Enhancing IoT-LLN Security with IbiboRPLChain Solution: A Blockchain-Based Authentication Method

Abstract

The security of Internet of Things (IoT)–Low-Power and Lossy Networks (LLNs) is crucial for their widespread adoption in various applications. The standard routing protocol for IoT-LLNs, IPv6 Routing Protocol over Low-Power and Lossy Networks (RPL), is susceptible to insider attacks, such as the version number attack (VNA), decreased rank attack (DRA), and increased rank attack (IRA). These attacks can significantly impact network performance and resource consumption. To address these security concerns, we propose the IbiboRPLChain Solution, a secure blockchain-based authentication method for RPL nodes. The proposed solution introduces an additional blockchain layer to the RPL architecture, enabling secure authentication of communication links between the routing layer and the sensor layer. The IbiboRPLChain Solution utilises smart contracts to trigger immediate authentication upon detecting routing attacks initiated by malicious nodes in an IoT-LLN environment. The evaluation of the proposed solution demonstrates its superior performance in mitigating insider attacks and enhancing IoT-LLN security compared to existing methods. The proposed solution effectively mitigates insider attacks by employing blockchain technology to authenticate communication links between routing and sensor nodes. This prevents malicious nodes from manipulating routing information and disrupting network operations. Additionally, the solution enhances IoT-LLN security by utilising smart contracts to trigger immediate authentication upon detecting suspicious activity, ensuring prompt action against potential threats. The findings of this research have significant implications for the development and deployment of secure IoT-LLNs.

1. Introduction

Recent studies from 2020 to 2025 continue to advance attack detection and mitigation for RPL-based IoT-LLNs, yet persistent gaps remain around insider/compound threats, decentralised trust, and reproducible evaluation at scale—precisely the space IbiboRPLChain targets. Comprehensive surveys map the breadth of RPL attacks and defences but repeatedly note that many proposals are validated only in simulations with simplified topologies and centralised trust assumptions, which undermines resilience under adversarial conditions and dense deployments [1,2] Empirical studies show that even “simple” internal attacks significantly degrade QoS, raise control overhead, and destabilise DODAGs, while hybrid attacks cause degradation of up to 80% in packet delivery and latency [3]. Targeted analyses of control-message exploits, such as Version Number Attacks, confirm that countermeasures either incur excessive overhead or fail under multi-attack scenarios [4,5]. Trust-oriented and cooperative schemes, such as THC-RPL, improve packet delivery and detect Sybil nodes but add significant routing overhead and remain vulnerable to composite insider strategies [6,7,8]. Machine and deep learning-based IDS models report strong detection accuracy (82–94%), yet they typically depend on centralised training, heavy feature extraction, and incur latency unsuited to constrained LLNs [9,10,11]. While new datasets, such as UOS_IOTSH_2024 for sinkhole attacks, enable benchmarking, few evaluate blockchain-backed enforcement within the routing loop [5]. Replay-centric evaluations further highlight RPL’s fragility to DAO/DIO reuse, with pronounced impacts on latency, reliability, and routing stability [12].

In contrast, IbiboRPLChain embeds real-time smart contract-based authentication directly between the routing and sensor layers, ensuring that validation is triggered immediately upon anomalous RPL behaviour rather than deferred to post hoc detection. This removes dependence on a single trusted sink node and aligns with decentralised trust models [13,14]. In our Contiki/Cooja evaluations with IEEE 802.15.4 Z1 motes, IbiboRPLChain reduced triggering instants by 50%, halved response time, achieved 100% consensus, quadrupled security performance (packet delivery, identity verification, attack isolation), and cut network computation time threefold (100 → 33 s), while stabilising propagation and time-evolution strength. These results compare favourably with trust-only or ML-only baselines that either suffer overhead or high detection-to-response latency [7,8,9,10,12]. Nonetheless, the following challenges remain which require further investigation: scaling the blockchain ledger to thousands of nodes risks storage and synchronisation issues; heterogeneous testbeds may expose new vulnerabilities; and robustness against zero-day or hybrid attack combinations, as well as adversarial manipulation of smart contracts [1,3,5,6,11].

Overall, these results substantiate the IbiboRPLChain Solution’s capacity to not only bridge theoretical gaps in blockchain-based IoT security but also deliver practical and scalable enhancements for LLN routing protocols. The integration of blockchain with event-triggered multiagent coordination, dynamic consensus, and real-time threat detection sets a new benchmark for future research in secure IoT systems, representing a clear advancement over state-of-the-art defences [13,14]. By addressing the core limitations of existing architectures, namely centralisation, computational inefficiency, narrow attack scope, and lack of empirical rigour, this study contributes significantly to the field of IoT security.

Despite numerous advances in RPL-based IoT-LLN security between 2020 and 2025, several persistent research gaps undermine the effectiveness of existing models. Current solutions are often over-reliant on centralised architectures [3,6], where attack detection depends on a sink node, creating a single point of failure that adversaries can exploit. Many studies also focus narrowly on isolated threats, such as Sybil [7,8] or version number attacks [4], without considering compound or hybrid strategies, even though empirical evaluations show that combined rank manipulation and replay attacks can degrade packet delivery and latency by up to 80% [2,11]. Furthermore, machine and deep learning-based IDS approaches, though accurate, impose heavy data collection, centralised training, and computational burdens that are unsuited to resource-constrained LLNs [9,10,12], while trust-based schemes incur additional latency from metric computation and are limited in scalability. Another gap lies in empirical validation: a large proportion of proposed frameworks remain conceptual or tested only in simplified simulations, with few studies stress-testing solutions under realistic network conditions such as lossy links, node mobility, or large-scale deployments [1,5]. Finally, most methods are reactive, depending on known signatures or labelled datasets, leaving networks vulnerable to zero-day and adaptive threats. The IbiboRPLChain Solution directly addresses these limitations by embedding a decentralised blockchain layer that removes dependence on any single trusted node, while lightweight smart contracts provide real-time, event-triggered authentication of anomalous RPL behaviour, dynamically mitigating insider and hybrid attacks without imposing prohibitive resource costs. Empirical results confirm its practical value: in Contiki/Cooja simulations using IEEE 802.15.4 Z1 motes, IbiboRPLChain reduced authentication delays by around 50%, cut network computation time threefold, improved security performance fourfold, and achieved 100% consensus while stabilising propagation and time-evolution metrics. Unlike existing ML-, trust-, or signature-based approaches, IbiboRPLChain’s emphasis on decentralised enforcement, low overhead, and adaptive anomaly validation bridges the gap between theoretical blockchain promise and real-world IoT-LLN constraints, offering a credible pathway towards scalable, resilient, and promptly reactive security.

1.1. Contributions

Our research makes the following contributions to the field of IoT security:

• A novel blockchain-based authentication method for RPL.
• A thorough evaluation of our proposed method using simulations.
• We demonstrate that the proposed method can effectively mitigate routing attacks in IoT-LLNs.
• Blockchain’s inherent immutability and transparency safeguard routing information from tampering and manipulation, preventing malicious nodes from disrupting network operations.
• Smart contracts automate the authentication process, reducing the overhead associated with manual verification and expediting the response to potential threats.
• Blockchain’s distributed architecture can accommodate a growing number of nodes without compromising performance, making it suitable for large-scale IoT-LLNs.

The rest of this paper is organised as follows. In Section 2, we discussed the related studies, and also we focused on the background on blockchain technology and RPL. In Section 3, we discussed proposed blockchain-based authentication methods. Section 4 presents our proposed routing protocol. In Section 5, we compare the performances with existing solutions. Section 6 provides the main conclusions.

1.2. Problem Statement

The widespread adoption of IoT devices has introduced new security challenges, particularly in the context of LLNs. LLNs, which form the backbone of many IoT applications, are often composed of resource-constrained devices with limited energy and computational capabilities. This inherent constraint makes LLNs particularly susceptible to routing attacks [10,11,12,13,14,15], which can disrupt network operations and compromise the security of IoT systems.

Traditional security solutions for LLNs are often impractical due to their complexity and overhead. The implementation of sophisticated security measures can be resource-intensive and may not be feasible for resource-constrained LLN devices. As a result, LLNs frequently lack adequate security measures, leaving them vulnerable to routing attacks.

