Secure communications have a key role in future networks and
applications. Information security provisions such as
authorization, authentication, and encryption must be added to
current communications protocols. To accomplish
this, each protocol must be reexamined to determine the impact
on performance of adding such security services.
This paper presents an experimental evaluation of the
performance costs of a wide variety of authentication methods
over IKEv2 in real and partly emulated scenarios of next
generation wireless networks. The studied methods are
pre-shared keys (PSK), extensible authentication protocol (EAP)
using MD5, SIM, TTLS-MD5, TLS, and PEAPMSCHAPv2.
For the EAP-based methods RADIUS is used as the authentication,
authorization, and accounting
(AAA) server. Different lengths of certificate chains are
studied in case of the TLS-based methods, i.e., TTLSMD5,
TLS, and PEAP-MSCHAPv2. The paper first presents a brief
overview of the considered authentication
methods. Then, a comparison of the costs for message transfers
and computations associated with the authentication
methods is provided. The measurement results are verified
through a simple analysis, and interpreted by discussing
the main contributing factors of the costs. The measurement
results illustrate the practical costs involved for IKEv2
authentication, and the implications of the use of different
methods are discussed.
