Since, in a WPAN system, it is easy to sniff and overhear communication, 6LoWPAN provides for security at multiple levels. At the 802.15.4 level two of the protocol, 6LoWPAN relies on AES-128 encryption of data. Additionally, 802.15.4 provides a counter with CBC-MAC mode (CCM) to provide encryption and an integrity check. Most chipsets that provide an 802.15.4 network block also include a hardware encryption engine for performance improvement. 

At layer three (the network layer) of the protocol, 6LoWPAN has the option to use IPsec standard security (RFC4301). This includes:

• Authentication Handler (AH): As defined in RFC4302 for integrity protection and authentication
• Encapsulating Security Payload (ESP): In RFC4303, adds encryption to secure confidentiality in packets

ESP is by far the most common layer-three secure packet format. Additionally, a mode of ESP defines reusing AES/CCM used in layer-two hardware for layer-three encryption as well (RFC4309). This makes layer three security suitable for constrained 6LoWPAN nodes.

In addition to link layer security, 6LoWPAN also utilizes Transport Layer Security (TLS) for TCP traffic and Datagram Transport Layer Security (DTLS) for UDP traffic.