{r}\mathrm{e}-\mathrm{e}\mathrm{n}\mathrm{c}}$ is $3{T}_{bp}+{T}_{m}+2{T}_{gtmul}\approx 68.451$ ms.

- Decryption time ${T}_{\mathrm{d}\mathrm{e}\mathrm{c}}$ is $4{T}_{bp}+(n+3){T}_{m}+{T}_{mtp}+4{T}_{gtmul}+3{T}_{h}+(n+1){T}_{a}\approx 625.895$ ms.

## 7. Conclusions and Future Work

## Author Contributions

## Funding

## Data Availability Statement

## Conflicts of Interest

## Appendix A

Notation | Description |
---|---|

$X$ | Set of feature vectors from IoT devices, used to extract relevant information for security analysis. |

${x}_{i}$ | Feature vector for the i-th device, encompassing data points like device behavior and network interactions. |

$Y$ | Set of predefined categories representing various potential security statuses of the devices. |

$f$ | Classification model mapping feature vectors X to categories Y, vital for determining security threat levels |

${y}_{i}$ | The category assigned to the i-th device’s data, indicating the security status as determined by model f |

$\theta $ | Parameters of the classification model, are tuned to optimize threat detection accuracy. |

$L$ | Cross-entropy loss function for classification, measuring the model’s performance in accurately classifying device data. |

${z}_{ij}$ | A binary indicator if category j is the correct classification for observation i, is used for training accuracy. |

${\widehat{W}}_{ij}$ | Predicted probability that i belongs to category j, indicating the likelihood of each security status. |

$n$ | Total number of IoT devices represented in the dataset, influencing the model’s complexity and scalability |

$m$ | Total number of security categories, which define the granularity of threat assessment. |

${S}_{1},{S}_{2},\dots ,{S}_{p}$ | Segments of the dataset, each defined by unique criteria to enhance model learning and detection capabilities. |

${g}_{\mathrm{s}\mathrm{e}\mathrm{g}}$ | Segmentation function that assigns data points to segments based on their characteristics, improving model efficiency. |

${S}_{j}$ | Segment containing data points categorized under security status j, used for focused analysis. |

$g({x}_{i})$ | The function g serves as the segmentation function, assigning each device’s feature vector ${x}_{i}$ to a specific segment ${S}_{j}$ which groups data points based on similar characteristics such as behavior, security risk levels, or operational patterns. |

$\mathrm{Var}({S}_{j}$) | Intra-segment variance for segment ${S}_{j}$ indicating the consistency of data within a segment. |

${\mu}_{j}$ | Mean of data points within segment S_j, helping in normalization and comparison of segments. |

p | P represents the total number of segments into which the dataset is divided. |

$\mu $ | The overall mean of the dataset provides a baseline for comparing segment deviations. |

${\theta}^{(t+1)}$ | Updated model parameters after iteration t+1, reflecting learning and adaptation to new data. |

$\alpha $ | Learning rate used in the optimization algorithm, balancing speed, and accuracy of convergence. |

$\nabla L({\theta}^{t})$ | $\mathrm{The}\mathrm{gradient}\mathrm{of}\mathrm{the}\mathrm{loss}\mathrm{function}\mathrm{concerning}\mathrm{parameters}\theta $ at iteration t, guiding model updates. |

Notation | Description |
---|---|

${X}_{\mathrm{n}\mathrm{o}\mathrm{r}\mathrm{m}}$ | Normalized data ensures uniform scale across IoT device inputs, crucial for accurate traffic and environmental analysis. |

${\mu}_{X}$ | Represents the mean of IoT device data, essential for assessing average traffic conditions or environmental quality. |

${\sigma}_{X}$ | Standard deviation, indicating variability in IoT data, is useful for detecting anomalies in traffic or environmental conditions. |

$e$ | A bilinear map crucial for secure multi-party computations in traffic and environmental data sharing among IoT devices. |

$G,{G}_{T}$ | Cryptographic groups used for secure data operations, ensuring that traffic and environmental data remain tamper-proof. |

$q$ | Prime number defining the order of cryptographic groups, foundational for the security parameters of IoT data exchanges. |

${H}_{1}$ | $\mathrm{Hash}\mathrm{function}\mathrm{that}\mathrm{maps}\mathrm{binary}\mathrm{strings}\mathrm{to}\mathrm{integers}\mathrm{within}{\mathbb{Z}}_{q}^{\ast}$. Hash function that securely maps device identifiers to cryptographic values, protecting device identity in a smart city network. |

${\mathbb{Z}}_{q}^{\ast}$ | ${\mathbb{Z}}_{q}^{\ast}$ refers to the set of all nonzero integers modulo q. In cryptographic terms, this represents the multiplicative group of integers modulo q excluding zero. |

${H}_{2}$ | $\mathrm{Hash}\mathrm{function}\mathrm{that}\mathrm{maps}\mathrm{binary}\mathrm{strings}\mathrm{to}\mathrm{elements}\mathrm{of}\mathrm{group}G$. Hash function for securely embedding IoT data within cryptographic groups, vital for preserving data integrity. |

${H}_{3}$ | $\mathrm{Hash}\mathrm{function}\mathrm{that}\mathrm{maps}\mathrm{elements}\mathrm{of}{G}_{T}$ back into binary strings. Converts group elements back to strings, facilitating the secure retrieval of encrypted traffic and environmental data. |

${H}_{4}$ | Hash function used for verifying data integrity. Ensures data integrity by verifying that traffic and environmental data have not been altered post-encryption. |

${P}_{\mathrm{p}\mathrm{u}\mathrm{b}}$ | Public key used for encryption and signature verification. Public key for encrypting IoT data, allowing secure data exchange across the smart city network. |

