The 3GPP architecture includes the Multimedia Broadcast Multicast Service (MBMS) to provide efficient broadcast and multicast services. In the 3GPP long-term evolution, the evolved MBMS (e-MBMS) architecture is currently being standardized. Unlike MBMS, the new e-MBMS architecture explicitly raises, as additional security requirement, the protection of the IP multicast user plane. Currently proposed e-MBMS security architectures "limit" themselves to suggest the deployment of Group Security Associations (GSA). In this paper, we start by discussing that, on one side, GSA might not be a sufficiently secure solution in the long run, and on the other side GSA integration within the e-MBMS architecture might not be as straightforward as it might appear. The point made in this paper is that there are sound alternatives to GSA if the goal is to deploy a short-term solution with basically no impact on the current e-MBMS architecture. In particular, we propose to adopt a Secure Multicast Overlay (SMO) approach. To prove the straightforward implementation of SMO we describe how a proof-of-concept test-bed over public domain linux routers. Moreover, a functional comparison between GSA and SMO leads us to the following conclusions: (i) not only SMO provides the same level of security of GSA, but also it achieves a reduced risk of denial of service attacks; (ii) SMO has significant advantages over GSA in terms of impact on the architecture and on device requirements; (iii) security association management and key management in GSA has a greater impact on the performance achievable than in the case of SMO. We believe that these advantages outweigh the performance penalties due to overlay networking overhead. Copyright (C) 2008 John Wiley & Sons, Ltd.