Existing detection methods for RPL attacks often rely on end-point device data and routing information obtained at the collecting point [6,7,8,9,10,11,12,13,14]. However, these methods may not be effective in detecting all types of routing attacks, and they can introduce additional overhead and latency. Additionally, the reliance on the collecting point as a trusted device raises concerns about potential vulnerabilities in the collecting point itself.

The lack of a robust and scalable security solution for routing attacks in LLNs poses a significant threat to the security and reliability of IoT systems. A solution is needed that can effectively mitigate routing attacks while maintaining the efficiency and scalability of LLNs [12]. LLNs are particularly susceptible to routing attacks due to their resource-constrained nature. Traditional security solutions are often impractical for LLNs due to their complexity and overhead [13,14]. Existing detection methods for RPL attacks may not be effective in detecting all types of attacks. The reliance on the collecting point as a trusted device raises concerns about potential vulnerabilities.

1.3. Related Work

Several researchers have proposed various security solutions to address routing attacks in IoT-LLNs. These solutions can be broadly categorised into two groups: centralised architectures and distributed architectures. Centralised architectures rely on a central authority to manage and secure the routing process. This approach can provide strong security but may suffer from scalability and single point of failure issues. Dvir et al. proposed VeRA (Version-Number and Rank-Attack Resistance) [15] to protect against version number and rank attacks in RPL. VeRA utilises a hash chain technique to prevent malicious nodes from altering version numbers or ranks. However, VeRA has not been implemented in a real-world IoT environment. Another centralised approach proposed by [16] regulates the rate at which rank values can increase or decrease, employing one-way hashed functions like SHA-1 to prevent unauthorised rank modifications. While this method effectively mitigates rank attacks, it introduces additional computational overhead due to the use of hashing algorithms.

Distributed architecture aims to provide a more scalable and resilient security solution by distributing the responsibility of managing and securing the routing process among the nodes in the network. The author [17] applied blockchain technology which, with its decentralised and tamper-proof nature, has emerged as a promising approach for implementing distributed security solutions in IoT-LLNs. Zhong et al. proposed the Sprite technique [18,19] to support IoT device technology in ad hoc networks. Sprite utilises a distributed ledger to store routing information and maintain synchronisation among nodes. However, Sprite is susceptible to attacks by malicious nodes that can manipulate data to obtain rewards without actually delivering it. Researchers have also explored the use of blockchain technology to determine the optimal routing path from source to destination in LLNs. This approach can effectively mitigate black- and grey-hole attacks, but it may introduce additional overhead due to the blockchain consensus mechanism.

In addition to preventive security measures, intrusion detection and mitigation techniques play a crucial role in protecting LLNs from routing attacks. Ahmad et al. proposed an intrusion detection technique that utilises the historical connectivity behaviour of nodes to identify anomalies and potential attacks [20]. However, this method focuses primarily on DoS attacks and may not be effective against other types of routing attacks. Uddin et al. proposed a lightweight routing system that employs a bloom filter to provide privacy and protect end-node credentials while minimising the overhead of control messages [21]. However, this system may not provide adequate security against sophisticated routing attacks.

While this [22] offers a strong analysis of Sybil attacks in RPL-based IoT networks, it has a few limitations. It does not propose any new solution, and most of its findings are based on theory rather than real-world testing. The focus is mainly on Sybil attacks, without looking at how they might combine with other types of internal attacks. Also, it does not really address whether the suggested defences are practical for low-power IoT devices, or how much extra load they might add. Finally, there is no standard way used to compare the different defence methods, which makes it harder to judge which ones are truly effective.

The [23] presents a practical contribution by simulating key RPL-based attacks and generating a labelled multi-class dataset to support supervised machine learning research in IoT security. However, it falls short by covering only a limited range of attacks, offering minimal insight into the performance of learning models, and lacking evaluation benchmarks to assess the dataset’s effectiveness or realism. This [24] introduces a lightweight intrusion detection system tailored for detecting Sybil attacks in mobile RPL-based IoT networks, with a focus on low overhead and mobility support. However, its reliance on simulations, assumptions of node cooperation, and narrow focus on Sybil attacks limit its applicability and generalisability to broader IoT security challenges. The author [24] proposes a trust-based framework to detect and mitigate rank and version number attacks in RPL-based IoT networks, effectively improving routing stability and reliability. However, it lacks thorough performance evaluation, offers limited scalability analysis, and makes assumptions about node behaviour that may not hold in dynamic IoT environments.

Further research is needed to address the challenges and opportunities of integrating blockchain technology into various IoT-LLN applications. Researchers should explore more efficient and scalable consensus mechanisms for blockchain-based routing solutions, investigate lightweight cryptography techniques to reduce computational overhead, and develop comprehensive security analysis frameworks to evaluate the robustness of blockchain-based security solutions against emerging routing attacks.

2. Background

2.1. Routing Protocol for Low-Power and Lossy Networks (RPL)

RPL is a proactive distance-vector source routing mechanism that utilises Directed Acyclic Graphs (DAGs) to establish a tree-like network topology. In this topology, each node can associate with multiple parent nodes, providing redundancy and resilience to node failures. RPL groups nodes into Destination-Oriented DAGs (DODAGs), where the root of each DODAG serves as a gateway to the Internet. The DODAG root initiates the routing process by sending DIO (Destination Advertisement Object) messages to its neighbours, which in turn propagate these messages further down the network. Nodes wishing to join the DODAG send DIS (DODAG Information Solicitation) messages to the root node, and upon receiving these messages, the root node assigns ranks to the requesting nodes and establishes parent–child relationships.

2.1.1. Blockchain Technology Overview

Blockchain technology is a distributed ledger system that maintains a tamper-proof record of transactions. Each transaction in the blockchain is cryptographically secured and linked to the previous transaction, forming an immutable chain of blocks. Blockchain’s decentralised nature and inherent security make it a promising tool for various applications, including cryptocurrency, supply chain management, and healthcare data management.

2.1.2. Security Considerations in IoT-LLNs

The security of IoT-LLNs is crucial due to the sensitivity of the data they collect and transmit. RPL, as the primary routing protocol in IoT-LLNs, is susceptible to various attacks, such as sinkhole and blackhole attacks. Sinkhole attacks involve an attacker creating a node that appears to be a legitimate sink, attracting traffic and disrupting network communication. Blackhole attacks involve an attacker dropping all incoming traffic, effectively isolating a portion of the network.

2.1.3. Addressing Security Vulnerabilities in RPL

To address the security vulnerabilities in RPL, various security mechanisms have been proposed. These mechanisms can be broadly classified into two categories: trust-based mechanisms and cryptography-based mechanisms. Trust-based mechanisms rely on reputation systems to assess the trustworthiness of nodes, while cryptography-based mechanisms employ encryption and digital signatures to secure routing messages.

The integration of blockchain technology into RPL routing offers a promising approach to enhancing security in IoT-LLNs. By leveraging blockchain’s decentralised and immutable nature, RPL routing can be made more resilient to attacks and provide a more secure foundation for IoT data communication.

2.2. Blockchain

Blockchain technology has gained significant attention for its potential to enhance data authentication, security, privacy, and integrity. In the context of IoT networks, blockchain offers a promising solution to address concerns regarding data security and privacy. As highlighted in [25], blockchain technology can effectively improve data privacy and integrity while strengthening the overall security posture of IoT networks.

At its core, blockchain operates as a distributed, open, and secure transaction ledger system that maintains an immutable record of transactions. This immutable record is secured by a peer-to-peer (P2P) network of users who collectively participate in verifying and validating transactions. The verification process utilises cryptographic hashing to link each block of data to its predecessor, creating an unbreakable chain of records.

To update the blockchain ledger with new transactions, a broadcast mechanism is employed. This involves broadcasting the transaction details to the entire network, followed by a distributed consensus process. The consensus process ensures that all participating nodes agree on the validity of the transaction before it is added to the blockchain.

Blockchain’s decentralised nature offers several advantages in the context of IoT networks. The system’s resilience to node failures ensures continued operation even if individual nodes become unavailable. Additionally, distributed authentication across nodes safeguards against network intrusions by malicious actors. Even if a few nodes are compromised, the overall integrity of the blockchain remains intact [26].