$g$ | $\mathrm{Generator}\mathrm{of}\mathrm{the}\mathrm{cryptographic}\mathrm{group}G$. Generator of the cryptographic group, fundamental to the creation and management of encryption keys in IoT security. |

$s$ | $\mathrm{Sec}\mathrm{ret}\mathrm{scalar}\mathrm{chosen}\mathrm{from}{\mathbb{Z}}_{q}^{\ast}$, used in public key generation. Secret key component in cryptographic operations, critical for maintaining secure communication between IoT devices. |

$C$ | Cipher text of encrypted data. |

$EI{D}_{D}$ | Unique identifier of an IoT device, used for secure network authentication. Unique identifier for each IoT device, ensuring secure and authenticated device operations in smart city infrastructure. |

$ls{k}_{esb}\leftarrow \mathrm{R}\mathrm{a}\mathrm{n}\mathrm{d}\mathrm{o}\mathrm{m}(f)$ | Long secret key generated securely for each device through a random process. Randomly generated long secret key for each IoT device, enhancing the security of device-specific operations. |

$LP{K}_{esb}={g}^{ls{k}_{esb}}$ | Long-term public key derived from the long sec ret key using generator g. Used in securing device communications within the IoT network. |

$\mathrm{S}\mathrm{t}\mathrm{o}\mathrm{r}\mathrm{e}C\mathrm{i}\mathrm{n}\mathrm{b}\mathrm{l}\mathrm{o}\mathrm{c}\mathrm{k}\mathrm{c}\mathrm{h}\mathrm{a}\mathrm{i}\mathrm{n}$ | $\mathrm{Encrypted}\mathrm{data}C$ is securely stored in the blockchain. Ensuring immutable recording of traffic and environmental data. |

${B}_{\mathrm{n}\mathrm{e}\mathrm{w}}=\mathrm{H}\mathrm{a}\mathrm{s}\mathrm{h}({B}_{\mathrm{o}\mathrm{l}\mathrm{d}})$ | New blockchain block created from the hash of the previous block, a critical step for maintaining a secure, verifiable record of IoT data transactions. |

${C}_{\mathrm{r}\mathrm{e}\mathrm{t}\mathrm{r}\mathrm{i}\mathrm{e}\mathrm{v}\mathrm{e}}(EC)$ | Method for IoT devices to securely access encrypted data from the blockchain, crucial for Edge Computing (EC). |

${D}_{\mathrm{p}\mathrm{r}\mathrm{o}\mathrm{c}\mathrm{e}\mathrm{s}\mathrm{s}\mathrm{e}\mathrm{d}}$ | Represents the IoT data post-decryption, used for actionable insights into traffic flow and environmental conditions. |

$\mathrm{D}\mathrm{e}\mathrm{c}\mathrm{r}\mathrm{y}\mathrm{p}{\mathrm{t}}_{ls{k}_{EC}}(C)$ | $\mathrm{Decryption}\mathrm{of}\mathrm{cipher}\mathrm{text}C$ by the IoT device using its long secret key. |

$\mathsf{\Delta}{D}_{flow}$ | Measures the change in data flow, critical for monitoring variations in traffic density or environmental sensor outputs. |

$\frac{dD}{dt}$ | Rate of change of data, important for understanding trends in traffic congestion and environmental conditions over time |

${\oint}_{C}$ | $\mathrm{Contour}\mathrm{integral}\mathrm{over}\mathrm{a}\mathrm{closed}\mathrm{path}C$, used in the context of data flow integration. Integral used to ensure the completeness and integrity of data paths in the IoT network. |

$F$ | $\mathrm{Vector}\mathrm{field}\mathrm{integrated}\mathrm{over}\mathrm{path}C$, typically representing data flow or force fields. Represents forces or flows in vector fields, useful in simulations of traffic patterns and environmental dispersion models |

$ds$ | $\mathrm{Differential}\mathrm{path}\mathrm{element}\mathrm{along}\mathrm{the}\mathrm{contour}C$. |

${\overrightarrow{r}}_{EC}$ | Position vector of the IoT device in the network. Essential for optimizing sensor placements and ensuring effective data coverage in a smart city. |

$\propto $ | Symbol indicating proportionality, used in algorithms that adjust IoT device operations based on traffic and environmental data scales. |

${\overrightarrow{r}}_{sensor}$ | Position vector of the sensor relative to the IoT device. Sensor position vectors, key to strategically deploying environmental and traffic monitoring sensors for optimal data collection. |

$\perp $ | Denotes perpendicularity between vectors, used in optimal path calculations. Indicates perpendicularity in data transmission paths, crucial for minimizing interference and maximizing the efficiency of data flow in IoT networks. |

${\overrightarrow{d}}_{optimal}$ | Optimal direction vector for data transmission between IoT device and sensor. |

$EI{D}_{D,b}$ | $\mathrm{Encrypted}\mathrm{device}\mathrm{identifier}\mathrm{for}\mathrm{IoT}\mathrm{device}b$, ensuring confidentiality and integrity. |

$\omega $ | $\mathrm{Random}\mathrm{element}\mathrm{selected}\mathrm{from}{\mathbb{Z}}_{q}^{\ast}$, used in cryptographic operations. |

$RS{K}_{a,b}$ | $\mathrm{Rendezvous}\mathrm{Secret}\mathrm{Key},\mathrm{a}\mathrm{cryptographic}\mathrm{key}\mathrm{for}\mathrm{secure}\mathrm{interactions}\mathrm{between}\mathrm{entities}a$ $\mathrm{and}b$. |

${S}_{a,b}$ | $\mathrm{Secret}\mathrm{session}\mathrm{key}\mathrm{for}\mathrm{communication}\mathrm{between}\mathrm{devices}a$ $\mathrm{and}b$. Encrypted communication, vital for maintaining data confidentiality in IoT interactions. |

