User plane security alternatives in the 3G evolved Multimedia Broadcast Multicast Service (e-MBMS)

The Multimedia Broadcast Multicast Service (MBMS) has been included in the 3GGP architecture to provide broadcast/multicast services. In the 3GPP Long Term Evolution, the evolved MBMS (e-MBMS) architecture is currently being standardized. This position paper discusses the security issues currently being considered for the e-MBMS IP multicast user plane. Currently proposed security architectures "limit" themselves to include Group Security Associations (GSA). In this paper we raise the position that GSA might not be a sufficiently secure solution in the long run. In sight of this, we propose to adopt a secure multicast overlay approach as a possible short-term solution, thanks to its straightforward deployment To prove this latter point we overview how to set-up a proof-of-concept implementation over public domain linux routers. We functionally compare GSA with the proposed secure multicast overlay approach, showing that the overlay approach provides not only the same level of security, but also a reduced risk of denial of service attacks. We preliminarily (qualitatively) discuss the pros and cons of the two solutions in terms of performance. Ongoing work is targeted to complement these preliminary considerations with a quantitative investigation.