1st International ICST Workshop on Multimedia Security in Communication

Research Article

User plane security alternatives in the 3G evolved Multimedia Broadcast Multicast Service (e-MBMS)

  • @INPROCEEDINGS{10.1109/CHINACOM.2008.4685257,
        author={Simone Teofili and Michele Di Mascolo and Giuseppe Bianchi and Stefano Salsano and Alf Zugenmaier},
        title={User plane security alternatives in the 3G evolved Multimedia Broadcast Multicast Service (e-MBMS)},
        proceedings={1st International ICST Workshop on Multimedia Security in Communication},
        publisher={IEEE},
        proceedings_a={MUSIC},
        year={2008},
        month={11},
        keywords={Multicast Broadcast Multimedia Services 3GPP MBMS security},
        doi={10.1109/CHINACOM.2008.4685257}
    }
    
  • Simone Teofili
    Michele Di Mascolo
    Giuseppe Bianchi
    Stefano Salsano
    Alf Zugenmaier
    Year: 2008
    User plane security alternatives in the 3G evolved Multimedia Broadcast Multicast Service (e-MBMS)
    MUSIC
    IEEE
    DOI: 10.1109/CHINACOM.2008.4685257
Simone Teofili1, Michele Di Mascolo1, Giuseppe Bianchi1, Stefano Salsano1, Alf Zugenmaier2
  • 1: Dip. Ing. Elettronica, University of Roma “Tor Vergata”, Rome, Italy
  • 2: DoCoMo Euro-Labs, Munich, Germany

Abstract

The Multimedia Broadcast Multicast Service (MBMS) has been included in the 3GGP architecture to provide broadcast/multicast services. In the 3GPP Long Term Evolution, the evolved MBMS (e-MBMS) architecture is currently being standardized. This position paper discusses the security issues currently being considered for the e-MBMS IP multicast user plane. Currently proposed security architectures "limit" themselves to include Group Security Associations (GSA). In this paper we raise the position that GSA might not be a sufficiently secure solution in the long run. In sight of this, we propose to adopt a secure multicast overlay approach as a possible short-term solution, thanks to its straightforward deployment. To prove this latter point we overview how to set-up a proof-of-concept implementation over public domain linux routers. We functionally compare GSA with the proposed secure multicast overlay approach, showing that the overlay approach provides not only the same level of security, but also a reduced risk of denial of service attacks. We preliminarily (qualitatively) discuss the pros and cons of the two solutions in terms of performance. Ongoing work is targeted to complement these preliminary considerations with a quantitative investigation.