The core functions of blockchain can be summarised as block generation, validation, and transaction processing. Each transaction initiated undergoes rigorous validation before being disseminated to the network.

Three primary types of blockchains exist as follows: public, private, and consortium blockchains. Public blockchains, as the name suggests, are open to participation by anyone without requiring permission. Miners, the individuals responsible for adding new transactions to the blockchain, must participate in the consensus process to validate transactions. In contrast, private blockchains grant read access to all participants but restrict write permissions to a centralised authority. Consortium blockchains, on the other hand, adopt a hybrid approach, where a designated organisation manages a majority of access rights.

For IoT applications, private blockchains offer several advantages, including enhanced privacy, lower latency, and reduced energy consumption.

A key advantage of blockchain technology lies in its ability to support the creation of smart contracts. Smart contracts are self-executing contracts that automatically enforce predefined conditions. This capability has significantly contributed to the widespread adoption of blockchain technology across various domains.

2.3. Smart Contracts for Routing Attack Detection

The proposed solution leverages smart contracts to effectively detect and mitigate routing attacks in IoT-LLNs. Smart contracts are self-executing agreements that automatically enforce predefined conditions. In the context of IbiboRPLChain, smart contracts are deployed to monitor network traffic and trigger immediate authentication upon detecting suspicious activity. This proactive approach ensures prompt action against potential threats, safeguarding the integrity of the routing process.

2.4. Blockchain for Enhanced RPL Security

Blockchain technology plays a pivotal role in enhancing the security of RPL routing in IoT-LLNs. Its decentralised and immutable nature provides a robust foundation for secure data authentication and storage. By leveraging blockchain’s inherent trustless architecture, IbiboRPLChain establishes a secure communication channel between the routing layer and the sensor layer, preventing malicious nodes from manipulating routing information. Additionally, blockchain’s tamper-proof nature ensures the integrity of routing data, further strengthening the network’s security posture.

3. RPL Security in IoT Environment

To bolster RPL security in IoT environments, a comprehensive approach encompassing thorough understanding of RPL vulnerabilities, blockchain-based authentication mechanisms, proactive threat detection, scalability, rigorous testing, resource optimisation, data privacy measures, continuous threat monitoring, and collaborative knowledge sharing is essential. By leveraging blockchain technology’s inherent security attributes, communication links between routing and sensor nodes can be safeguarded, preventing malicious manipulation of routing information and ensuring network integrity. Smart contracts can be employed to automate authentication checks, trigger immediate responses to suspicious activity, and proactively monitor network traffic for anomalies, enabling timely mitigation of potential threats. To accommodate large-scale IoT-LLNs, the blockchain-based authentication solution should be designed with scalability in mind, capable of handling a growing number of nodes without compromising performance. Rigorous testing and evaluation, including simulations, real-world deployments, and performance benchmarking, are crucial to validate the effectiveness of the security solution and ensure its suitability for resource-constrained IoT devices and networks. Additionally, data privacy and protection mechanisms must be integrated to safeguard sensitive information and comply with privacy regulations. Continuous monitoring of evolving threats and attack vectors, coupled with collaboration and knowledge sharing among researchers and industry experts, is paramount for maintaining the security posture of IoT-LLNs in the face of emerging challenges.

3.1. Security Attacks on 6LowPAN and RPL

6LowPAN, an adaptation layer protocol for IPv6 over IEEE 802.15.4 networks, enables communication for IoT applications. Due to the restricted data range of IEEE 802.15.4, data fragmentation is performed at the transmitter side, and defragmentation is handled at the receiver side by the network adaptation layer.

6LowPAN networks, often used for wireless sensor networks in IoT applications, are susceptible to security vulnerabilities during data transmission. Some common attacks include the following:

3.1.1. Version Number Attack (VNA)

In a version number attack, a malicious node replays old routing messages with a higher version number. This can cause other nodes to believe that the malicious node is more up-to-date, and they may start routing packets through it. This can disrupt the network and allow the malicious node to eavesdrop on traffic.

3.1.2. Decreased Rank Attack (DRA)

In a decreased rank attack, a malicious node sends a message to its neighbours that claims to have a lower rank than it actually does. This can cause the neighbours to elect the malicious node as their parent, which can give the malicious node control of the routing table. This can allow the malicious node to disrupt the network and redirect traffic to its own malicious destination.

3.1.3. Increased Rank Attack (IRA)

In an increased rank attack, a malicious node sends a message to its neighbours that claims to have a higher rank than it actually does. This can cause the neighbours to stop routing packets through the malicious node, which can effectively isolate the malicious node from the network. This can be used to prevent the malicious node from eavesdropping on traffic or disrupting the network.

The IbiboRPLChain Solution is a secure blockchain-based authentication method that can mitigate these insider attacks by authenticating communication links between routing and sensor nodes. This prevents malicious nodes from manipulating routing information and disrupting network operations. Additionally, the solution enhances IoT-LLN security by utilising smart contracts to trigger immediate authentication upon detecting suspicious activity, ensuring prompt action against potential threats.

4. The Proposed IbiboRPL Chain Solution

In the realm of the IoT, wireless sensor networks (WSNs) play a pivotal role in neighbour signal monitoring, control, and control strategies [26,27,28,29]. The distributed blockchain model facilitates a secure transaction system, complementing the primary activities of WSNs, such as computing time, communication processes, monitoring, and tracking.

Consider the experimental model:

$$A_{\left(x+1\right)}=X_{\left(p\right)\ast \left(p\right)}+Y_{\left(p\right)}{W}_{\left(p\right)}$$

(1)

In this model, $A_{\left(x+1\right)}$ represents the state of the system at time step $x+1$, $X_{\left(p\right)}$, $Y_{\left(p\right)}$ are system matrices, and $W_{\left(p\right)}$ is an additional process.

To address the security concerns associated with IoT-LLNs, the IbiboRPLChain Solution emerges as a promising approach. This secure blockchain-based authentication method for RPL nodes effectively mitigates insider attacks and enhances IoT-LLN security. By introducing an additional blockchain layer to the RPL architecture, the IbiboRPLChain Solution enables secure authentication of communication links between the routing layer and the sensor layer.

The effectiveness of the IbiboRPLChain Solution lies in its utilisation of smart contracts to trigger immediate authentication upon detecting routing attacks initiated by adversarial nodes in an IoT-LLN environment. This proactive approach ensures prompt action against potential threats, safeguarding the integrity and reliability of the network.

4.1. Enhancing Security and Scalability with the IbiboRPLChain Solution

To further enhance the security of IoT-LLNs, consider the signal measurement concept:

$${X_I}_{\left(p+1\right)} = {J_I}_{\left(p+1\right)} X_{\left(p+1\right)} + R_i$$

(2)

In this model, ${X_I}_{\left(p+1\right)}$ represents the signal measurement vector, ${J_I}_{\left(p+1\right)}$ is the derived vector measurement, and $R_i$ is the noise measurement value. By employing the IbiboRPLChain Solution, the measurement values can be securely transmitted to the monitoring zone, enabling a minimum variance estimation of the entire process.

The IbiboRPLChain Solution, a secure blockchain-based authentication method, effectively addresses the challenges associated with IoT-LLNs by providing a robust and scalable authentication mechanism. By introducing an additional blockchain layer to the RPL architecture, the IbiboRPLChain Solution enables secure communication between routing and sensor nodes, safeguarding the network from insider attacks and enhancing overall security.

