1 Introduction

The Internet of things (IoT) is a vibrant new field of research in electronic engineering and computer networks. It has transformed the Internet from interaction between humans only to that between humans and things and even interaction between things [22]. This has been made possible through the development of smart devices which are able to make decisions without the intervention of humans and share information with other smart devices to achieve a particular goal. However, the incorporation of all these devices into the standard Internet leads to various challenges in security since the majority of Internet technologies and communication protocols were not originally designed for IoT support [13]. The distributed and decentralized nature of IoT is also a challenge in terms of access control, trust management and identity management (IdM) [19]. Trust management is the most important in a network of heterogeneous objects such as IoT [9]. In order to address this issue of control, an existing solution is standardisation through an IoT gateway [30]. Unfortunately, this requires extra infrastructure. However, the fuzzy approach to trust-based access control (FTBAC) can be used for trust-based dynamic access control. FTBAC is a scalable and flexible framework where an increased number of devices has no effect on their performance and functionality. This approach to trust management achieves cryptographic protection through access control by increasing levels of trust even though this creates extra overhead due to energy and time consumption. The model is easily integrated in decision-making based on utility as its flexibility allows for additional components [19]. However, there are several limitations to this approach and also in the existing work in the IoT area in terms of demonstrating the dynamics of moving nodes in an IoT network and how communication between IoT nodes can be both sustainable and secure. The trust management protocol, scalability and context are all important factors of IoT [4]. In order to address these issues, we propose a new approach of fuzzy security protocol and trust management for IoT-based clusters by developing a secure method of communication and exchanging messages between IoT nodes using a novel security protocol for the IoT. This protocol allows nodes to move from one cluster to another in a secure way. Further, our proposed protocol uses a message system similar to serial communication for secure message encryption. Moreover, we use fuzzy logic in our approach to detect malicious nodes and to restrict their untrusted function of speaking incorrect recommendations about the nodes in the network. Further, the effectiveness of fuzzy logic in the detection of bad service providers, on-off attacks and contradictory behaviour attacks (con-behaviour) is demonstrated.

The remainder of this paper is organized as follows: Sect. 2 reviews the related work in literature. Section 3 details a secure message system between IoT nodes. Section 4 overviews the trust and fuzzy algorithms. Section 5 presents an intelligent security protocol. Section 6 discusses the simulations, results and analysis. The paper is concluded in Sect. 7.

2 Related work

Mosenia and Jha [22] found that the IoT paradigm led to the development of several protocols of communication with the miniaturization of transceivers which provides the opportunity to transform an isolated device. Advances in technology have exponentially increased the number of Internet-connected computing and sensing devices. However, these suffer from the possibility of attacks and potential threats to privacy and security, especially when data is transferred from one cluster to another. A variety of approaches has been proposed to address the problem of IoT trust management, even though it has been argued and acknowledged that the real challenge for trust management is scalability. Therefore, there is a need to consider the development of intelligent next-generation methods of trust management for IoT networks which accommodate the leaving and joining of nodes and handle large-scale networks [5].

To address this problem, Alshehri and Hussain [3] suggest a novel centralized trust management mechanism for IoT (CTM-IoT) on the basis of the super node (SN) in proposing the trust management mechanism for the Internet of things (TM-IoT), designed for the provision of trustworthy communication between nodes. The IoT system evolution involves the creation of nodes which require the trust management protocol to permit the establishment of an accurate trust network. This requires a dynamic system designed to deal with the threat of socially uncooperative and malicious nodes. Therefore, their proposal is based on achieving trustworthy communication between nodes through the division of the IoT environment into clusters. For each cluster, there is a master node (MN) as the local trust manager.

The use of radio frequency identification (RFID) tags through the Internet enables the identification of tags through the use of an appropriate authentication protocol [16]. The proposition is to use an encryption method on the basis of XOR manipulation for privacy protection and anti-counterfeiting. The logic in this design is based on service-oriented architecture targeting the relation between unique identifiers with particular services. Ray et al. [24] proposed an RFID security protocol and framework based on the customizability and scalability of the issues to support IoT implementation. They proposed an identification technique for a group-based and collaborative approach (hybrid approach) and security check handoff.