${y}_{b}$ | $\mathrm{Public}\mathrm{ephemeral}\mathrm{value}\mathrm{associated}\mathrm{with}\mathrm{device}b$ during a session. |

${t}_{\mathrm{s}\mathrm{e}\mathrm{q}}$ | t stands for timestamp. Seq: Indicates that this timestamp is part of a sequence, which could be used to order events, messages, or data packets chronologically. |

${r}_{a,b}$ | $\mathrm{Nonce}\mathrm{used}\mathrm{once}\mathrm{in}\mathrm{a}\mathrm{session}\mathrm{between}\mathrm{devices}a$ $\mathrm{and}b$ for enhanced security. |

$ED$ | Encrypted Data, key for protecting sensitive information in traffic and environmental monitoring systems. |

$\mathrm{E}\mathrm{N}{\mathrm{C}}_{k}$ | Represents the encryption function. The subscript k indicates that this function uses the cryptographic key k to perform the encryption. |

$({X}_{\mathrm{b}\mathrm{a}\mathrm{t}\mathrm{c}\mathrm{h}})$ | This is the batch of data that is being encrypted. In the context of IoT systems or any large-scale data processing environment like a smart city BFLIoT system, data is often processed in batches for efficiency. |

${h}_{ed}$ | Hash of encrypted data, providing a unique fingerprint for verification without revealing content. Providing a checksum to verify data integrity before decryption in IoT systems. |

${C}_{0}$ | Initial commitment in cryptographic protocols, ensuring integrity and non-repudiation. |

${\theta}_{(t+1)}$ | $\mathrm{Updated}\mathrm{model}\mathrm{parameters}\mathrm{after}\mathrm{iteration}t+1$, typically in a learning or optimization context. Updated model parameters in machine learning algorithms, essential for adapting traffic control and environmental prediction models to new data. |

$\eta $ | Learning rate, controlling the update magnitude in optimization processes. Determining the speed and effectiveness of updates to IoT data processing models. |

$\nabla L({\theta}_{t},\mathrm{D}\mathrm{e}{\mathrm{c}}_{ls{k}_{csb}}(ED))$ | $\mathrm{Gradient}\mathrm{of}\mathrm{the}\mathrm{loss}\mathrm{function}\mathrm{with}\mathrm{respect}\mathrm{to}{\theta}_{t}$, calculated on decrypted data. Key for refining machine learning models based on secure IoT data. |

${\mathrm{\Theta}}_{(t+1)}$ | $\mathrm{Aggregated}\mathrm{model}\mathrm{parameters}\mathrm{after}\mathrm{updates}\mathrm{from}\mathrm{all}\mathrm{devices}\mathrm{at}\mathrm{iteration}t+1$. Critical for enhancing the collaborative intelligence of IoT devices in smart city applications. |

${\mathsf{\Delta}}_{(t+1)}^{{\theta}^{i}}$ | $\mathrm{Parameter}\mathrm{updates}\mathrm{from}\mathrm{the}i$-th device, contributing to the overall model update. |

$ESA$ | Set of all participating EC devices in the federated learning network. Central to distributed data processing and decision-making in smart cities. |

$\mathcal{E}{\mathcal{D}}_{0}$ | Encrypted version of the aggregated model parameters for secure transmission. |

${\bigcup}_{i=1}^{N}{D}_{i}$ | $\mathrm{Disjoint}\mathrm{union}\mathrm{of}\mathrm{datasets}\mathrm{from}N$ devices, representing data aggregation while preserving privacy. Maintaining data privacy while enabling comprehensive analysis in federated learning. |

${\theta}^{\ast}$ | Optimal model parameters obtained from minimizing integrated loss across aggregated data. |

${\int}_{U{D}_{i}}L(\theta ,x)dx$ | Integral of the loss function over the disjoint union of datasets, indicating continuous optimization. |

${G}_{\mathrm{l}\mathrm{o}\mathrm{c}\mathrm{a}\mathrm{l},i}$ | $\mathrm{Local}\mathrm{gradient}\mathrm{computed}\mathrm{on}\mathrm{the}i$-th device, derived from local data and model parameters. |

$\nabla L({\theta}_{t},{D}_{i})$ | $\mathrm{Gradient}\mathrm{of}\mathrm{the}\mathrm{loss}\mathrm{function}\mathrm{for}\mathrm{local}\mathrm{model}\mathrm{parameters}{\theta}_{t}$ $\mathrm{on}\mathrm{dataset}{D}_{i}$. |

$P{K}_{\mathrm{F}\mathrm{L}}$ | Public key used in federated learning for encrypting data, ensuring participant data confidentiality. |

$N$ | Total number of devices participating in the federated learning network, indicative of the scale of collaborative data processing in smart city infrastructure. |

$\frac{1}{N}$ | Used to average aggregated values across all devices, essential for balancing model updates in federated learning systems. |

${G}_{\mathrm{e}\mathrm{n}\mathrm{c}\mathrm{r}\mathrm{y}\mathrm{p}\mathrm{t}\mathrm{e}\mathrm{d}}$ | $\mathrm{Encrypted}\mathrm{local}\mathrm{gradients},\mathrm{secured}\mathrm{with}\mathrm{public}\mathrm{key}P{K}_{\mathrm{F}\mathrm{L}}$. Securing detailed traffic and environmental data during collaborative learning processes. |

${G}_{\mathrm{a}\mathrm{g}\mathrm{g}\mathrm{r}\mathrm{e}\mathrm{g}\mathrm{a}\mathrm{t}\mathrm{e}\mathrm{d}}$ | Aggregated encrypted gradients, averaged across all participating devices. Averaged to update global models without compromising the privacy of individual IoT data inputs. |