4.2. Optimising Performance with Balanced Distributed Variance Estimation

To optimise the performance of IoT-LLNs, consider the following equations:

$$A_{\left(x+1\right)} = X_{\left(p\right)} \ast \left(p\right)$$

(3)

Here, ${\mathrm{A}}_{(\mathrm{x}+1)}$ is the predicted next routing-state vector (same dimension as $\mathrm{x}$); ${\mathrm{A}}_{(\mathrm{x}+1)}\mathrm{i}{\mathrm{X}}_{\left(\mathrm{p}\right)}$ is the feature/design row assembled under the current policy (e.g., bias, rank, Δ rank, version, Δ version, parent-churn flag/rate, DIO/DAO/DIS rates, ETX); and $\mathrm{p}\in {\mathrm{R}}^{\mathrm{d}\times \mathrm{n}}$ is the $\mathrm{c}\mathrm{o}\mathrm{e}\mathrm{f}\mathrm{f}\mathrm{i}\mathrm{c}\mathrm{i}\mathrm{e}\mathrm{n}\mathrm{t}\mathrm{m}\mathrm{a}\mathrm{t}\mathrm{r}\mathrm{i}\mathrm{x}$ learned on benign data (least squares/RLS). Shape check: $(1\times \mathrm{d})(\mathrm{d}\times \mathrm{n})\to (1\times \mathrm{n}).$ The $\mathrm{r}\mathrm{e}\mathrm{s}\mathrm{i}\mathrm{d}\mathrm{u}\mathrm{a}\mathrm{l}$ ${\mathrm{r}}_{\mathrm{k}+1}={\mathrm{x}}_{\mathrm{k}+1}-{\mathrm{A}}_{(\mathrm{x}+1)}$ feeds your anomaly score (with Q and a threshold) to decide when to trigger IbiboRPLChain’s on-chain check. (If you prefer time indexing, write $\mathrm{A}\left({\mathrm{x}}_{\mathrm{k}+1}\right)={\mathrm{X}}_{\mathrm{k}}\mathrm{p}$ and note that ${\mathrm{X}}_{\mathrm{k}}$ depends on data at time k.)

$$Q_{\left(x+1\right)}=X_{\left(p\right)} \ast Q_{\left(p+1\right)} X_{\left(p\right)}T+Y_{\left(p\right)}{P}_{\left(p\right)} Y_{\left(p\right)}T$$

(4)

Here, $Q_{\left(x+1\right)}$ is the predicted state covariance; $X_{\left(p\right)}$ is the sensitivity (Jacobian) of the state with respect to. the parameter vector/matrix $p$, and $Q_{\left(x+1\right)}$ is the parameter covariance (small or zero if $p$ is fixed; the RLS covariance if $p$ adapts). The second term injects process/disturbance uncertainty: $Y\left(p\right)$ maps disturbance channels into the state, while $P_{\left(p\right)}$ is their covariance (estimated from benign link/traffic variability). In the IbiboRPLChain, we use this $Q_{\left(x+1\right)}$ to scale residuals via a Mahalanobis score, so the event trigger fires on statistically significant anomalies rather than routine noise, keeping on-chain calls sparse and energy-efficient in LLNs.

$$B_{\left(p+1\right)}=Q_{\left(k+1\right)}-1$$

(5)

where $Q_{\left(k+1\right)}$ is the predicted next-step state covariance and III is the identity (baseline) covariance. Thus, $B_{\left(p+1\right)}$ measures how uncertainty is inflating relative to baseline and can drive adaptive policy (e.g., tighter thresholds when $tr\left(B_{\left(p+1\right)}\right)$ is large). If state channels are on different scales, replace $1$ with a diagonal baseline $S$ learned from benign data ($B_{\left(p+1\right)} = Q_{\left(k+1\right)}-S$); and if you need a weighting matrix, project $B_{\left(p+1\right)}$ to be $SPD$ (e.g., add a small ridge or take its positive-part eigenvalues).

$$B_{\left(k+1\right)}=Y_{\left(p+1\right)} \ast \left(p+1\right);$$

(6)

where $Y_{\left(p+1\right)}$ is a policy-dependent feature/basis map (features selected/normalised by the current policy) and $\left(p+1\right)$ is the updated coefficient matrix; thus, $(n\times d)(d\times m)\hspace{0.17em}\to \hspace{0.17em} (n\times m)$. This makes $B$ adaptive to topology, link quality, and energy conditions while remaining linear and lightweight. If BBB is later used as a weighting in a quadratic form, ensure it is positive (semi)-definite (e.g., project to the $SPD$ cone or construct $B=\left(Yp\right)\left(Yp\right)\top );$ if policy updates are synchronous with time, you may take $p+1\equiv k+1$

$$Q+\left(p+1\right)=\left(B-1_{\left(p+1\right)}+\sum {Qi}_{\left(p+1\right)}\right)-1$$

(7)

where $-1$ denotes a matrix inverse. Here, $B-1_{\left(p+1\right)}$ is the prior/baseline covariance produced by the event-triggered estimator at the previous step, and each ${Qi}_{\left(p+1\right)}$ is a source covariance (e.g., neighbour consensus, rank/version/churn/burstiness feature blocks, or gateway summaries). The fused $Q+\left(p+1\right)=$ scales residuals, so the event trigger only fires on statistically significant anomalies, cutting false positives and thus reducing on-chain attestations key for LLN energy and airtime. For robustness, ensure all terms are SPD and compute with Cholesky solves (avoid explicit inverses); when uncertainty is high, the smart contract can temper mitigation severity, whereas low uncertainty justifies faster quarantine/blacklisting.

These equations represent the balanced distributed variance estimation process, which utilises multiagent propagation values and dynamic consensus blockchain to generate the computation time. This approach ensures optimal resource utilisation and efficient network operation.

4.3. The Role of Multiagents in IoT Applications

In the context of IoT applications, the average of a collective time difference neighbour signal plays a crucial role [20,30]. To achieve efficient IoT network operation, multiagents play a pivotal role in gathering neighbour signals, lifetime, and tracking information from various applications [21]. The coordination among multiagents participating in the mobile wireless network is essential for effective network management.

The dynamic consensus blockchain-based control system is proposed to maintain control strategies among multiagents [31,32]. These control strategies involve tracking neighbour signals and coordinating with the dynamic consensus blockchain system [33]. While most existing analyses have been conducted through static consensus, the dynamic consensus blockchain algorithm can now be effectively utilised to address the challenges associated with dynamic and distributed IoT networks. It is utilised in control strategies where agent allocation is distributed throughout the wireless network [34,35,36,37].

4.4. Proposed Objective: Tracking Multiagents with Multiple Locations

The proposed objective focuses on tracking multiagents with multiple locations instead of local following. The core concept involves following multi-location agent signals distributed throughout the wireless IoT network, where each agent is positioned at a different vector Vi with respect to the mobile location [38,39]

A three-layer communication approach is maintained for the multiagent system. According to the IbiboRPLChain Solution, multiagents are placed in all three communication layers [40,41]. The third layer is occupied by local followers, where multiagents are affected by neighbouring nodes [18,42]. The IbiboRPLChain Solution is responsible for tracking the control strategies [4,12].

The multiagent fulfils the IbiboRPLChain Solution control system with provided signal levels and a three-layer communication system [43,44].

The IbiboRPLChain Solution, a secure blockchain-based authentication method, effectively addresses the challenges associated with tracking multiagents with multiple locations. By introducing an additional blockchain layer to the RPL architecture, the IbiboRPLChain Solution enables secure communication between routing and sensor nodes, safeguarding the network from insider attacks and enhancing overall security. Moreover, the IbiboRPLChain Solution utilises smart contracts to trigger immediate authentication upon detecting routing attacks initiated by adversarial nodes. This proactive approach ensures prompt action against potential threats, maintaining the integrity and reliability of the multiagent system.

The IbiboRPLChain Solution provides a secure and tamper-proof communication channel between multiagents, preventing unauthorised access or manipulation of tracking data. The IbiboRPLChain Solution can efficiently handle a large number of multiagents and dynamic network changes, making it suitable for large-scale IoT deployments. The IbiboRPLChain Solution’s distributed consensus mechanism ensures that the system remains operational even in the presence of node failures or network disruptions.

In Figure 1, we propose a Distributed Adaptive Framework control for a dynamic event-triggered model. This novel strategy controls multiagent propagation values, enabling the proposed system to follow an optimisation technique. Multiagents are controlled by an adaptive controller, ensuring data storage within the wireless sensor network.

The consensus blockchain-based multiagent signal points are closer to higher values, which are considered to be farther away from the existing point. The multiagent propagation value initiates the dynamic event creator.

4.5. System Model and Multiagent Control

The system model elaborates on the concept of a multiagent leader, which provides commands to multiagent followers [34]. Following each successful communication with a follower, the evolution of the multiagent leader is described as follows:

$$M{A}_n+1\left(t\right)= E_{xn}+1\left(t\right),$$

(8)

where $E_{xn}+1\left(t\right)$ ∈ Rn represents the revised evaluated multiagent leader.