A clustering-driven intelligent trust management methodology (CITM-IoT) was suggested by Alshehri et al. [5] where IoT nodes are grouped into clusters based on their trust value. The IoT nodes in a cluster are able to progressively loss or gain trust values during their interaction with other nodes. Using a scalable trust management solution (IoT-TM) provides a trustworthy communication platform between the devices communicating with other nodes in the IoT system. The architecture of IoT-TM allows for heterogeneous IoT applications and devices to contact each other in trusted heterogenic communication between devices. The centralized model involves a master node and several clusters, allowing for the centralized trust management of things over a network. This creates a distributed trust system for CNs to communicate with each other, and for MNs to communicate cooperatively with the SN and the CNs in their cluster. In this framework, the achievement of scalability is based on placing the IoT nodes into clusters or groups based on their trust values.

Kotis et al. [15] focus on the trustworthiness of an entity, noting that in a distributed or open IoT environment, there are multiple generic applications and third-party devices that need to be securely deployed. Their suggestion is that the semantic interoperability approaches related to IoT need to be extended through trust semantics. In IoT, semantics refers to the ability to extract knowledge using various machines for the required services to be provided [2]. Trust semantics are used in describing the trust-related and quality attributes for the sources and their providers. Since the high heterogeneity level in IoT can magnify security threats during interactions, it is important to semantically enable trust in the open and distributed IoT to secure and ensure the deployment and selection of heterogeneous IoT entities without central authorities of trust.

Ahmed et al. [1] designed a trust and energy-aware routing protocol (TERP) to address the challenges of trust-based routing protocols. The TERP design is centered on energy efficiency and trustworthiness with the capability of the dynamic detection and isolation of misbehaving nodes during the phase of trust evaluation with the incorporation of an energy awareness feature in the route setup phase of the routing protocol. This helps in the better balancing of load among trusting nodes. The design also integrates trust-based routing with the additional inclusion of mechanisms to ensure the selection of end-to-end routes with the current energy levels of intermediate nodes. The evaluation of TERP, based on simulation in NS-2 indicates better performance regarding average energy consumption, throughput and lifetime of the network.

A trust-based secure routing protocol was proposed by Renubala and Dhanalakshmi [26] utilizing fuzzy-log in trust-based secure routing. The method utilizes bio-inspired energy-efficient cluster (BEE-C) protocol characteristics taking into consideration distance, battery level and node density. It also detects the black region on the network and enhances network security.

Chen et al. [10] proposed a trust and reputation model to defend large distributions of sensor networks in IoT/CPS against malicious attacks on nodes, especially because mechanisms of trust establishment can stimulate collaboration between the IoT nodes. Their approach facilitates the detection of untrustworthy entities and assists in the process of decision-making for various communication protocols. The focus is on a fuzzy theory-based trust and reputation model for the IoT/CPS environment which analyzes the unique and special features of trust challenges, the concept of trust and reputation, trust evaluation metrics, global trust relationship evaluation and local trust relationship evaluation. The fuzzy-based secure routing approach effectively protects WSNs from severe attacks through the dynamic replaying of routing information.

Lize et al. [18] developed a trust mechanism for IoT, establishing a formal trust management control mechanism based on the modeling architecture of IoT. They adopted a formal semantic-based method and fuzzy set theory in the realization of the mechanism of trust and decision-making based on trust for a reasonable and coherent result. The focus is on the decomposition of IoT into three layers, each under the control of trust management for special purposes. The process indicates that the final decision-making is done by a service requester and then uses a formal semantics-based and fuzzy set theory.

Sirisala and Bindu [27] proposed the uncertain rule-based fuzzy logic QoS trust model in MANETs (FQTM), selecting those nodes with cooperativeness and capability. Fuzzy logic was applied to compute the trust values of nodes in consideration of reliability and quality metrics. FQTM selects nodes with high trust values to construct routes to the destination. The expert system in the fuzzification process converts the crisp values using a rule base into fuzzy values where all the rules are framed according to the resource status of the nodes.

