Centralized PKI-based credential provisioning and trust establishment for smart home IoT devices undermine user digital sovereignty and hinder scalability. To address this, we propose a consortium blockchain-enabled application-layer access framework—the first to integrate consortium blockchain at the device access layer. Our approach leverages smart contracts and dedicated channels to realize decentralized device registration, dynamic key management, fine-grained access control, and event-driven risk alerting. The protocol is formally verified in the Dolev-Yao model using Tamarin Prover, ensuring authentication security, token integrity, and key confidentiality. A prototype implementation achieves a registration latency of only 0.34 seconds, supports high-throughput, low-latency operation, and is deployable on resource-constrained devices. Empirical evaluation across multi-stakeholder scenarios confirms both feasibility and efficiency.

The increasing adoption of smart home devices and IoT-based security systems presents significant opportunities to enhance convenience, safety, and risk management for homeowners and service providers. However, secure onboarding-provisioning credentials and establishing trust with cloud platforms-remains a considerable challenge. Traditional onboarding methods often rely on centralized Public Key Infrastructure (PKI) models and manufacturer-controlled keys, which introduce security risks and limit the user's digital sovereignty. These limitations hinder the widespread deployment of scalable IoT solutions. This paper presents a novel onboarding framework that builds upon existing network-layer onboarding techniques and extends them to the application layer to address these challenges. By integrating consortium blockchain technology, we propose a decentralized onboarding mechanism that enhances transparency, security, and monitoring for smart home architectures. The architecture supports device registration, key revocation, access control management, and risk detection through event-driven alerts across dedicated blockchain channels and smart contracts. To evaluate the framework, we formally model the protocol using the Tamarin Prover under the Dolev-Yao adversary model. The analysis focuses on authentication, token integrity, key confidentiality, and resilience over public channels. A prototype implementation demonstrates the system's viability in smart home settings, with verification completing in 0.34 seconds, highlighting its scalability and suitability for constrained devices and diverse stakeholders. Additionally, performance evaluation shows that the blockchain-based approach effectively handles varying workloads, maintains high throughput and low latency, and supports near real-time IoT data processing.