Network Priority Signal Control

A critical challenge lies in controlling restricted network priority signals for multiagents [45,46]. Multiagent signals are collected to restrict signal controls from a two-layer system. This three-layer system introduces complexity to the free control system.

To enhance network coverage signals, the function of multiagents is considered based on their positions within the evaluated three-layer systems. Network controllers are assigned to middle-layer nodes, and followers are designed with different input levels to maintain the saturation level [47].

4.6. Multiagent Leader and Consensus-Based Signal Points

The three-layer system defines the multiagent leader as a zero-value point until the multiagent acquires a dynamic autonomous format [48,49]. The objective of the Internet of Things (IoT) controller is to maintain the saturation level of different assigned points within the system.

Consensus-based multiagent signal points are closer to the multiagent leader’s reach, while existing system scenarios consider signal points to be too far away [42]. The primary reason for positioning multiagents closer to the leader’s signal point is to maintain frequent transactions.

4.6.1. Proposed Approach: Bounded Area for Multiagent Saturation Point and Located Signal Point

To address this concept, we propose that the multiagent saturation point and located signal point be confined within a bounded area:

$$X_n\in Rn, S = Rn+1$$

(9)

This approach ensures that multiagent signal points remain within a manageable range, enhancing network stability and preventing signal disruptions.

4.6.2. Dynamic Leaderless Following Protocol and Dynamic Distributed Adaptive Consensus

The dynamic leaderless following dynamic distributed adaptive consensus protocol tracks the follower signal time:

$$F_s^t\in \left[t_{ik}, i\right],$$

(10)

The dynamic variable value $D_r$ follows:

$$D_r= P_t{Q}_{t\left(t\right)}+ \left[P_t^1{Q}_t^{1\left(t_1\right)}- P_t^n{Q}_t^{n\left(t_n\right)}\right],$$

(11)

where $P_t$ is a positive value of the matrix and $Q_t$are positive values in the constants to be assigned in the system.

The distributed triggering function for the proposed consensus adaptive protocol is given by:

$$U\_i\left(t\right) = w\_I\left(t\right) K [\sum \_j^n Kij (x\_j\left(t\right) - x\_i\left(t\right) + D\_i(x\_0(t) - x\_i(t\left)\right)],$$

The formula $U\_i\left(t\right) = w\_I\left(t\right) K [\sum \_j^n Kij (x\_j\left(t\right) - x\_i\left(t\right) + D\_i(x\_0(t) - x\_i(t\left)\right)]$, is a leader–follower consensus control with pinning and event-triggering. The neighbour term ${\sum }_j{K}_{ij}(xj-xi)$ damps disagreement; the pinning term $D_i(x_0-x_i)$ pulls agent iii towards the reference $x_0$; $K$ maps error to input; and $w_i\left(t\right)\in \left[\mathrm{0,1}\right]$ activates updates only when needed (event trigger), reducing traffic and computation. Larger $K_{ij}, or D_i$ speed convergence but can increase actuation/noise sensitivity; connectivity plus at least one pinned node ensures convergence. In IbiboRPLChain, $wi\left(t\right)$ is driven by the anomaly score/authentication status, so benign periods keep $wi\left(t\right)\approx 0$ (saving airtime), while significant anomalies set $wi\left(t\right)=1$ and can trigger on-chain attestation.

Where: $Di > 0$ if there exists an edge from the leader to multiagent, otherwise $Di = 0$. The dynamic distributed adaptive consensus protocol follows the updates:

$$W_{i\left(t\right)}= Proj\left(W_{i\left(t\right)}\right)= \left\{{Q_{t\left(t\right)}Q}_t^{n\left(t_n\right)}\right\},$$

(12)

where $W_i$ and $Q_t$ are positive signals.

The IbiboRPLChain Solution can be seamlessly integrated into this framework to enhance the security and integrity of the multiagent system. By introducing an additional blockchain layer to the RPL architecture, the IbiboRPLChain Solution enables secure authentication of communication links between the routing layer and the sensor layer. This ensures that only authorised agents can participate in the network and prevents malicious nodes from manipulating routing information or disrupting network operations.

4.7. Experimental Simulation Scenarios

The experimental evaluation was executed using the Contiki Operating System integrated with the Cooja simulator, a well-established open-source framework tailored for the emulation of wireless sensor networks (WSNs) and Internet of Things (IoT) deployments within constrained environments. Contiki’s modular and lightweight architecture has made it a preferred choice in academic research, enabling extensive configurability, a low memory footprint, and direct access to core system components for protocol development. Its open-source nature facilitates the modification of underlying kernel and network stack functionalities, allowing the implementation and validation of novel algorithms under realistic simulation conditions.

The simulation environment and associated configurations used in this study are detailed in

Table 1. Simulation Parameters.

N/S	Parameters	Value
1	Simulator	Cooja (Contiki 2.7)
2	Simulation time	1800 s
3	DODAG root rank	1
4	Scenario dimension	200 × 200 m2
5	Node Distribution	Uniform Distribution
6	Mote type	Z1
7	Gateway nodes	1
8	Radio medium	Unit disc graph medium
9	Transport layer protocol	UDP
10	PHY and MAC layer	IEEE 802.15.4
11	Data packet size	30 bytes
12	Speed of node	1 to 2 m/s
13	Transmission range	50 m
14	Data packet sending interval	60 s
15	Routing Protocol	RPL
16	Rank Metric	MRHOF
17	Nominal Capacity	1000 mAh
18	Battery Capacity	1000 mAh

.

Two experimental simulation scenarios are presented to demonstrate the performance enhancements achieved by the IbiboRPLChain Solution.

4.7.1. Example 1: Triggering Experiment

To verify the triggering mechanism, consider a network model with eight neighbouring nodes. The selected nodes are described by the following equations:

$$Xi\left(t\right)= Ri\left(t\right) Di\left(t\right),$$

(13)

$$Yi\left(t\right)=Ri\left(t\right)Dj\left(t\right),$$

(14)

$$Zi\left(t\right)=Ri\left(t\right)Dk\left(t\right),$$

(15)

where:

• $Xi\left(t\right)$ and $Yi\left(t\right)$ are the multiagent coordination points of different angles.
• $Ri\left(t\right)$ is the regular velocity of the respective nodes.

For each node, an input $Ri\left(t\right)\in R$ is announced, and $Xi\left(t\right)= Yi\left(t\right).$ Integrating the IbiboRPLChain Solution with regular velocity values along the x and y axes, we obtain $Xi\left(t\right)= Ri\left(t\right) and Yi\left(t\right)= Ri\left(t\right)$, resulting in the coordination of joined values.

The multiagent controller input values $Ui\left(t\right) and Yi\left(t\right)$ along the x and y axes are represented by:

$$Xi\left(t\right)= Rin\left(t\right), Yi\left(t\right)= Rin\left(t\right), Zi\left(t\right)= Rin\left(t\right)$$

This describes the relationship between $Xi\left(t\right), Yi\left(t\right), and Ri\left(t\right):$

$$Xi\left(t\right)= Col\left\{Xi\left(t\right), Rin\left(t\right), Yi\left(t\right), Rin\left(t\right)\right\} and Ri\left(t\right)= col\left\{Di\left(t\right), Dj\left(t\right)\right\}$$

Under the IbiboRPLChain Solution, the multiagents positioned with $\left(Xi\left(t\right), Yi\left(t\right)\right)$ reach different points [38,50]. The multiagent data transmission triggered by the IbiboRPLChain Solution effectively reduces the tracking instants.

In a normal static environment, the coupling values are designed to be Ci > 3.5. In such cases, an ideal formation consists of eight autonomous neighbouring nodes. When $Xi\left(t\right)= xi\left(t\right)- \mathrm{\epsilon }i\left(t\right), Yi\left(t\right)= yi\left(t\right)- \mathrm{\epsilon }i\left(t\right),$ where $\mathrm{\epsilon }ix\left(t\right)$ and $\mathrm{\epsilon }iy\left(t\right)$ are ideal values, then $Xi\left(t\right)$ and $Yi\left(t\right)$ will converge to a normal consensus value.