By investigating machine-to-machine (M2M) networks, Tuna et al. [28] examined security requirements such as resilience and availability against external entity attacks, increasing privacy and anonymity of the devices. Their proposition is based on using a technique derived from information control theory, tagging data, and providing various properties of privacy. However, they suggest the need for an overall integrated security approach to ensure that in M2M applications, there is end-to-end security.

Lin et al. [17] focused on fog/edge computing so that devices with computing services can be deployed at the network edge with the aim of improving the experience of users and the resilience of the services when failures occur. With the advantage of being close to end-users and distributed architecture, the approach provides greater quality of service for IoT applications and a faster response. This makes it suitable for future IoT infrastructure to cover the privacy and security issues in the intelligent cyber world.

In looking at the security of IoT frameworks, Ammar et al. [7] considered eight frameworks based on their architecture, compatible hardware, the essentials of third-party smart app development and security features. The comparison showed that similar standards are used in communication security while different methodologies are used in the provision of other properties of security.

Mishra [21] indicated that in the present world of technology, security protocols built on strong cryptographic algorithms which attempt to defeat analysis patterns are common. With the major challenges of privacy, trustworthiness and security, a security protocol using minimal processor capacity and facilitating the targeted benefits of security is proposed. The chosen protocol works against the various security issues with the existing IoT protocols and is especially strong against severe attacks.

Wang et al. [29] proposed a self-trustworthy and secure Internet protocol (T-IP) for encrypted and authenticated network layer communications with the following advantages: (1) the IP address is self-trustworthy; (2) it has low connection latency and transmission overhead; (3) IP is stateless; and (4) it is compatible with the existing TCP/IP architecture.

Malina et al. [20] focused on the cryptographic mechanisms that could be useful and efficient on devices. They noted that the security solutions designed for IoT environments need to deal with heterogeneous entities with different specifications of software. Such devices use the constrained application protocol (CoAP) which provides authorization, authentication, confidentiality, data authenticity, freshness and integrity. By looking at the performance analysis of cryptographic primitives and memory limitations, they examine and discuss the applicability of privacy enhancing schemes and protocols.

Nguyen et al. [23] discussed the applicability and limitations of using IP-based Internet security protocols and other security protocols used in WSNs which have the potential to be used in IoT. Granjal et al. [12] also conducted a survey of the existing protocols and mechanisms to secure IoT communications. Their analysis indicates how the approaches in place ensure the security and protection of communications on the IoT. In Raza et al. [25], the focus is on exploring the option of IPsec use as a security mechanism for IoT. They present a 6LoWPAN/IPsec extension and indicate the approach’s viability, finding that the IPsec is feasible for securing IoT.

Chen et al. [11] proposed a routing protocol based on node convergence degree and BCDTV. This protocol is used for cluster head election. The trust value is computed accounting the data transmitted, the forwarding rate of nodes and the amount of energy carried by the node. Based on these metrics, a five-stage cluster head evaluation scheme is created. The first stage gathers enerty of the cluster head nodes. Stage two, is about the communication metrics and the data metrices. In stage 3 all data are integrated to provide the convergence degree. Then, cluster head is elected and clusters are established. Finally the system will continue into transmission stage.

Arridha et al. [8] utilises data produced in IoT environment. They addressed the application of data analytics in IoT. The water condition monitoring system SEMAR is improved for analytics. This system explored the field of 4G transmission in marine areas. Most importantly, a real-time classifier based on decision tree algorithms.

Javanmardi et al. [14] computed a fuzzy reputation-based model to manage trust in P2P networks. Fuzzy logic is used based on values from node reputation to compute trust levels. The trust levels can be low, medium, or high to represent different set of ranking. The network are set in a clustered manner where the super peer engages with the nodes in its cluster and other super peers in other clusters.

Alsumayt et al. [6] explored the nature of IoT in MANETs. MANET nodes uses Internet Protocol for communication with each others. They proposed a trust value architecture, the Distributed cooperative trust-based intrusion detection (DICOTIDS) architecture. This architecture addresses different types of attack such as Dos attack and greyhole attack.