${\theta}_{\mathrm{g}\mathrm{l}\mathrm{o}\mathrm{b}\mathrm{a}\mathrm{l}}^{\mathrm{n}\mathrm{e}\mathrm{w}}$ | Updated global model parameters after applying aggregated gradient changes. |

$\mathsf{\Delta}\theta $ | Change to be applied to the global model, based on the decrypted aggregated gradients. |

${\theta}_{\mathrm{e}\mathrm{n}\mathrm{c}\mathrm{r}\mathrm{y}\mathrm{p}\mathrm{t}\mathrm{e}\mathrm{d}}^{\mathrm{n}\mathrm{e}\mathrm{w}}$ | Encrypted updated global model, ready for secure transmission to devices. |

${\theta}_{\mathrm{g}\mathrm{l}\mathrm{o}\mathrm{b}\mathrm{a}\mathrm{l}}^{\mathrm{n}\mathrm{e}\mathrm{w}}$ | Decrypted updated global model, ready for deployment on edge devices. |

$S{K}_{\mathrm{E}\mathrm{d}\mathrm{i}}$ | Secret key of a specific EC device, used to decrypt transmitted data. |

$P{K}_{\mathrm{E}\mathrm{d}\mathrm{i}}$ | Public key associated with an EC device, used for encrypting data before transmission. |

${H}_{4}({X}_{\mathrm{n}\mathrm{o}\mathrm{r}\mathrm{m}})$ | Hash function applied to normalized data, part of security checks for anomaly detection. |

$A(x)$ | $\mathrm{Anomaly}\mathrm{detection}\mathrm{function}\mathrm{that}\mathrm{classifies}\mathrm{data}\mathrm{points}\mathrm{as}\mathrm{normal}\mathrm{or}\mathrm{anomalous}\mathrm{based}\mathrm{on}\mathrm{a}\mathrm{threshold}T$. Crucial for identifying deviations in traffic patterns and environmental conditions in real-time. |

$p(x;{\theta}_{\mathrm{g}\mathrm{l}\mathrm{o}\mathrm{b}\mathrm{a}\mathrm{l}})$ | $\mathrm{Probability}\mathrm{output}\mathrm{of}\mathrm{the}\mathrm{global}\mathrm{model}\mathrm{for}\mathrm{a}\mathrm{data}\mathrm{point}x$$,\mathrm{used}\mathrm{to}\mathrm{assess}\mathrm{anomaly}\mathrm{status}\mathrm{against}\mathrm{threshold}T$. |

$T$ | Threshold for classifying data points in anomaly detection, adjusted dynamically. |

${T}_{\mathrm{n}\mathrm{e}\mathrm{w}}$ | Updated dynamic threshold for anomaly detection based on statistical measures of detected anomalies. Recalibrated to maintain accuracy as traffic and environmental conditions evolve. |

${\mu}_{\mathrm{a}\mathrm{n}\mathrm{o}\mathrm{m}\mathrm{a}\mathrm{l}\mathrm{i}\mathrm{e}\mathrm{s}}$ | Mean of detected anomalies, used in dynamic threshold calculation. |

${\sigma}_{\mathrm{a}\mathrm{n}\mathrm{o}\mathrm{m}\mathrm{a}\mathrm{l}\mathrm{i}\mathrm{e}\mathrm{s}}$ | Standard deviation of detected anomalies, used in dynamic threshold calculation. |

$\lambda $ | $\mathrm{Scaling}\mathrm{factor}\mathrm{applied}\mathrm{to}\mathrm{the}\mathrm{standard}\mathrm{deviation}\mathrm{in}\mathrm{the}\mathrm{calculation}\mathrm{of}\mathrm{the}\mathrm{new}\mathrm{threshold}{T}_{\mathrm{n}\mathrm{e}\mathrm{w}}$. |

${\theta}_{\mathrm{l}\mathrm{o}\mathrm{c}\mathrm{a}\mathrm{l},i}$ | Encrypted local model update of the i-th device, using public key $P{K}_{\mathrm{F}\mathrm{L}}$. Ensuring secure and personalized adaptation to localized data conditions. |

${E}_{pk}^{-1}({G}_{\mathrm{e}\mathrm{n}\mathrm{c}\mathrm{r}\mathrm{y}\mathrm{p}\mathrm{t}\mathrm{e}\mathrm{d}}^{k})$ | Decryption of encrypted gradients, part of the global model update aggregation. |

${\mathrm{\Theta}}_{\mathrm{a}\mathrm{g}\mathrm{g}\mathrm{r}\mathrm{e}\mathrm{g}\mathrm{a}\mathrm{t}\mathrm{e}\mathrm{d}}$ | Aggregated model updates from participating devices, prior to consensus validation. |

$\frac{1}{k}$ | $\mathrm{This}\mathrm{represents}\mathrm{the}\mathrm{multiplicative}\mathrm{inverse}\mathrm{of}\mathrm{the}\mathrm{number}k,\mathrm{used}\mathrm{to}\mathrm{calculate}\mathrm{an}\mathrm{average}.\mathrm{In}\mathrm{this}\mathrm{context},\mathrm{it}\mathrm{appears}\mathrm{there}\mathrm{might}\mathrm{be}\mathrm{a}\mathrm{typographical}\mathrm{error}\mathrm{or}\mathrm{confusion},\mathrm{as}k\mathrm{is}\mathrm{also}\mathrm{used}\mathrm{as}\mathrm{the}\mathrm{variable}\mathrm{of}\mathrm{summation}.\mathrm{It}\mathrm{is}\mathrm{more}\mathrm{conventional}\mathrm{to}\mathrm{see}\mathrm{it}\mathrm{as}{\displaystyle \frac{1}{k}}$ when computing an average, where K is the total number of items over which the sum is calculated. |