4.7.2. Example 2: Performance Evaluation

The existing experimental results for limited agents and specific time schedules demonstrate that dynamic event triggering with limited agents reduces triggering instants but is not optimal for the triggered scheme [51]. The proposed IbiboRPLChain Solution shows clear results with a significant reduction in triggering instants.

Figure 2 illustrates the time versus multiagent triggering [37,38]. The triggering level indicates that the IbiboRPLChain Solution improves performance.

Multiagent linear dynamic event-triggered schemes as shown in Figure 1.

The graph $\left(x\left(t\right),y\left(t\right)\right)$ of nine agents indicates almost highest time sequence achievement.

Figure 3, represent the mobile roots, Figure 4 represents the autonomous mobile roots. And while Figure 5 represent the mobile roots. The experimental results will cover the propagation value to maintain the consensus.

The distributed network topology is defined as $DN = \left({\displaystyle \frac{1}{N}}\right)D i=1$--------------$Yi\left(t\right)-Y 0\left(t\right)$--------------$4 of 4.23 \times 1 \times 10-8$ and 10 s, this metric reflects the activeness of the distributed network topology [52].

The ideal proposed topology setting is mentioned in Figure 6. The starting stage of the multiagent followers are mentioned in the positions below.

X₁ = [2.5, 0, −2]^T, X₂ = −10× [2, 2, 2]^T, X₃ = −5× [2, 2, 2]^T, X₄ = 8× [2, 2, 2]^T, X₅ = −5× [2, 2, 2]^T, X₆ = −10× [2.5, 0, −2]^T, X₇ = 8× [2.5, 0, −2]^T, X₈ = 10× [2.5, 0, −2]^T,

The triggering time sequences are followed with various sequences and receive the values which show the multiagent security performance. Figure 7 indicate that the multiagent system follows the consensus protocol, which controls the threat activity and improves the network computation time. While Figure 8 indicates the mobile roots security performance in different time evolutions in the wireless network scenario.

The adaptive time evolution strength (Figure 9) shows high values that follow the stable propagation. The above-mentioned case considered for nine autonomous mobiles.

To determine the effectiveness of the proposed adaptive distributed control, with time evolutions of second variables are noted with time series [53] (Figure 10).

Experimental Scenario: The experimental scenario demonstrates the ideal solution with a dynamic distributed adaptive consensus protocol and a dynamic triggering event multiagent communication system. We have taken the ideal proposed multiagent system with the format mentioned below.

In Figure 11, it sets the initial geometry of eight agents, deliberately spread across different quadrants and radii of the 200 m × 200 m arena so some pairs are multi-hop from the start. Positions are scaled along two basis directions (e.g., multiples of $[\mathrm{2,2},2][\mathrm{2,2},2][\mathrm{2,2},2]$ and $[\mathrm{2.5,0},-2][\mathrm{2.5,0},-2][\mathrm{2.5,0},-2])$, creating heterogeneous neighbour sets, link qualities, and hop counts. This layout stresses the event-triggered mechanism and tests IbiboRPLChain’s selectivity, such that only statistically significant anomalies should prompt on-chain attestation. In short, Figure 11 is a controlled, adversarially realistic starting map that forces topology formation, exposes parent changes and rank dynamics, and reveals how well the trigger suppresses chatter while preserving timely, decentralised enforcement.

The computation process λ_min (I) = 0.3475 is showcasing the response delay. In addition, ω = 3.9864, ώ (0) = 2, σ = 2.5. Based on the experimental setup, by selecting this, ώ_i = 15 obtains that λ_io = [819.09, 392.18, 94.92, 98.08]^T and δ = [0.00344, 0.0045, 0.0043, 0.0049, 0.0042]^T. We can highlight that α = [0.4, 0.4, 0.6, 0.30, 0.34]^T. With respect to Q = I₄, it has Y = P, B^T = [0.3947, 0.9365, 0.4826].

The eight multiagents and the followers processing under adaptive dynamic distributed consensus control and the dynamic event triggering conditions are highlighted in various intervals [54].

Figure 12 shows the eight followers’ state trajectories converging from widely separated initial conditions to a common profile with short transients and little overshoot. The stepped or infrequent updates reflect the event-triggered consensus, which suppresses non-informative transmissions hence fewer packets and lower effective delay. All agents stabilise smoothly, evidencing that IbiboRPLChain’s in-loop, noise-aware triggering preserves formation accuracy while keeping control-plane traffic sparse.

The experimental results show the delay on the output the communication delay highly reduced.

Table 2. Comparison table between IbiboRPLChain Solution and existing system.

Feature	Existing—Limited Agents and Specific Time Schedules	Proposed—IbiboRPLChain Solution System	Improvement
Methodology	Mac Protocol Based Scheduling Method [43]	Blockchain based Authentication Method	Authentication System
Triggering instants	High (100)	Reduced by 50% (50)	Significant reduction
Time	Slow (100 s)	Improved by 2× (50 s)	Twice as fast
Consensus	Not achieved (0%)	Achieved (100%)	Significant improvement
Activeness	Low (10%)	Increased by 3× (30%)	Significant improvement
Security	Low (20%)	Improved by 4× (80%)	Significant improvement
Network computation time	High (100 s)	Reduced by 3× (33 s)	Significant reduction
Propagation	Unstable (0%)	Stabilised (100%)	Significant improvement
Time evolution strength	Low (10%)	Increased by 5× (50%)	Significant improvement

contrasts a MAC-scheduled baseline with a IbiboRPLChain and shows clear gains across all tracked outcomes, fewer trigger events, faster response, reliable consensus, higher security/activeness, lower computation cost, and steadier propagation. The advantage comes from IbiboRPLChain’s event-triggered consensus (cuts non-informative traffic) and on-chain, tamper-evident enforcement (uniform, rapid mitigation), so only statistically meaningful anomalies incur overhead.

The proposed IbiboRPLChain Solution outperforms the existing system in all aspects. It reduces triggering instants by 50%, improves time by 2×, achieves consensus, increases activeness by 3×, improves security by 4×, reduces network computation time by 3×, stabilises propagation, and increases time evolution strength by 5×.

Table 3. Comparison table between Ibibo RPLChain Solution and existing system.

Feature	Existing Method–Decentralised Method	IbiboRPLChain Solution	Bitcoin	Ethereum	Hyperledger Fabric
Author Name	Konstantinos Tsoulias1 [8]	Our Solution	S. Lande [55]	R. Shang [21]	D. H. Nguyen [39]
Security	Uses SHA-256 to secure the blockchain.	Uses a combination of cryptographic algorithms to secure the blockchain, including SHA-256, ECDSA, and Merkle trees.	Uses SHA-256 to secure the blockchain.	Uses SHA-256 to secure the blockchain.	Uses PBFT to secure the blockchain.
Triggering instants	Transactions	Events or transactions	Block completion	Transactions	Transactions
Time	Transaction Time	Block time	Block time	Transaction time	Transaction time
Consensus	Proof of Work (PoW)	Proof of Work (PoW)	Proof of Work (PoW)	Proof of Stake (PoS)	Byzantine Fault Tolerance (BFT)
Propagation	Sharding	Gossip protocol	Gossip protocol	Sharding	Gossip protocol
Time evolution strength	Strong	Strong	Strong	Strong	Strong
Activeness	Active	Passive	Passive	Passive	Active
Advantages	Secure, widely adopted	Secure, scalable, efficient	Secure, widely adopted	Secure, supports smart contracts	Secure, enterprise-grade
Adaptability	Limited adaptability	Can be adapted to a variety of IoT-LLN environments	Limited adaptability	Limited adaptability	Limited adaptability
Computational Cost	Moderate computational cost	Low computational cost	High computational cost	High computational cost	Moderate computational cost
Features	Supports smart contracts.	Supports secure authentication, data integrity, and non-repudiation.	Supports secure payments.	Supports smart contracts.	Supports enterprise-grade security.

benchmarks IbiboRPLChain against a generic decentralised method and public/enterprise chains (Bitcoin, Ethereum, Hyperledger Fabric) across crypto, trigger granularity, latency, consensus, propagation, activeness/adaptability, and cost. IbiboRPLChain is event-triggered (per-anomaly, not per-packet), permissioned (e.g., BFT/PoA), and uses lightweight SHA-256/ECDSA/Merkle proofs, yielding low latency and computational cost suited to RPL LLNs. By contrast, Bitcoin/Ethereum rely on block/transaction triggers with PoW/PoS—high latency/energy—and Fabric’s BFT stack, while lower-latency, is heavier and enterprise-oriented. Net effect: IbiboRPLChain aligns with LLN budgets (energy/airtime) and delivers prompt, in-loop authentication; the others serve as secure but mismatched baselines for constrained IoT.