From the above and based on the analysis in Table 1, we conclude that although some trust or reputation systems have been proposed for IoT, the existing literature does not focus on countering key attacks in IoT trust systems, such as bad service providers, on-off attacks and con-behaviour attacks.

In the proposed solution, the bad service providers are defined as nodes providing service respond messages with incorrect structure, bad data or false data. The definition of a bad service provider is dependent on user perception. Nodes performing on-off attacks are bad service providers determined by time. For example, it could provide good service in the current time period but performing a bad service in the next time period. This change of behaviour made it harder to detect comparing to bad service providers. Similarly, a con-behaviour node provides good services to a group of nodes, but bad services to another group of nodes. In our system, this behaviour is realised with nodes providing good services within its cluster but providing bad services to node within another cluster.

Table 1 Comparative analysis of the existing literature from the perspective of countering attacks for IoT trust systems
Full size table

From the above evaluation of the existing literature, we conclude that in the existing literature there is no work to intelligently detect and counter bad service providers, ”on-off” attacks and con-behaviour attack in IoT reputation systems. In order to address this issue, we take a systematic approach as follows:

  1. (a)

    In Sect. 4, we propose a comprehensive fuzzy-logic based trust management approach based on clustering of IoT nodes to counter three different types of attacks in IoT trust systems, namely “on-off” attacks, con-behaviour attacks and bad service providers. We evaluate the performance of our proposed approach and the results are discussed in Sect. 6.

  2. (b)

    To support the fuzzy-logic based trust management approach, we propose a HEXA decimal-based messaging system (based on TCP/IP) that can used to detect tampered messages in transit. This is presented in Sect. 3.

  3. (c)

    In Sect. 5, we present the overview of the clustering-based trust protocol which uses the fuzzy-logic based trust management approach presented in Sect. 4.

In the next section we present a HEXA decimal-based messaging system for detecting tampering of messages between IoT nodes.

3 A secure HEXA decimal-based messaging system for tamper detection

The structure of a message is shown in Fig. 1 and Table 2. Each unit/code of the message is a two-digit hexadecimal number or an unsigned char with values from 0 to 255. Data Length refers to the length of the data section. Check Code is generated by processing other hexadecimals in the message. In our simulation, the Check Code is generated by adding the Data Sections together. If the result is greater than 255, reduce 256 from the result to avoid exceeding the numerical maximum of a two-digit hexadecimal 255 until it is smaller or equal to 255.

Fig. 1
figure 1

General structure of a message

Full size image

The message system provides two extra layers of security. If the head code of a received message is wrong, the current message will be discarded, protecting the system from an outside source or malicious nodes. A different check code implies a wrong check code generation mechanism, which means the message is from an unsecure origin.

Table 2 A description of the general structure of a message
Full size table

4 Fuzzy logic-based approach for countering attacks on IoT

This solution (Fuzzy-IoT) consists of five algorithms. Algorithm one is used to classify the trust score values into fuzzy sets. After determining the fuzzy sets, algorithm two use these fuzzy sets and classifies the cluster nodes into three categories: trusted, semi-trusted, non-trusted. These categories can restrict node interaction. Algorithm three uses a direct trust score, indirect trust score and routing score to calculate the trust value. Algorithm four uses this trust value to determine if a cluster node is able to change to another cluster. Finally, Algorithm five checks the current condition of the cluster nodes (CNs) and uses all the previous algorithms to update a new fuzzy status and new trust value. In conclusion, the fuzzy state will be used to limit node functionality and the calculated trust values will be used for clustering with trust boundaries stored on a certain master nodes.

Algorithm one uses fuzzy boundaries to determine a low, medium or high value for the three different trust scores. The whole system includes trust values from 0 to 1. In our case, fuzzy boundaries are defined as in Fig. 2.