${B}_{\mathrm{v}\mathrm{a}\mathrm{l}\mathrm{i}\mathrm{d}\mathrm{a}\mathrm{t}\mathrm{e}\mathrm{d}}$ | Blockchain record after consensus validation of the aggregated updates. Ensuring that all device contributions are authenticated and the model update is secure |

${B}_{\mathrm{n}\mathrm{e}\mathrm{w}}$ | Updated blockchain record incorporating the new validated updates. |

${\mathrm{\Theta}}_{\mathrm{g}\mathrm{l}\mathrm{o}\mathrm{b}\mathrm{a}\mathrm{l}}^{\mathrm{n}\mathrm{e}\mathrm{w}}$ | Broadcasted new global model state, synchronized across all network participants. |

$\stackrel{\mathrm{D}\mathrm{e}\mathrm{p}\mathrm{l}\mathrm{o}\mathrm{y}}{\to}E{C}_{i}$ | $\mathrm{Represents}\mathrm{the}\mathrm{deployment}\mathrm{process}\mathrm{of}{\mathrm{\Theta}}_{\mathrm{g}\mathrm{l}\mathrm{o}\mathrm{b}\mathrm{a}\mathrm{l}}^{\mathrm{n}\mathrm{e}\mathrm{w}}$ $\mathrm{to}\mathrm{each}\mathrm{EC}\mathrm{device},\mathrm{denoted}\mathrm{by}E{C}_{i}$, across the entire network. |

${C}_{\mathrm{e}\mathrm{n}\mathrm{c}}$ | $C\mathrm{Stands}\mathrm{for}\mathrm{ciphertext},\mathrm{which}\mathrm{is}\mathrm{the}\mathrm{output}\mathrm{of}\mathrm{an}\mathrm{encryption}\mathrm{process}.enc$ Indicates that the ciphertext has been encrypted, specifying the state of the data as being securely encoded. |

${k}_{\mathrm{i}\mathrm{n}\mathrm{d}\mathrm{e}\mathrm{x}\mathrm{e}\mathrm{d}}$ | k Represents a cryptographic key, which is used for encryption, and decryption. Indexed: Implies that the key is part of a collection or series of keys, each uniquely identified by an index. |

${t}_{esa}$ | $\mathrm{The}\mathrm{notation}{t}_{esa}$ represents a specific timestamp in data communication contexts. |

$S{K}_{bi}$ | SK Stands for “Secret Key,” which is used for decrypting data that has been encrypted with the corresponding Public Key. bi serves as an identifier and index for a particular device. |

${t}_{esb}$ | t Stands for timestamp. Esb stands for a specific protocol. |

${C}_{\mathrm{d}\mathrm{e}\mathrm{c}}$ | C Stands for ciphertext which is the data in its encrypted form. Dec Indicates that the ciphertext has been decrypted, specifying the state of the data as having been transformed from its secure, encoded format to its plaintext format. |

${T}_{{K}_{{b}_{i}}}$ | T stands for Transformation. K: Represents a Key used in the cryptographic operation. b i user b and has an identifier i. |

$\mathcal{A}$ | Represents the adversary in the cryptographic proof, trying to compromise the system. Testing the system’s resilience against potential security breaches. |

$\mathcal{C}$ | The challenger in cryptographic games simulates the protocol to validate the security measures of the IoT system. |

$s$ | A secret value selected uniformly at random from ${\mathbb{Z}}_{q}$, used as the exponent in the key generation to create the public key. Used in the cryptographic key generation process to secure IoT device communications. |

${P}_{\mathrm{p}\mathrm{u}\mathrm{b}}$ | The public key in the BFLIoT system, derived as ${g}^{s}$, where $g$ is a generator of the group $G$. |

$m$ | Represents a message that is an element of ${\mathbb{Z}}_{q}$, involved in the encryption process. |

$r$ | A random value is chosen uniformly from ${\mathbb{Z}}_{q}$ for each encryption process. |

$C$ | The ciphertext resulting from the encryption scheme combines a power of $g$ and the message masked with a hash output. |

$H$ | A cryptographic hash function is used as a random oracle, ensuring the randomness of the hash output used in the encryption. |

$\mathcal{B}$ | An algorithm constructed to solve the DL problem using the adversary’s ability to break the encryption scheme. |

${G}_{i}$ | Local gradient from a device in the federated learning process. |

${\stackrel{~}{G}}_{i}$ | Noise-adjusted gradient ensuring $(\u03f5,\delta )$-differential privacy by adding Gaussian noise $\mathcal{N}(0,{\sigma}^{2}I)$. |

HF | The cryptographic hash function used in the PoW mechanism within the blockchain integration. |

$n$ | Nonce in the PoW, a number that miners adjust to solve the hashing challenge. |

$\mathcal{N}(0,{\sigma}^{2}I)$ | Gaussian noise was added to the local gradient to ensure differential privacy. |

