Secure communications have a key role in future networks and applications. Information security provisions such as authorization, authentication, and encryption must be added to current communications protocols. To accomplish this, each protocol must be reexamined to determine the impact on performance of adding such security services. This paper presents an experimental evaluation of the performance costs of a wide variety of authentication methods over IKEv2 in real and partly emulated scenarios of next generation wireless networks. The studied methods are pre-shared keys (PSKs), extensible authentication protocol (EAP) using MD5, SIM, TTLS-MD5, TLS, and PEAP-MSCHAPv2. For the EAP-based methods, RADIUS is used as the authentication, authorization, and accounting (AAA) server. Different lengths of certificate chains are studied in case of the TLS-based methods, i.e., TTLS-MD5, TLS, and PEAP-MSCHAPv2. The paper first presents a brief overview of the considered authentication methods. Then, a comparison of the costs for message transfers and computations associated with the authentication methods is provided. The measurement results are verified through a simple analysis, and interpreted by discussing the main contributing factors of the costs. The measurement results illustrate the practical costs involved for IKEv2 authentication, and the implications of the use of different methods are discussed. compose application services. They allow mobile users to engage in all kinds of Internet transactions and services with appropriate trust and security relationship management. One of the main issues on the connectivity level is how to seamlessly integrate the heterogeneous RANs and to realize two major functionalities on top of these networks. The two PERFORMANCE EVALUATION OF IKEv2 AUTHENTICATION METHODS 85 WiFi. The initiator and the responder communicate over an IEEE 802.11g WiFi RAN using IPv6. UMTS. The initiator has native IPv6 access to the responder over an UMTS test network. Far-close. This scenario is an extension of the WiFi scenario. It emulates a situation where the initiator