In this paper, we present the implementation and performance evaluation of security functionalities at the link layer of IEEE 802.15.4-compliant IoT devices. Specifically, we implement the required encryption and authentication mechanisms entirely in software and as well exploit the hardware ciphers that are made available by our IoT platform. Moreover, we present quantitative results on the memory footprint, the execution time and the energy consumption of selected implementation modes and discuss some relevant tradeoffs. As expected, we find that hardware-based implementations are not only much faster, leading to latencies shorter than two orders of magnitude compared to software-based security suites, but also provide substantial savings in terms of ROM memory occupation, i.e. up to six times, and energy consumption. Furthermore, the addition of hardware-based security support at the link layer only marginally impacts the network lifetime metric, leading to worst-case reductions of just 2% compared to the case where no security is employed. This is due to the fact that energy consumption is dominated by other factors, including the transmission and reception of data packets and the control traffic that is required to maintain the network structures for routing and data collection. On the other hand, entirely software-based implementations are to be avoided as the network lifetime reduction in this case can be as high as 25%.