Secure Federated Intrusion Detection for Resource-Constrained IoT Devices Using Lightweight Cryptography: A Hardware-Validated Study

Federated learning (FL) enables distributed model training in IoT environments while keeping raw data on local devices. However, protecting model-update exchange is difficult on microcontroller-class devices due to strict latency, memory, and energy constraints. Existing studies often evaluate lightweight cryptography outside complete FL pipelines or on more powerful hardware, leaving its practical overhead on MCU-class devices insufficiently explored. This paper presents an end-to-end, hardware-validated secure framework for exchanging model updates in federated learning on resource-constrained IoT microcontrollers. Implemented on ESP32-based edge devices, the framework combines light-weight block ciphers (SPECK, SIMON, and PRESENT), HMAC-SHA256 for integrity verification, and ECDH-HKDF for session-key establishment. The evaluation assessed latency, throughput, RAM/ROM footprint, and energy consumption. Results show that SPECK provides the lowest overhead (0.13 µs/byte, 8.68 MB/s, 138.3 mJ), SIMON offers intermediate performance (0.41 µs/byte, 1.96 MB/s, 184.9 mJ), and PRESENT incurs the highest computational cost (89.37 µs/byte, 0.011 MB/s, 446.2 mJ). In the CICIoT2023 federated intrusion detection evaluation, the secure model maintained stable convergence and achieved 85.43% accuracy after 20 rounds, remaining close to the centralized baseline. These findings demonstrate the practical feasibility of secure model-update exchange in FL on real IoT microcontrollers and provide hardware-grounded guidance for cipher selection under tight resource budgets.