Secu­re con­nec­ti­vi­ty for cri­ti­cal infra­st­ruc­tures —
end-to-end encryp­ti­on for NB-IoT 

IoTree: TLS encryption for NB-IoT

NB-IoT is an LPWAN radio tech­no­lo­gy stan­dard deve­lo­ped to enab­le a wide ran­ge of IoT app­li­ca­ti­ons. NB-IoT is par­ti­cu­lar­ly focu­sed on indoor coverage, with low cost, long bat­te­ry life and high con­nec­tion den­si­ty. TLS over NB-IoT is a simp­le soft­ware exten­si­on that on the one hand fixes known vul­nera­bi­li­ties and on the other hand pro­vi­des WAN-enab­led end-to-end secu­ri­ty accord­ing to TR-03116–3 and thus meets the requi­re­ments of the IT secu­ri­ty cata­log of the Bun­des­netz­ar­gen­tur accord­ing to [§11 Abs. 1a EnWG].

With NB-IoT The Name Says It All

Nar­row­band IoT is a radio stan­dard that is expli­ci­tly inten­ded for app­li­ca­ti­ons in the Inter­net of Things area. Exis­ting mobi­le radio net­works are used, which is espe­cial­ly advan­ta­ge­ous for remo­te or scat­te­red loca­ti­ons. NB-IoT can be used as an alter­na­ti­ve to LoRa­WAN and brings its own advantages:

  • No own com­mu­ni­ca­ti­on net­work is required
  • Low power con­sump­ti­on due to low data rates (up to 230 kBits/s) at a band­width of 180 kHz
  • Hig­her buil­ding coverage than LTE

NB-IoT Requires Additional Security

When using NB-IoT, the data to be trans­mit­ted is encryp­ted and sent to the net­work pro­vi­der. The­re the data is decryp­ted and trans­mit­ted to the user’s desti­na­ti­on ser­ver. The UDP pro­to­col is often used, which cor­re­sponds to an unen­cryp­ted con­nec­tion. Atta­ckers could thus per­ma­nent­ly dis­rupt the con­nec­tion and decrypt or even mani­pu­la­te the trans­mit­ted data. The BSI the­re­fo­re pre­fers TLS encryp­ti­on when using WAN con­nec­tions in accordance to TR-03116–3. Secu­ri­ty must not be neglec­ted, espe­cial­ly when dealing with sen­si­ti­ve com­pa­ny data, per­so­nal data, as well as for use in cri­ti­cal infrastructures.

PHYSEC Offers BSI Compliant Security

Our secu­ri­ty solu­ti­on for NB-IoT pro­vi­des addi­tio­nal end-to-end TLS encryp­ti­on. This enab­les us to pro­vi­de secu­re con­nec­ti­vi­ty from the field com­po­nent to the ERP sys­tem or IoT plat­form. We thus com­bi­ne the advan­ta­ges of NB-IoT with the high secu­ri­ty requi­re­ments of the BSI. Our solu­ti­on is sui­ta­ble for all app­li­ca­ti­ons requi­ring high data secu­ri­ty and was deve­lo­ped from the user per­spec­ti­ve for smart mete­ring, smart grid and cri­ti­cal-infra­st­ruc­tu­re-app­li­ca­ti­ons in coope­ra­ti­on with the Stadt­wer­ke Bochum.

This is How Our Technology Works

The addi­tio­nal TLS secu­ri­ty lay­er is app­lied to the NB-IoT pro­to­col without chan­ging it. Thus the sys­tem is 100% NB-IoT com­pli­ant. The secu­ri­ty tech­no­lo­gy used is ful­ly matu­re and uses estab­lis­hed cryp­to stan­dards.


The­re are no spe­cial infra­st­ruc­tu­re requi­re­ments for using encryp­ti­on and plat­form inte­gra­ti­on. Any NB-IoT net­work can be used. The­re is no neces­si­ty to chan­ge the hardware.

The Result: Maximum Security!

  • TLS encryp­ti­on pro­tects the con­fi­den­tia­li­ty and authen­ti­ci­ty of your sen­sor and actua­tor data.
  • The matu­re tech­no­lo­gy enab­les you to achie­ve a high level of secu­ri­ty by using estab­lis­hed cryp­to standards.
  • Due to con­stant fur­ther deve­lo­p­ments and updates, your net­work will remain secu­re in the future.
  • Ter­mi­nal device and ser­ver soft­ware veri­fy their mutu­al iden­ti­ty with certificates.
  • You retain data sov­er­eig­n­ty — neit­her end device nor soft­ware manu­fac­tu­rers mana­ge key material.

Let us convince You of our Consistent Solution

LoRaWAN Starterkit

Eva­lua­te the pos­si­bi­li­ties of using your own LoRa­WAN net­work. With our LoRa­WAN Star­ter­kit you recei­ve our expert advice inclu­ding the necessa­ry hard­ware and software.


Our fle­xi­ble IoTree plat­form offers a user-friend­ly inter­face and is alrea­dy used for a wide ran­ge of applications.

SEAL Integrity Monitoring

Alter­na­tively, we also offer you our paten­ted phy­si­cal inte­gri­ty moni­to­ring. Mani­pu­la­ti­on of con­trol and mea­su­ring equip­ment can be detec­ted remo­te­ly and thus in real time.

Have we sparked your interest?

Con­ta­ct us today and dis­co­ver even more about the use and advan­ta­ges of IoTree LoRa­WAN. Let us help you use LoRa­WAN wire­less tech­no­lo­gy for a varie­ty of use cases. Con­sul­ting and Sup­port is our top prio­ri­ty, sin­ce we know that each cus­to­mer has dif­fe­rent needs.

Personal Consultation

React to the rising secu­ri­ty thre­ats and pre­vent the attacks of tomor­row. We at PHYSEC will glad­ly ans­wer your ques­ti­ons. Talk direct­ly to our exe­cu­ti­ves now.

Dr. Chris­ti­an Zen­ger, CEO

Dr. Hei­ko Koep­ke, CFO