Version-Controlled Decentralized Firmware Integrity Verification With On-Chain Rollback Protection for Cyber-Physical Systems on Ethereum

Firmware update mechanisms represent a critical attack surface in cyber-physical and Internet-of-Things (IoT) systems, as poor-quality firmware introduced into these systems can provide persistent security vulnerabilities. Although digital signature schemes confirm the authenticity of firmware, they do not mitigate so-called rollback attacks, where an attacker re-installs the older vulnerable versions. Existing approaches on blockchain enhance integrity and auditability but frequently have no contract-level method of enforcing version progression nor imposing recurring transaction fees on devices. This paper introduces a decentralized firmware integrity verification framework to implement strict antirollback protection by Ethereum smart contracts. The system maintains a tamper-evident on-chain registry of firmware metadata an rejects downgrade attempts through consensusenforced monotonic version control. To enhance the scalability, a dual-mode verification design is introduced where routine integrity checks can be performed off-chain at zero gas cost, where the on-chain (audited) verification can be used when immutable proof of such a check is required. The framework is applied and tested on the Ethereum Sepolia test network. On Ethereum Sepolia, deployment consumed 913,425 gas, firmware registration averaged 106, 878 gas, audited verification averaged 37,052 gas, and measured time-to-first-confirmation averaged 97.71 s(12-408 s). Results indicate that it is an effective rollback prevention technique, has low transaction overhead for firmware registration, and is practical for IoT deployment.