## References

- Sefati, S.S.; Arasteh, B.; Halunga, S.; Fratu, O.; Bouyer, A. Meet User’s Service Requirements in Smart Cities Using Recurrent Neural Networks and Optimization Algorithm. IEEE Internet Things J.
**2023**, 10, 22256–22269. [Google Scholar] [CrossRef] - Sefati, S.S.; Halunga, S. Ultra-reliability and low-latency communications on the internet of things based on 5G network: Literature review, classification, and future research view. Trans. Emerg. Telecommun. Technol.
**2023**, 34, e4770. [Google Scholar] [CrossRef] - Ullah, A.; Ahmad, J.; Arif, M.; Javed, A.; Alazab, M.; Khan, M.S. Smart Cities: The Role of Internet of Things and Machine Learning in Realizing a Data-Centric Smart Environment. Complex Intell. Syst.
**2024**, 10, 1607–1637. [Google Scholar] [CrossRef] - Miranda, R.; Filippoupolitis, A.; Oliff, W. Revolutionising the Quality of Life: The Role of Real-Time Sensing in Smart Cities. Electronics
**2024**, 13, 550. [Google Scholar] [CrossRef] - Farooq, M.S.; Riaz, S.; Abid, A.; Abid, K.; Naeem, M. A Survey on the Role of IoT in Agriculture for the Implementation of Smart Farming. IEEE Access
**2019**, 7, 156237–156271. [Google Scholar] [CrossRef] - Sefati, S.S.; Halunga, S. Mobile sink assisted data gathering for URLLC in IoT using a fuzzy logic system. In Proceedings of the 2022 IEEE International Black Sea Conference on Communications and Networking (BlackSeaCom), Sofia, Bulgaria, 6–9 June 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 379–384. [Google Scholar]
- Javed, A.R.; Usman, M.; Raza, M.; Khan, A.A.; Noor, K.; Din, S. Future Smart Cities: Requirements, Emerging Technologies, Applications, Challenges, and Future Aspects. Cities
**2022**, 129, 103794. [Google Scholar] [CrossRef] - Alfandi, O.; Patel, A.; Santos, A.; Bennett, F. A Survey on Boosting IoT Security and Privacy through Blockchain: Exploration, Requirements, and Open Issues. Clust. Comput.
**2021**, 24, 37–55. [Google Scholar] [CrossRef] - Farahani, B.; Firouzi, F.; Luecking, M. The Convergence of IoT and Distributed Ledger Technologies (DLT): Opportunities, Challenges, and Solutions. J. Netw. Comput. Appl.
**2021**, 177, 102936. [Google Scholar] [CrossRef] - Qu, Y.; Uddin, M.P.; Gan, C.; Xiang, Y.; Gao, L.; Yearwood, J. Blockchain-enabled federated learning: A survey. ACM Comput. Surv.
**2022**, 55, 1–35. [Google Scholar] [CrossRef] - Sefati, S.S.; Haq, A.U.; Craciunescu, R.; Halunga, S.; Mihovska, A.; Fratu, O. A Comprehensive Survey on Resource Management in 6G Network Based on Internet of Things. IEEE Access
**2024**, 12, 113741–113784. [Google Scholar] [CrossRef] - Henry, R.; Herzberg, A.; Kate, A. Blockchain Access Privacy: Challenges and Directions. IEEE Secur. Priv.
**2018**, 16, 38–45. [Google Scholar] [CrossRef] - Sefati, S.S.; Halunga, S. Data forwarding to Fog with guaranteed fault tolerance in Internet of Things (IoT). In Proceedings of the 2022 14th International Conference on Communications (COMM), Bucharest, Romania, 16–18 June 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 1–5. [Google Scholar]
- Omar, A.S.; Basir, O. Identity Management in IoT Networks Using Blockchain and Smart Contracts. In Proceedings of the 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Halifax, NS, Canada, 30 July–3 August 2018; IEEE: Piscataway, NJ, USA, 2018. [Google Scholar]
- Kharche, A.; Badholia, S.; Upadhyay, R.K. Implementation of Blockchain Technology in Integrated IoT Networks for Constructing Scalable ITS Systems in India. Blockchain Res. Appl.
**2024**, 5, 100188. [Google Scholar] [CrossRef] - Sisi, Z.; Souri, A. Blockchain Technology for Energy-Aware Mobile Crowd Sensing Approaches in Internet of Things. Trans. Emerg. Telecommun. Technol.
**2024**, 35, e4217. [Google Scholar] [CrossRef] - Jyoti, A.; Yadav, V.; Prakash, A.; Kumar Jha, S.; Rahul, M. Blockchain for Big Data: Approaches, Opportunities and Future Directions. Recent Adv. Electr. Electron. Eng. (Former. Recent Pat. Electr. Electron. Eng.)
**2024**, 17, 229–243. [Google Scholar] [CrossRef] - Malik, K.R.; Samad, A.; Anjum, A.; Saeed, Y.; Han, K. A Methodology for Real-Time Data Sustainability in Smart City: Towards Inferencing and Analytics for Big-Data. Sustain. Cities Soc.
**2018**, 39, 548–556. [Google Scholar] [CrossRef] - Sefati, S.; Mousavinasab, M.; Zareh Farkhady, R. Load balancing in cloud computing environment using the Grey wolf optimization algorithm based on the reliability: Performance evaluation. J. Supercomput.
**2022**, 78, 18–42. [Google Scholar] [CrossRef] - Wan, S.; Chen, Z.; Lin, K.; Wang, X.; Wu, Y.; Di, Y. To Smart City: Public Safety Network Design for Emergency. IEEE Access
**2017**, 6, 1451–1460. [Google Scholar] [CrossRef] - Mahesh, B. Machine Learning Algorithms-A Review. Int. J. Sci. Res. (IJSR)
**2020**, 9, 381–386. [Google Scholar] [CrossRef] - Aldoseri, A.; Al-Khalifa, K.N.; Hamouda, A.M. AI-Powered Innovation in Digital Transformation: Key Pillars and Industry Impact. Sustainability
**2024**, 16, 1790. [Google Scholar] [CrossRef] - He, P.; Zhou, Y.; Qin, X. A Survey on Energy-Aware Security Mechanisms for the Internet of Things. Future Internet
**2024**, 16, 128. [Google Scholar] [CrossRef] - Amoo, O.O.; Shithili, S.; Ramanujan, R. Cybersecurity Threats in the Age of IoT: A Review of Protective Measures. Int. J. Sci. Res. Arch.
**2024**, 11, 1304–1310. [Google Scholar] [CrossRef] - Kvak, K.; Straka, M. The Use of the Internet of Things in the Distribution Logistics of Consumables. Appl. Sci.
**2024**, 14, 3263. [Google Scholar] [CrossRef] - Merlec, M.M.; In, H.P. SC-CAAC: A Smart Contract-Based Context-Aware Access Control Scheme for Blockchain-Enabled IoT Systems. IEEE Internet Things J.
**2024**, 11, 19866–19881. [Google Scholar] [CrossRef] - CheSuh, L.N. Improve Quality of Service for the Internet of Things Using Blockchain & Machine Learning Algorithms. Internet Things
**2024**, 26, 101123. [Google Scholar] - Kiran, M. Blockchain Based Secure Ownership Transfer Protocol for Smart Objects in the Internet of Things. Internet Things
**2024**, 25, 101002. [Google Scholar] - Li, K. Privacy-Preserving Scheme with Bidirectional Option for Blockchain-Enhanced Logistics Internet of Things. IEEE Internet Things J.
**2024**, 11, 20562–20574. [Google Scholar] [CrossRef] - Vishwakarma, L.; Das, D. BLISS: Blockchain-Based Integrated Security System for Internet of Things (IoT) Applications. Int. J. Inf. Secur.
**2024**, 23, 1649–1665. [Google Scholar] [CrossRef] - Singh, D.; Dwivedi, R.K. Designing Blockchain Based Secure Autonomous Vehicular Internet of Things (IoT) Architecture with Efficient Smart Contracts. Int. J. Inf. Technol.
**2024**, 1–17. [Google Scholar] [CrossRef] - Khan, A.A. Data Security in Healthcare Industrial Internet of Things with Blockchain. IEEE Sens. J.
**2023**, 23, 25144–25151. [Google Scholar] [CrossRef] - Xiong, H.; Wu, Y.; Jin, C.; Kumari, S. Efficient and privacy-preserving authentication protocol for heterogeneous systems in IIoT. IEEE Internet Things J.
**2020**, 7, 11713–11724. [Google Scholar] [CrossRef] - Zhong, H.; Zhang, S.; Cui, J.; Wei, L.; Liu, L. Broadcast encryption scheme for V2I communication in VANETs. IEEE Trans. Veh. Technol.
**2021**, 71, 2749–2760. [Google Scholar] [CrossRef] - Gervais, A. On the Security and Performance of Proof of Work Blockchains. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016. [Google Scholar]
- Sefati, S.S.; Fartu, O.; Nor, A.M.; Halunga, S. Enhancing Internet of Things Security and Efficiency: Anomaly Detection via Proof of Stake Blockchain Techniques. In Proceedings of the 2024 International Conference on Artificial Intelligence in Information and Communication (ICAIIC), Osaka, Japan, 19–22 February 2024; IEEE: Piscataway, NJ, USA, 2024; pp. 591–595. [Google Scholar]
- Iqbal, M.A. A Review on Internet of Things (IoT): Security and Privacy Requirements and the Solution Approaches. Glob. J. Comput. Sci. Technol.
**2016**, 16, 1–9. [Google Scholar] - Datta, A.; Halpern, J.Y.; Mitchell, J.C.; Roy, A.; Sen, S. A symbolic logic with concrete bounds for cryptographic protocols. arXiv
**2015**, arXiv:1511.07536. [Google Scholar] - Wang, J. Game-Based Low Complexity and Near Optimal Task Offloading for Mobile Blockchain Systems. IEEE Trans. Cloud Comput.
**2024**, 12, 539–549. [Google Scholar] [CrossRef] - Benrebbouh, C.; Mansouri, H.; Cherbal, S.; Pathan AS, K. Enhanced secure and efficient mutual authentication protocol in iot-based energy internet using blockchain. Peer-to-Peer Netw. Appl.
**2024**, 17, 68–88. [Google Scholar] [CrossRef]

