This study investigates the impact of enabling standardized optional security mechanisms on sub-millisecond end-to-end latency in 5G radio access networks (RANs). Focusing on disaggregated RAN architectures, we construct the first real-world testbed that supports 3GPP-standardized optional security protocols and integrates high-precision latency measurement techniques to quantitatively assess the delay overhead introduced by these security measures in an operational environment. Our results demonstrate that although disaggregated RANs inherently outperform traditional monolithic designs in overall performance, the encryption operation alone incurs over 1 ms of additional latency—exceeding the stringent requirements of ultra-low-latency applications. This finding reveals a fundamental trade-off between enhancing security and achieving extreme low-latency objectives in next-generation wireless networks.

5G promises enhanced performance-not only in bandwidth and capacity, but also latency and security. Its ultra-reliable low-latency configuration targets round-trip times below 1 ms, while optional security controls extend protection across all interfaces, making 5G attractive for mission-critical applications. A key enabler of low latency is the disaggregation of network components, including the RAN, allowing user-plane functions to be deployed nearer to end users. However, this split introduces additional interfaces, whose protection increases latency overhead. In this paper, guided by discussions with a network operator and a 5G manufacturer, we evaluate the latency overhead of enabling optional 5G security controls across internal RAN interfaces and the 5G user plane. To this end, we deploy the first testbed implementing a disaggregated RAN with standardized optional security mechanisms. Our results show that disaggregated RAN deployments retain a latency advantage over monolithic designs, even with security enabled. However, achieving sub-1 ms round-trip times remains challenging, as cryptographic overhead alone can already exceed this target.