Fig. 2
figure 2

Membership function of fuzzy logic

Full size image

Algorithm one evaluates an input value with all three of these fuzzy sets, where obtaining a set of three 1 or 0 results represents membership or non-membership of the sets. Each of the values is tested with a set of three equations with an upper bound and lower bound. For example, with the medium number set, a value is compared that is between the lower bound of medium set Ml and the upper bound of medium set Mu.

$$\begin{aligned} Ml< value < Mu \end{aligned}$$
(1)
figure a

In our system, there will be three trust scores as components of the trust value. A direct score will be generated from the quality of a service response. When a new direct score is stored, the last one will become the new history score. Routing scores are generated by evaluating service responses from a node in a different cluster.

Placing these three scores into algorithm one generates the fuzzy membership for the three scores. Algorithm two uses the results of algorithm one to provide the fuzzy state of a node. There are three fuzzy states. All nodes start with the non-restricted state “trusted”. As more nodes give more trust scores, it could move down to more restricted states. A “semi-trusted” node can only provide services to nodes within the same cluster. “Semi-trusted” nodes are restricted to provide services to an outside node. A service request to a “semi-trusted” or “non-trusted” node will be blocked by its master node.

Algorithm two is based on logic. If the routing score (Rr) is low AND the direct score (Rd) is NOT low AND the past score (Rp) is not low, this node is semi-trusted. If Rd is low OR Rp is low, then this node is non-trusted. All nodes start in a trusted state. These states can only downgrade towards the non-trusted state.

figure b

By directly using the average of the trust scores obtained from the other cluster nodes and other master nodes, a trust value can be obtained. Three direct scores, a past score and routing score coefficients Cd, Cp and Cr are values with a sum of 1. These coefficients are used to provide a weighted average of direct, past and routing scores (Srd, Srp, Srr). In our approach, we use an average as in Eq. 2 below, however a weighted approach could be used as well.

$$\begin{aligned} result = Cd \times Srd +Cp \times Srp+Cr \times Srr \end{aligned}$$
(2)
figure c

When a node’s trust value is not within the boundaries of the current master node, Algorithm four uses the trust values calculated from algorithm three and checks if it is within the range of another master nodes’ trust value boundaries (Tnl and Tnu). These boundaries can be requested from a super node (SN). The working of the algorithm for switching a node from one cluster to another by the master node (MN) of the cluster to which the node belongs is presented in Algorithm four below.

figure d

Algorithm five specifies the process by which a master node checks the status of the cluster nodes and decides whether it needs to move them. The direct, past and routing scores (Sdi, Spa) are obtained from other cluster nodes and Ssdi and Sspa are summed.

$$\begin{aligned} Ssdi= & {} \sum Sdi \end{aligned}$$
(3)
$$\begin{aligned} Sspa= & {} \sum Spa \end{aligned}$$
(4)

The average of these scores, Asdi and Aspa, will then be calculated. Then, routing scores Sro are obtained from the other master nodes to calculate Ssro.

$$\begin{aligned} Ssro =\sum Sro \end{aligned}$$
(5)
Fig. 3
figure 3

Flowchart showing pictorially the working of the algorithm five

Full size image

Again, an average Asro will be calculated. Algorithm two and three will be used to produce a fuzzy state (NTs) and a trust value (Trust), respectively. The fuzzy state will be broadcasted to other same-cluster nodes. The trust value obtained will be checked against the upper and lower trust boundaries (Tu, Tl) of the current master node. If it is not within the boundary, algorithm four will be run to check if this node can move to another cluster. The following flow chart (Fig. 3) demonstrates the process of Algorithm five.

figure e

5 An intelligent security protocol

Fig. 4
figure 4

Security protocols and message system mechanisms

Full size image

Figure 4 shows part of our security protocol. The blue lines are the connections between master nodes and its cluster nodes. The cluster nodes in the blue cubes can only make contact with the master node (red cubes) of its cluster. The super node can only be contacted by the master nodes. The black lines demonstrate basic same-cluster interactions. Cluster nodes can be classified into three categories with restrictions as shown in Table 3.

Table 3 Types of nodes in the security protocol
Full size table

All cluster nodes have a fuzzy bank which stores the fuzzy status and node type of its neighbours. Initially, the fuzzy status of every neighbour of a node is trusted. For the same cluster request, the sender will firstly check the fuzzy status of the target. If the target is non-trusted, such as cluster node 3, the node will block itself from sending the request.

