Lightweight Tamper-Evident Log Integrity Verification for IoT Edge Environments: A Merkle Tree Pipeline with Adaptive Chunking

Integrity verification of IoT audit logs is critical for forensics and compliance, but blockchain-based solutions introduce prohibitive overhead for edge devices. A new paper from Yagiz, Horasan, and Yurttakal (arXiv:2605.00065) proposes a lightweight pipeline that uses Merkle-tree commitments combined with resource-aware adaptive chunking to provide tamper evidence without distributed ledger dependencies. The pipeline operates in three stages: adaptive batch ingestion that sizes chunks based on device resources, Merkle-tree construction with O(log n) inclusion proofs, and deterministic single-entry verification against a trusted root anchor. The authors also corrected two evaluation bugs (double-counting and redundant tree reconstruction) from an earlier implementation.

Benchmarks on synthetic IoT log datasets demonstrate impressive performance: throughput exceeds 130,000 logs per second for 100,000 records, per-entry verification latency averages 22ms, proof generation takes 22ms, proof size is about 1,006 bytes, and peak memory usage stays under 5MB. Tampering detection achieves perfect precision, recall, and F1-score of 1.0 across corruption ratios from 1% to 50%. This makes the system suitable for constrained IoT edges where traditional blockchain consensus is impractical. The work is submitted to Computers and Security and promises to strengthen operational accountability for connected devices.