**Figure 1.**Conceptual framework for secure and scalable IoT integration in smart city infrastructure.

**Figure 3.**Comparative Analysis of Computational Overhead in Cryptographic Operations across BFLIoT Scenarios.

Reference | Prior Studies | Advantages of Prior Studies | Disadvantages of Prior Studies | BFLIoT Contribution |
---|---|---|---|---|

[26] | SC-CAAC for Blockchain-IoT | Enhances security and privacy Promotes trust | Complex deployment Scalability and cost issues. | BFLIoT integrates federated learning for scalability and edge computing to reduce complexity. |

[27] | Blockchain and ML for IoT QoS | Improves security and QoS Utilizes ML analytics. | Scalability issues. High computational demands. | BFLIoT optimizes energy efficiency and scalability through distributed edge computing and lightweight ML models. |

[28] | OTP with PUF and blockchain | Secure flexible ownership transfer | PUF complexity. Scalability evolving threat challenges. | BFLIoT avoids hardware-based complexity by using cryptographic methods for secure and scalable data management. |

[29] | PB-IoT for logistics | Enhances privacy; Supports humane services. | Integration complexity. High computational needs. | BFLIoT simplifies integration with a unified blockchain and federated learning model, reducing computational load. |

[30] | BLISS for IoT | Improves cybersecurity; efficient mechanisms. | Scalability and latency in large network optimization are needed. | BFLIoT addresses latency by distributing processing across edge devices, ensuring real-time performance. |

[31] | Secure AV IoT Architecture SAVIoT | Decentralized data sharing; improves safety. | Low scalability in AV networks. High resource demands. | BFLIoT’s decentralized architecture handles larger networks efficiently, improving scalability and reducing latency. |

[32] | BHIIoT for e-healthcare | Enhances data security and scalable. | Integration complexity; needs extensive evaluation. | BFLIoT’s lightweight and scalable design simplifies deployment and supports real-time healthcare applications. |