A service request from a node to a node in another cluster will be routed through the master nodes. The green line shows a request reaching from cluster node 6 to cluster node 3, routed from master node 2 to master node 1 and finally to cluster node 3. The purple lines show a response which is sent back from cluster 3 to cluster 6 routed by master node 1 and master node 2. Finally, the orange line shows a score from cluster node 6 being sent to master node 2 for cluster node 3’s services.

The fuzzy bank of master nodes stores the fuzzy status and trust values of its cluster nodes. It also stores the scores rated by the cluster nodes for nodes in another cluster. The red lines show the non-trusted nodes sending a service request to the semi-trusted nodes. Master node 2 checks the fuzzy status of the semi-trusted node and blocks the request.

The light blue lines show that the super node provides trust value boundaries for the master nodes to be used in a future cluster change algorithm (Algorithm 5).

6 Simulation, node mechanisms, results and analysis

This section presents the details of simulation, node mechanisms and the analysis of results.

6.1 Simulation settings: basic concept

The simulation is run with the Cooja simulator from the Contiki system. Contiki is an event-driven and lightweight system for the IoT. In this simulation, Rime addresses from Contiki are used for node identification. By default, Rime addresses can be 2 bytes or 8 bytes. Considering the small size of our clusters, 2-byte addresses will be sufficient. There are two major sets of simulations: the base case with the fuzzy detection mentioned in the node mechanism section; and the second case without fuzzy detection. These two sets of simulations are further developed in three different simulation scenarios. The first scenario only has 15 nodes to test the basic counter-attack concept of the algorithm. The second scenario utilises 200 nodes to ensure the algorithm is functional under a large number of nodes. The final scenario contains 2000 nodes showing the algorithm’s performance on a large-sized network.

Table 4 Basic concept node initial clustering
Full size table
Table 5 Basic concept node properties
Full size table
Fig. 5
figure 5

Basic concept initial simulation setting

Full size image

In our algorithm, the function of a super node is to send trust boundaries to the master nodes. Because this is a small system, we simplified the simulation and stored the boundaries on the master nodes. Three malicious nodes are in the system for detection: (1) a bad service provider which sends low scoring service responses; (2) an on-off attack node which provides a bad service in a certain cycle of time; and (3) a con-behaviour node which sends a bad service response redirected to nodes within other clusters.

Table 4 demonstrates the initial clustering of the 15 nodes. Node 1, Node 2 and Node 3 act as master nodes for the three initial clusters. Table 5 shows the details of the types of nodes within the simulation. Nodes 7, 11 and 15 are malicious nodes acting as a bad service provider providing bad responses, a node performing on-off attacks and a node performing con-behaviour attacks, respectively. These nodes are distributed accross a \(90\hbox { m} \times 80\hbox { m}\) surface into three clusters as shown in Fig. 5.

This simulation consists of two cases. Table 6 details the base case. The base case takes place on a \(90\hbox { m} \times 80\hbox { m}\) surface for 60 s with the Fuzzy Trigger on. If the Fuzzy Trigger is on, the cluster nodes and master nodes block requests sent to Non-trusted and Semi-trusted nodes as mentioned in Sect. 5. Table 7 shows settings for the second case. The only difference between the cases is the second case runs with the Fuzzy Trigger off. In this case, the master nodes and cluster nodes will not block any requests considering the fuzzy status.

6.2 Simulation settings: 200 nodes

The second simulation scenario is used to test the proposed system in a network of 200 IoT nodes with 60 being malicious.

Table 6 Basic concept base case parameters
Full size table
Table 7 Basic concept non-fuzzy case parameters
Full size table
Table 8 200 Nodes IoT network node initial clustering
Full size table
Table 9 200 Node IoT network node properties
Full size table

Table 8 shows the initial cluster settings of the network. The first 20 nodes in the network are all master nodes, each carrying nine cluster nodes in their cluster. Table 9 shows the node property composition of every cluster. In every cluster, the last three nodes are malicious nodes. These three nodes are the bad service povider, on-off attack node and con-behaviour node. A topology of this case is shown in Fig. 6.

