July 9, 2025
Kamila Hrdličková

When DTLS makes sense. Know before you deploy

DTLS protects NB-IoT communication with encryption and identity checks. Is it always the best choice?

Let’s explore when DTLS (Datagram Transport Layer Security) brings real security value to NB-IoT deployments and when it’s smarter to choose a simpler or more energy-efficient alternative. Get clarity before committing to your next smart metering rollout.

IoT technology is becoming essential across industries, from smart homes to city utilities. Metering infrastructure in particular relies on LPWAN protocols like NB-IoT and LoRa for long-range, low-power wireless communication. But the more sensitive the data, the more important security becomes. Lets explore when DTLS (Datagram Transport Layer Security) makes sense for NB-IoT communication and when it doesn't.

Why secure communication matters

"It’s just water or electricity data, who cares?" you might think. But these seemingly trivial measurements can reveal patterns about personal or business activity: when people are home, what kind of operations are running, or even if there’s been a service disruption. And because many IoT devices communicate over public networks, unencrypted traffic can be intercepted or spoofed by bad actors.

Security isn’t just about protecting your own data. Poorly secured devices can become attack vectors or leak third-party information. In some cases, compromised data can be exploited for market manipulation, industrial sabotage, or targeted attacks.

Security is no longer optional. The EU Radio Equipment Directive (RED) will soon require mandatory cybersecurity features for wireless devices. And the Cyber Resilience Act (CRA), expected to take full effect by December 2027, will bring stricter standards for IoT security and vulnerability management. Encryption will be a key part of compliance.

DTLS: What it is and how it works

DTLS is essentially TLS adapted for UDP. It ensures confidentiality, authenticity, and integrity of data over connectionless protocols. Compared to transport layer VPNs or application-level encryption, DTLS offers:

  • Encrypted communication over public NB-IoT networks
  • Lower data overhead compared to MQTT with TLS
  • Support for identity verification and protection against spoofing

But there are trade-offs:

  • Longer handshake times and higher energy consumption
  • Greater memory requirements on constrained devices
  • More complex key provisioning and management

What are the most common alternatives to DTLS?

  • Private APN with UDP. The most basic option. By isolating communication within a mobile operator’s private network, exposure to the public internet is reduced. However, it doesn’t encrypt the data itself.
  • MQTT over TLS. Good for cloud integration. TLS ensures end-to-end encryption, but requires more bandwidth and battery power than DTLS. MQTT is also easier to implement and widely supported.

When does DTLS make sense?

DTLS is not a one-size-fits-all solution. It shines in use cases where:
  • Public NB-IoT networks are used for transmitting metering data
  • Data is privacy-sensitive (e.g., water/gas usage from households)
  • Compliance with upcoming EU or national cybersecurity regulations is required
  • End-to-end encryption is needed without switching to MQTT
It may not be worth the complexity for:
  • Devices with severe power or memory constraints
  • Private network deployments with limited exposure
  • Use cases where application-level encryption or simpler TLS alternatives suffice
Our recommendation

Start by asking:

  • Do I need data confidentiality and identity verification?
  • Is my network environment public or private?
  • Can my device handle the memory and energy requirements?

We at ACRIOS offer DTLS support in our NB-IoT-enabled converters, as well as MQTT/TLS and private APN communication. Our goal is to help you strike the right balance between security, efficiency, and integration.

FAQs about DTLS to NB-IoT deployments

What is an IoT device?

Any internet-connected device that collects, sends, or receives data. Examples include smart meters, thermostats, sensors, or controllers.

Are all IoT devices equally risky?

No. Devices that process sensitive or time-specific data (like energy consumption) pose greater security risks, especially if communication is unencrypted.

Why encrypt metering data at all?

Even basic consumption data can be used to infer presence, behaviour, or business operations. Encryption protects privacy and prevents misuse.

What are the risks of unsecured LPWAN communication?

Data interception, spoofing, or even network abuse (e.g. DDoS attacks). Attackers may tamper with data or use unprotected devices as entry points.

Which encryption method is best for NB-IoT?

Depends on your needs, for basic isolation private APN + UDP, for easy cloud integration MQTT + TLS and for efficient encryption over public networks DTLS

Will EU legislation require IoT encryption?

Yes. The Cyber Resilience Act and RED directive will require encryption, vulnerability handling, and secure default settings from 2025 onwards.

Do I need encryption even for water meters?

Yes. Seemingly harmless data can reveal behaviour patterns or be used for malicious targeting. Also, liability may fall on you in case of data leaks.

How do I choose the right encryption method for NB-IoT?

Consider your energy budget, network type, and required integration. We at ACRIOS support all major options, so you can adapt to your needs.

Does ACRIOS offer secure metering converters?

Yes. All ACRIOS converters support secure communication over LoRa, NB-IoT, and MQTT, with configurable encryption options.

Need to secure your NB-IoT deployment? Our converters support DTLS, MQTT+TLS, and private APN setups. Choose the right option for your project. Get in touch.
No items found.
Blog
EPBD is coming: what BACS means for your building
Let’s break down what the BACS mandate, part of EU’s broader initiative EPDB directive, means in practice. Who must comply, which systems and protocols to use, and how to modernise your building with minimal effort using your existing infrastructure.
Not your keys, not your hardware
AES encryption protects your data. But without the keys, you don’t really own the device. This article explains why requesting encryption keys matters when purchasing IoT meters, and how it gives you full control over data, integration, and long-term independence.
868 MHz or 433 MHz? The right choice for your wM-Bus
Looking for a wireless M-Bus converter but unsure which frequency band to choose? This article compares 868 MHz and 433 MHz, explains key technical differences, and offers practical guidance based on meter compatibility, signal conditions, and installation environments.
I will be happy to discuss everything with you.
Lukáš Smetana
CSO

By clicking the Send your message button, you agree to the processing of personal data.

Thank you for your inquiry. We will address it as soon as possible.
Oops! Something went wrong while submitting the form.
+420 602 625 255
info@acrios.com
Terms and Conditions
Privacy settings
CookiesGDPR
We have new technologies in our heart
Copyright © 2024 ACRIOS Systems s.r.o. All Rights Reserved.