[33] | Computational Diffie-Hellman (eCDH) | Ensures secure communication between heterogeneous cryptosystems, low computation cost, and reduced communication overhead. | Extra computation cost due to cross-domain communication. | BFLIoT’s recommend a low cost algorithm |

[34] | Identity-Based Broadcast Encryption (IBBE) with Proxy Server for VANETs | Reduces encryption redundancy, improves communication efficiency, lowers decryption cost for new vehicles. | Complexity added by using a proxy server, introducing extra computational overhead | BFLIoT’s reduces encryption redundancy in one-to-many communication |

Criteria | Proposed Method | SAVIoT | eCDH | IBBE | FedAvg | DeepChain |
---|---|---|---|---|---|---|

Confidentiality of Data Transmission and Storage | ✓ | × | ✓ | ✓ | ✓ | ✓ |

Robust Access Control Mechanism | ✓ | ✓ | × | ✓ | ✓ | ✓ |

Anonymity Through Pseudonyms | ✓ | × | × | × | × | × |

Unlinkability of Device Requests | ✓ | × | × | × | × | × |

Replay Attack Resistance | ✓ | × | ✓ | × | ✓ | ✓ |

Modification Attack Resistance | ✓ | ✓ | × | ✓ | × | ✓ |

Impersonation Attack Resistance | ✓ | × | ✓ | ✓ | ✓ | ✓ |

Parameters | Description |
---|---|

Deployment area | $1000\mathrm{m}\times 400\mathrm{m}$ |

Number of users | 2 |

Number of the cloud server | 1 |

Number of sensors | 40, 80, 120, 160, 200 |

Communication range of cloud server | 2000 m |

Communication range of sensors | 20 m |

Simulation time | 2400 s |

Cryptographic Library | VC++ 6.0 with Pairing-Based Cryptography (PBC) library |

Security Standard | 1024-bit RSA encryption |

Parameters | Description |
---|---|

${Cost}_{\mathrm{h}\mathrm{a}\mathrm{s}\mathrm{h}}$ | Computational cost for hash functions, essential for data integrity, digital signatures, random number generation, and hash tables. |

${Cost}_{\mathrm{p}\mathrm{a}\mathrm{i}\mathrm{r}}$ | The computational cost for bilinear pairing operations is used in advanced cryptographic systems like identity-based encryption and zero-knowledge proofs. |

${Cost}_{\mathrm{e}\mathrm{x}\mathrm{p}1}$ | $\mathrm{Computational}\mathrm{cost}\mathrm{of}\mathrm{exponentiation}\mathrm{in}{G}_{1}$, a group on a supersingular elliptic curve, crucial for frequent cryptographic operations. |

${Cost}_{\mathrm{e}\mathrm{x}\mathrm{p}2}$ | $\mathrm{Computational}\mathrm{cost}\mathrm{of}\mathrm{exponentiation}\mathrm{in}{G}_{2}$, another group used for various cryptographic operations in different settings. |

${Cost}_{s}$ | The computational cost for symmetric encryption/decryption, where the same key encrypts and decrypts data, is noted for its efficiency. |

Metric | BFLIoT | SAVIoT | DeepChain | FedAvg | eCDH | IBBE |
---|---|---|---|---|---|---|

Moderate Rate Throughput | 326.2 | 208.3 | 180.2 | 170.1 | 148.7 | 98.9 |

High-Rate Throughput | 3208.2 | 2015.4 | 1700.3 | 1600.5 | 1583.9 | 1024.1 |

Throughput Completion Rate (Moderate, %) | 99.330 | 99.045 | 98.972 | 98.914 | 98.867 | 98.700 |

Throughput Completion Rate (High, %) | 99.997 | 99.985 | 99.962 | 99.960 | 99.956 | 99.961 |

Latency for Main Operation (Seconds) | 0.069 | 0.082 | 0.087 | 0.090 | 0.095 | 0.120 |

Notation | Description |
---|---|

${T}_{\mathrm{e}\mathrm{n}\mathrm{c}}$ | Encrypt a message. |

${T}_{\mathrm{r}\mathrm{e}-\mathrm{e}\mathrm{n}\mathrm{c}}$ | Re-encrypt a message using proxy re-encryption |

${T}_{m}$ | Time to process a message |

${T}_{e}$ | Basic encryption time |

${T}_{h}$ | Hashing time |

${T}_{a}$ | Authentication time |

${T}_{bp}$ | Base proxy re-encryption time |

${T}_{mtp}$ | Message to proxy conversion time |

${T}_{gtmul}$ | Group theory-based multiplication time |

Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |

© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Sefati, S.S.; Craciunescu, R.; Arasteh, B.; Halunga, S.; Fratu, O.; Tal, I.
Cybersecurity in a Scalable Smart City Framework Using Blockchain and Federated Learning for Internet of Things (IoT). *Smart Cities* **2024**, *7*, 2802-2841.
https://doi.org/10.3390/smartcities7050109

**AMA Style**

Sefati SS, Craciunescu R, Arasteh B, Halunga S, Fratu O, Tal I.
Cybersecurity in a Scalable Smart City Framework Using Blockchain and Federated Learning for Internet of Things (IoT). *Smart Cities*. 2024; 7(5):2802-2841.
https://doi.org/10.3390/smartcities7050109

**Chicago/Turabian Style**

Sefati, Seyed Salar, Razvan Craciunescu, Bahman Arasteh, Simona Halunga, Octavian Fratu, and Irina Tal.
2024. "Cybersecurity in a Scalable Smart City Framework Using Blockchain and Federated Learning for Internet of Things (IoT)" *Smart Cities* 7, no. 5: 2802-2841.
https://doi.org/10.3390/smartcities7050109