This study addresses the latency overhead introduced by network-layer security mechanisms in 5G ultra-reliable low-latency communication (URLLC). It presents the first systematic quantification of security-induced latency for IPsec (IKEv2/ESP) and WireGuard on both the user plane (N3 interface) and control plane (service-based interfaces) within 5G standalone (SA) architecture. Leveraging real-world traffic capture, fine-grained latency injection, and comparative analysis, the evaluation reveals that properly configured IPsec incurs a median latency below 50 μs—meeting stringent URLLC requirements—whereas WireGuard offers no significant latency advantage and lacks 3GPP standardization support. The paper innovatively proposes a dual-plane, differential security-latency measurement framework. This framework provides empirical evidence and engineering guidance for selecting and optimizing network-layer security mechanisms in URLLC deployments.

In contrast to its predecessors, 5G supports a wide range of commercial, industrial, and critical infrastructure scenarios. One key feature of 5G, ultra-reliable low latency communication, is particularly appealing to such scenarios for its real-time capabilities. However, 5G's enhanced security, mostly realized through optional security controls, imposes additional overhead on the network performance, potentially hindering its real-time capabilities. To better assess this impact and guide operators in choosing between different options, we measure the latency overhead of IPsec when applied over the N3 and the service-based interfaces to protect user and control plane data, respectively. Furthermore, we evaluate whether WireGuard constitutes an alternative to reduce this overhead. Our findings show that IPsec, if configured correctly, has minimal latency impact and thus is a prime candidate to secure real-time critical scenarios.