This simulation scenario also consists of two cases. Table 10 demonstrates the base case. The base case takes place on a \(100\hbox { m} \times 100\hbox { m}\) surface for 60 s with the Fuzzy Trigger on. Table 11 shows settings for the second case with the Fuzzy Trigger off.

Fig. 6
figure 6

200 Node IoT network initial simulation setting

Full size image
Table 10 200 Node IoT network base case parameters
Full size table
Table 11 200 Node IoT network non-fuzzy case parameters
Full size table

6.3 Simulation settings: large IoT network

The third simulation scenario is used to test the proposed system in a large scale IoT network with 2000 nodes to prove the proposed approach is able to scale to any number of IoT nodes. Of these 2000 nodes, 60 are malicious.

Table 12 Large IoT network node initial clustering
Full size table
Fig. 7
figure 7

Large IoT network sample malicious cluster setting

Full size image

Table 12 presents the initial property of the clusters. The first 20 clusters are malicious clusters, which each contains three malicious nodes. These clusters have a similar topology as Fig. 7. The 21th to the final cluster are normal clusters with all non-malicious cluster nodes. Figure 8 demonstrates this setting. Figure 9 reveals a big picture of cluster distribution for the large IoT network with 2000 node. Each cluster contains a master node and nine cluster nodes.

Table 13 demonstrates the base case of this simulation scenario. The base case takes place on a \(300\hbox { m} \times 150\hbox { m}\) surface for 60 s with the Fuzzy Trigger on. Table 14 shows settings for the second case with the Fuzzy Trigger off.

Fig. 8
figure 8

Large IoT network sample normal cluster setting

Full size image
Fig. 9
figure 9

Large IoT network initial simulation setting

Full size image
Table 13 Large IoT network base case parameters
Full size table
Table 14 Large IoT network non-fuzzy case parameters
Full size table

6.4 Node mechanisms

A node can transmit a message to a node within its cluster, but it needs a master node to redirect a message to another master node, then to a node within another cluster. For direct transmission, if the fuzzy status of the target node stored on the sending node is non-trusted, the sending node will stop sending the message. For a redirected message, if the master node of the target determines the cluster node is semi-trusted or non-trusted, it will block the message immediately.

6.5 Results and analysis

An analysis of the experimentation resulted in the following: Three bar graphs to measure the time is takes to intelligently detect the nodes carrying out three types of attack - bad service provider, on-off attack and con-behaviour attack:

  1. (i)

    A performance evaluation and comparison to detect on-off attacks. The performance evaluation and comparison is carried out for both fuzzy and non-fuzzy cases.

  2. (ii)

    A performance evaluation and comparison to detect con-behaviour at- tacks. The performance evaluation and comparison is carried out for both fuzzy and non-fuzzy cases.

  3. (iii)

    Three diagrams comparing the average trust values for fuzzy and non- fuzzy cases. The first has similar settings to prove the basic concept. The second diagram is obtained in an environment with 200 nodes. The final diagram is obtained in an environment with 2000 nodes. The second and third diagrams are used to prove that the proposed algorithms can operate with a large number of IoT nodes.

The bar graph in Fig. 10 shows the number of rounds required to detect a certain malicious node carrying out malicious attacks. We define a “Round” as a master node finishing one check of the current status of all its cluster nodes (algorithm 5). This process includes gathering the trust scores from the master nodes and cluster nodes, calculating the trust values and fuzzy status, assigning a fuzzy status and finally moving out of the trust value boundary cluster nodes to a suitable master node. As can be seen in Fig. 10, all of the bad service providers, the on-off attack nodes and the con-behaviour attack nodes are detected during round 1 of the master nodes’ cycle. This demonstrates that this algorithm is quite efficient in detecting these malicious node types.