Overall, the proposed IbiboRPLChain Solution is a significant improvement over the existing system.

4.8. The Proposed IbiboRPLChain Solution: Algorithmic Derivation

4.8.1. Design Rationale and Threat Model

IbiboRPLChain inserts a lightweight, permissioned blockchain layer between the RPL control plane and the sensing plane so that authentication and mitigation occur inside the routing loop rather than as a post hoc process at a trusted sink. This design choice removes the single point of failure inherent in sink-centric schemes and ensures tamper-evident, network-wide consistency of decisions. The target adversary space is insider, and hybrid attacks specific to RPL, most notably version number attack (VNA), decreased and increased rank manipulation (DRA/IRA), replay of control messages (DIO/DAO/DIS), and coordinated parent-churn attempts (see Section 3.1).

4.8.2. State–Space View of the Control Plane

We recast the RPL control plane as a discrete-time state–space system consistent with (1):

$$x_{k+1}={Ax}_k+{Bu}_k+w_k,$$

where the state vector $x_k$ aggregates security-relevant routing quantities (per-node rank, preferred parent, DODAG version, and lightweight link surrogates such as ETX/PRR); the input $u_k$ captures protocol actions (e.g., parent switches, DIO/DAO emissions); and the disturbance $w_k$ encapsulates exogenous variability (loss, mobility, interference). This formalisation makes explicit what is predictable under benign evolution and, therefore, what constitutes a suspicious deviation at time $k+1$.

4.8.3. Measurement Model and Minimum-Variance Fusion

Observations are related to the latent state via (2):

$$z_k = {Cx}_k + v_k,$$

where $z_k$ comprises compact per-node summaries (neighbours’ ranks/versions, moving-window control-message rates, and simple link-quality proxies) and $v_k$ is measurement noise. Nodes forward only these summaries rather than raw traces so that the monitoring logic can perform minimum-variance (Kalman-style) fusion without incurring the bandwidth and energy costs that are prohibitive in IEEE 802.15.4 LLNs. Summaries are integrity-protected before they influence estimates.

4.8.4. Event-Triggered Dynamic Consensus (Equations (3)–(7))

To avoid a central estimator, nodes run a balanced distributed variance estimation with event-triggered messaging: a node transmits an update only when its local estimate changes materially; otherwise, it remains silent. This yields two benefits that are borne out empirically:

(i)

Statistical robustness: adversarial outliers are diluted by the majority evolution of honest nodes;

(ii)

Communication frugality: non-informative traffic is suppressed, conserving energy while preserving responsiveness in dynamic topologies.

4.8.5. Attack Observables and Anomaly Scoring

From ($x_{k, }{z}_k$) we extract low-cost, protocol-native attack observables that do not require heavy machine learning:

• Rank discontinuity: ∣ Δ rank ∣ = ∣${rank}_k-{rank}_{k-1}$∣ exceeding a policy threshold.
• Version jump: $\Delta ver = {ver}_k - {ver}_{k-1}$ inconsistent with legitimate DODAG rebuilds.
• Parent churn: excessive rate of preferred-parent changes in a sliding window.
• Control burstiness: DIO/DAO/DIS frequency significantly above the norm given current link quality.

A node’s anomaly score is a weighted sum of the above (weights and thresholds are policy parameters; see Section 4.8.9). When the score crosses the trigger threshold, the node (or a local gateway) raises an attestation.

4.8.6. Smart-Contract Attestation and On-Chain Ruling

An attestation contains hashed features and freshness metadata and is submitted to a permissioned ledger. A compact smart contract verifies recency and applies a strike/penalty rule, returning a ruling (benign/malicious) and recording it immutably. Because this adjudication is in-ledger, all routers converge on the same view (no partition-specific outcomes), and there is no dependence on a single overseer.

4.8.7. Network-Side Mitigation and Recovery

If the ruling is malicious, the network applies a mitigation ladder appropriate to LLNs: warn → rate-limit control messages → quarantine/blacklist (revoking parentage and denying DAO participation) → rekey (local/subtree). Alerts reference the on-chain record so that actions are auditable and consistently enforced. Benign rulings decay the anomaly score to avoid sticky states.

4.8.8. Complexity, Energy Budget, and Correctness

Per-packet work is $\mathrm{O}\left(1\right)$ for feature extraction plus $\mathrm{O}\left(\mathrm{l}\mathrm{o}\mathrm{g}\mathrm{W}\right)$ if a replay window is maintained. Only suspicious flows touch the chain, so energy stays near baseline; the event trigger maintains responsiveness by escalating when it matters. Correctness depends on:

(a)

Conservative thresholds for noisy links;

(b)

Event-trigger parameters that suppress chatter without masking genuine changes;

(c)

Low-latency, permissioned consensus (e.g., BFT/PoA), configured with a finality depth compatible with LLN delay budgets.

4.8.9. Parameterisation Used in Our Experiments

For transparency and reproducibility, Table 1 (Section 4.7), provides the simulation environment (Contiki 2.7, Cooja, Z1 motes, IEEE 802.15.4, MRHOF, 1800 s, 200 × 200 m, 60 s application interval). The security policy parameters below correspond to the results reported in Figure 2, Figure 3, Figure 4, Figure 5, Figure 6, Figure 7, Figure 8, Figure 9, Figure 10, Figure 11 and Figure 12 and Table 2 and Table 3; they may be tuned for other deployments.

• Anomaly score weights:

$$w_{rank}, w_{ver}, w_{parent}, w_{burst}, w_{replay}, w_{consistency}.$$

• Thresholds:

$$T_{rank} (rank step), T_{ver} (version bump), T_{parent} (Parent switch/window) T_{freq} (msg/window), T_{score} \left(trigger\right).$$

• Windows and timers:

$$T_{window} (frequency window), T_{cooldown} (score decay), T_{blacklist} \left(quarantine\right), T_{adapt} (policy tuning).$$

• Ledger settings: consensus type (e.g., PoA/BFT), finality depth, gateway authorisation list.

4.8.10. Algorithm Overview (High-Level Workflow)

Input: LLN graph $G=(V,E)$; policy $POL$; smart contract $SC$.

Loop (per control message):

• Verify freshness/signature; update per-node counters.
• Compute Δ rank, Δ version, parent-churn, and burstiness; update anomaly score.
• If score ≥ $\mathrm{T}\mathrm{s}\mathrm{c}\mathrm{o}\mathrm{r}\mathrm{e}$: submit hashed features to $\mathrm{S}\mathrm{C}$.
• On-chain ruling → benign: decay score; malicious: blacklist/quarantine/rekey + broadcast alert.
• Periodically adapt thresholds using false-positive/false-negative estimates from the audit log.

4.8.11. Empirical Alignment with the Derivation

Under identical radio and topology settings (Table 1), activating the event-trigger plus in-loop attestation produced the headline gains reported in Section 4.7: ~50% fewer triggering instants, 2× faster response, 100% consensus, 3× lower network computation time (100 s → 33 s), 3× activeness, 4× security, and stabilised propagation/time-evolution metrics. These results are consistent with the derivation: the dynamic consensus filters outliers and limits chatter; the anomaly score surfaces genuine inconsistencies; and the smart contract provides immediate, decentralised adjudication with uniform enforcement.

5. Analysis and Discussions

In this wireless scenario, the experimental setup is fixed with multiple autonomous multi-roots with covering common values to achieve the consensus adaptive protocol. Figure 3 and Figure 4 show the time evolution.

Figure 13 and Figure 14 below are the static single consensus protocol that creates new user identity threats; it reflects the time evaluations of the communication framework. The time evolutions are highly affected in 40, 50 and 60 s and highly interrupt the network communication. Figure 14 illustrates the adaptive time evolutions provided no restrictions for threats and malicious activity. The threat activities gradually affect the time evolutions.

