You can use Transport Layer Security (TLS) for Transmission Control Protocol (TCP) and Datagram Transport Layer Security (DTLS) for User Datagram Protocol (UDP) as security protocols. Adding security to TCP or UDP increases the overhead of the data sent over the air.
However, there are other ways to add security to your protocols without adding too much overhead. For example, you can set up a secure channel by authenticating the device with a Pre-shared Key (PSK). This saves both power consumption and data costs, while still having extra security in data transfers.
An important aspect in Internet of Things (IoT) devices is that they are secured against any malicious attacks. Arm® TrustZone® and Arm CryptoCell™ 310 are available in the nRF9160 System in Package (SiP) to securely store data and keys, and to decrypt and encrypt your data. Nordic also has also Trusted Firmware-M support which is the reference implementation of the Platform Security Architecture (PSA) IoT Security Framework.
The nRF9160 modem normally handles DTLS/TLS security. This can be handled by the application processor using mbedTLS instead, if there are some TLS Cipher suites or features that you want to use that are not supported by the modem.
For Firmware-Over-The-Air (FOTA) updates, you must sign your firmware images before going into production. This ensures that your device only updates with the firmware images that you provide.