Hello Radu, hello Jeff,
I’m not a friend of total encryption, because it may leed to relying on it.

Much more easy than spoofing data will be takeing sensors down (server side, client side, routing, …).
To prevent this, in first step there might be a flashing “offline” LED on the device or the eMail alert you think about …

But even thou you can make the device believe it’s online.
At the moment my “urad” sends all data to my own server, where I can do those tests.

In next step you could show a current average-value on devices display. Anyone will wonde about the difference online/offline if there is spoofing. In total this might be more reliable than encryption.

But maybe there should be a, lets say .. saltet hash, to prevent easy spoofing.
When registering a new device, you get a divice-id and a shared secret. This secret has to be used to calculate the crc. So not every teenager can send fake date.

Vinz