Urban digital services increasingly depend on resilient, low-latency, and secure network transport. This requirement is especially acute in smart-city environments, where edge-connected public services, web platforms, and data-intensive civic systems must remain available under hostile traffic conditions. This paper presents a structured comparative study of Quick UDP Internet Connections (QUIC/UDP) and TLS over Transmission Control Protocol (TLS/TCP) under unsafe network conditions, with emphasis on operational implications for smart-city digital infrastructure. A real-world four-node platform comprising a client, server, router, and attacker is used to evaluate the two protocol stacks under three classes of attack: denial-of-service attacks, man-in-the-middle attacks, and traffic analysis attacks. Efficiency is assessed through client delay, packet loss, server CPU utilization, and server memory utilization, while security is examined using website-fingerprinting performance and protocol-conditional model accuracy. The experimental evidence shows a clear attack-dependent asymmetry. Under connection-flooding denial-of-service conditions, QUIC maintains substantially lower latency; at 100 attack handshakes per second, the client delay observed with TLS/TCP is almost 20 times that of QUIC/UDP. TCP packet loss begins to increase once the attack rate exceeds 60 handshakes per second, and the TCP server becomes fully CPU-bound above roughly 50 attack handshakes per second, whereas QUIC does not exhaust CPU capacity even at 100 attacks per second. Under slowloris conditions, both protocols avoid packet loss and maintain low delay, but QUIC retains a memory-efficiency advantage. Under man-in-the-middle attacks, the performance ordering reverses: QUIC incurs longer client delays and greater data loss than TLS/TCP, while server replay produces delays in the 40–50 ms range for both stacks, with QUIC remaining slightly slower. In traffic analysis, TCP achieves the higher classifier F1-score (0.67495 versus 0.63497), indicating stronger overall confidentiality in this implementation, although QUIC traffic patterns remain harder to learn by machine-learning methods. Taken together, the findings support a deployment principle of contextual protocol selection for smart-city systems: QUIC is preferable when availability and connection efficiency dominate, whereas TLS/TCP is preferable when manipulation resistance and confidentiality are the primary concern.