Fig. 10
figure 10

Rounds in malicious node detection

Full size image
Fig. 11
figure 11

Number of on-off attacks

Full size image
Fig. 12
figure 12

Number of contradictory behaviour attacks

Full size image

Figure 11 compares the on-off attacks with and without fuzzy logic. Between 0 and 16.71 s, the number of on-off attacks continues to increase. However, using the fuzzy mechanisms proposed in this paper, no new on-off attacks occur after 16.71 s. In the case without fuzzy mechanisms, these attacks won’t be detected, as indicated by the orange line on-off attacks which shows a constant increase in these attacks. This demonstrates that the fuzzy mechanism presented in this paper is effective in detecting on-off attacks and is able to block the attack after the initial bootstrapping time.

Similar to on-off attacks, in Fig. 12 a contradictory behaviour attack node is determined at 28.72 s using the approach proposed in this paper. The blue line indicates that the number of contradictory behaviour attacks with fuzzy mechanisms does not increase after 28.72 s as no new attacks are performed. The red line indicating contradictory behaviour attacks without fuzzy mechanisms continues to increase as the attacks are not blocked. This demonstrates the effectiveness of the proposed protocol to block contradictory behaviour attacks.

Fig. 13
figure 13

Average trust score of all the IoT nodes during the simulation (n \(=\) 15 nodes)

Full size image
Fig. 14
figure 14

Average trust score of all the IoT nodes during the simulation (n \(=\) 200 nodes)

Full size image

Figure 13 shows the average ratings for the services. In our model, a node gives a score after receiving a service response which is the basis of the trust value. This score represents the service quality of the received service response. The lines for the fuzzy mechanisms and without the fuzzy mechanisms diverge when node 7, the bad service provider, is detected by master node 1. A larger divergence occurs around 15 s and 30 s when node 11, the on-off attack node, and node 15, the con-behaviour node, are detected, respectively. This shows there is an increase in the average service quality of the whole system when a fuzzy mechanism is added.

Fig. 15
figure 15

Average trust score of all the IoT nodes during the simulation (n \(=\) 2000 nodes)

Full size image

In this scenario of 200 nodes (Fig. 14) fuzzy logic still contributes to trust value. This figure is similar to the base case scenario above (Fig. 13). The only difference will be the initial trust value and the difference between fuzzy trust value, non-fuzzy trust values. The base scenario have three malicious node in twelve cluster nodes. The proportion of malicious node is 25%. While in the case of 200 nodes, there are 60 malicious nodes in 10 cluster nodes. This is 33.3% of malicious nodes. With a greater number of malicious nodes the initial trust value of 200 nodes is slightly lower than the base scenario. In the base scenario, one malicious node represents a third of all malicious nodes, on the other hand, one malicious node only represents 1.67% of total malicious nodes in the 200 nodes network. In this case, although there are more malicious nodes in every cluster of the 200 node network, the difference between the two lines is smaller than the base scenario. Figure 15 shows that the average trust of the large IoT network is similar. Only 3.33% of the 1800 cluster nodes are malicious. This equates to a significantly higher initial average trust value than the other two scenarios, but there is a smaller difference between the two cases of fuzzy logic, as each detection of a malicious nodes is not that significant.

7 Conclusion

The security and trustworthiness of IoT nodes is a critical and pressing issue and has received a lot of attention in the existing literature. An IoT network can scale up or down dynamically with time and with new nodes continuing joining it and existing nodes exiting the network. A trust solution should be able to adapt to these changes in network size. To address this critical issue, in this paper, we propose a cluster-based fuzzy-logic approach, in which existing nodes are grouped into clusters. We proposed novel approaches to address three critical issues to enable reliable cluster-based trust management in IoT. First, we proposed a protocol using fuzzy logic that is able to detect on-off attacks, contradictory behaviour attacks and other malicious nodes. Second, we demonstrated how this approach handles IoT nodes to maintain part of its function using fuzzy logic. Third, we proposed a secure message system for IoT nodes using hexadecimal values with a structure similar to serial communication. We carried out extensive experimentation and evaluation of the results under varying network sizes to capture the scalability of our proposed approach and also to measure its efficiency in detecting malicious nodes, such as bad service providers, on-off attacks and con-behaviour attacks. We found from the experimentation results that our approach is very effective in identifying the malicious nodes in the network within a set simulation time frame of 60 s. Finally, we found that using our approach, the computed average trust value converges quickly to the actual average trust value of the network.