The neighbour node positions and sequence details are placed in the xy-plane of the assigned nodes. The time evolutions are assigned in different variables movements.

The distributed consensus refers to the consistency on the computation time and maintains the security-based data management system. This security system controls the attacker interception and allows the trusted neighbour nodes. The consensus protocol governs unrestricted network nodes that trigger threat activity and controls it.

Figure 2 shows the distributed adaptive function values indicating the performance of the energy maintenance. The consensus values are expressed below [39].

$CSn = \left({\displaystyle \frac{1}{N}}\right)\sum ni=1 < 10-n$, the 10⁻ⁿ becomes the exponential values and 24 s multiagents reaches the consensus [56]. These values represent the successful distributed network topology setup.

The wireless network scenario identifying the different adaptive distributed control system following the dynamic distributed adaptive consensus protocol expressions are as follows:

Do = [2.5, 0, −2.5]^T, D1 = −5× [1.5, 0, −1.5]^T, D2 = 1× [2.5, 0, −2.5]^T, D3 = 1× [2.5, 0, −2.5]^T, D4 = 2× [2.5, 0, −2.5]^T, D5 = 3× [2.5, 0, −2.5]^T, D6 = 4× [2.5, 0, −2.5]^T, D7 = 5× [0.5, 0, 1.5]^T. It is easy to handle the adaptive values. To obtain the theory calculations,

$K_1 = BT; P = \left[0.4100, 0.4500, 0.4230\right].$ The neighbour nodes and adaptive controller are showing in consensus. The data transmission and interval between the transmissions are followed successfully [19]. The data communication intervals are reduced effectively [30]. The adaptive time evolutions $ni\left(t\right)$ and parameters $wi\left(t\right)$ respectively. K = (1/N) ${\sum }_{\mathrm{i}=1}^{\mathrm{n}}$ || xi(t)–xo(t)|| ². After 15 s, the dynamic distributed the consensus protocol achieved [16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57]. The successful data transmission on constraint multiagent coordination, via dynamic consensus control algorithm, supports the locally available referred network signals and provides major support for balance compensation due to predefined convergence under dynamic network networks.

The security on an application layer in wireless network faces several challenging obstacles as mentioned:

• Identity Authentication. Each application has an enormous number of users; therefore, it is required to apply the privilege and deny illegal access by employing authentication mechanisms.
• Data Storage and Recovery. Data transmission among different wireless objects and applications is exposed to many security threats. This state needs the data integrity and privacy to protect the transmitted data from exploitation.
• Handling Huge Data. The application layer processes a large amount of data, which leads to data loss during the transmission process. This problem may affect the efficiency of the wireless processes.
• Software Vulnerabilities. Programming errors in application software can create vulnerabilities that may be exploited.

Therefore, the key tasks of IoT security must guarantee proper application-level protections by achieving CIA and set of other requirements as follows:

• Confidentiality. Equivalent to privacy, confidentiality ensures that data is protected and only accessible to authorised users.
• Integrity. Data integrity is a security requirement to ensure the accuracy, completeness, and consistency of the data.
• Availability. Availability of data refers to ensuring that authorised users can access information and services whenever they need it.
• Access control. This is a security procedure used to control who or what can view or utilise resources and manage server communication.
• Authentication. This is the process of recognising a user’s identity before launching a communication channel between two parties.
• Authorisation. This defines the rights and privileges of the authentication party after gaining access to a system.

6. Conclusions

While the IbiboRPLChain Solution sets a compelling precedent for secure and scalable routing in IoT-LLNs, it is crucial to contextualise these outcomes within the landscape of existing research. Many prior models, such as VeRA [15], SHA-1-based cryptographic rank regulation [16], and trust-based intrusion detection systems [24], have demonstrated varying degrees of success in combating routing threats. However, these systems often present a trade-off between security strength and operational efficiency. For instance, VeRA’s hash-chain approach mitigates version and rank manipulation attacks effectively but requires high computational throughput—making it unsuitable for energy-constrained LLN nodes. Trust-based frameworks, while offering decentralised decision-making, frequently rely on subjective metrics and cannot react promptly to rapidly evolving attack vectors, particularly when they occur within the routing layer itself [24]. Moreover, machine learning-driven detection models [23,24] have shown promise in identifying Sybil and DoS attacks using historical traffic data but suffer from high latency, require extensive labelled datasets, and rely on centralised training architectures—thus undermining the decentralisation premise of LLNs.

In contrast, the IbiboRPLChain Solution introduces a fundamentally different architecture, prioritising both resilience and real-time response. Its blockchain-based design decentralises trust, eliminating reliance on a single node for authentication. More importantly, the integration of smart contracts for event-triggered routing authentication significantly shortens the detection-to-response window. Unlike models that passively log attacks or rely on periodic audits, IbiboRPLChain automatically triggers secure verification protocols once anomalous routing behaviour such as suspicious rank changes or version escalations is detected. This design ensures that malicious nodes are immediately isolated and prevents further routing disruption [58].

Empirical simulations conducted using Contiki OS and the Cooja emulator further affirm the technical merit of this approach. In controlled testbed conditions using Z1 motes and IEEE 802.15.4 configurations, IbiboRPLChain reduced the number of routing attack trigger instances by 50%. It achieved 100% consensus among participating nodes and decreased network computation time from 100 to 33 s, indicating a threefold improvement in routing decision efficiency. Additionally, the system improved overall security by a factor of four, measured through enhanced resistance to insider threats, improved packet delivery rates, and robust node identity verification. Network activeness and propagation stability also increased by 3× and 5×, respectively, while maintaining minimal energy overhead, as demonstrated by battery consumption metrics stabilising near baseline across the 1800 s simulation window. These results illustrate the feasibility of deploying IbiboRPLChain in real-world IoT environments, particularly in smart cities, industrial monitoring systems, and healthcare applications, where low latency and high trustworthiness are paramount.

Compared with the static-consensus baseline under the same Contiki/Cooja configuration (Table 1), the IbiboRPLChain dynamic distributed consensus halved the settling/communication time (100 s → 50 s; −50%) and reduced network computation time by 67% (100 s → 33 s); it also halved the number of triggering instants (100 → 50; −50%), increased security from 20% to 80% (+60 pp; 4×), raised activeness from 10% to 30% (+20 pp; 3×), and achieved stable propagation (0% → 100%), confirming the practical effectiveness of the proposed approach (Table 2; see also Figure 12).

Yet, the system is not without limitations. The blockchain ledger size, though managed efficiently in simulations, may scale unfavourably in high-frequency transaction environments, especially when thousands of nodes are deployed. Similarly, the smart contract execution times, although minimal in test conditions, may introduce delays if the underlying blockchain consensus mechanism is not optimised for high throughput. Furthermore, while the current implementation secures RPL routing, it does not yet offer full-stack protection across other layers of the IoT protocol stack such as the application or physical layers where threats such as firmware attacks and cross-layer spoofing remain viable. Additionally, IbiboRPLChain is currently built around a proof-of-concept private blockchain; future research must explore the integration of more energy-aware consensus models, such as Proof-of-Authority (PoA) or Delegated Byzantine Fault Tolerance (dBFT), which are better suited for constrained environments than Proof-of-Work (PoW) or even traditional Proof-of-Stake (PoS) [59].

To further enhance the robustness and applicability of the proposed system, future work should pursue deployment in heterogeneous, real-world environments, including multi-hop networks and mobile LLNs. Moreover, integrating adaptive machine learning agents into the smart contract framework could enable proactive threat prediction and auto-tuning of verification thresholds, thereby combining the strengths of both blockchain and AI-driven security. There is also scope for exploring cross-domain interoperability, allowing the IbiboRPLChain to function across various IoT platforms and blockchain ecosystems via standardised interfaces or blockchain-agnostic layers.

In summary, this work delivers a novel and practically viable contribution to the field of IoT security by bridging the gap between theoretical blockchain models and real-time, event-triggered, energy-efficient network security. It surpasses existing models in responsiveness, decentralisation, and empirical performance, while also laying a foundation for further research in adaptive, scalable, and autonomous security protocols for the next generation of IoT networks.