From other messages, the emphasis seems to be crypto, but I have a more general question.
Lets say that I have a wireless gateway and a bunch of sensors out on proprietary wireless links (maybe LoRa, maybe something else LONG range). No attempt to behave as a tcp/ip link, it just transfers data (maybe on request from the gateway, maybe not). There will be some sort of security at the gateway. Certainly the usual tcp/ip stuff, including firewall.
But, what is the current thinking about security on past the gateway?
One metric is certainly the cost of an intrusion or hack. In this case, it would be lost data. But, no real-time decisions will be made based on this data. It will simply be the loss of someone's research time and money. What if someone spoofs a real sensor and injects bogus data into the system. Again, annoyance! It would be worse if someone simply steals a sensor - then you would loose data and the sensor. What if someone intercepts the data? Ho hum? Temperature data is sure going to do someone a lot of good and earn them big money, right? Well, it might not be temperature, but it will be something of similar importance.
With all this frantic hand wringing about not paying attention to IoT security, I hope that someone can provide some insight into what really is important and useful in these low-value, low(er) tech IoT devices as far as security is concerned. Mine will be Mega/Tiny AVRs so, at most, minimal encryption might be possible, but I sincerely question the cost compared to the potential loss.
Any thoughts or suggestions?