[tptacek]

I'm not surprised that there are IOT products that need to be secure against their custodians, but the likelihood that the median example product from that set is so secure that fault attacks are a serious concern seems pretty low.

It's a sort of intuitive Venn Diagram situation here, where we're capturing:

1. The subset of hardware products that are "IOT" devices

2. The subset of that that are security sensitive

3. The subset of that that must be secure against their custodians (an extremely narrowing step here)

4. The subset of those products that rely on cryptographic primitives in order to operate.

To put this in perspective: most automotive and industrial secure hardware elements don't make it all the way down to (4), and are compromised by plain ol' bog standard software security attacks.

[qazitory]

Yes, don't really disagree with the general trust of that, particularly once you start considering the technical barriers to executing an attack.

My main point was that the threat model includes the manufacturer needing to maintain ownership of secrets more often than you'd expect. I'd suggest that your step 3 isn't as narrowing.

Whether meeting that model warrants building in resistance to classes of SCA is an almost independent question, and I would agree that it's not very likely in most cases. The consumer-facing industries in which you do see that (e.g. set-top box, printing) aren't really IoT ones, either.