Introduction
Symbian is the operating system of a wide variety of so called smart mobile phones providing an open development environment for different mobile vendors and mobile operators. As of December 2005, worldwide shipments of Symbian OS phones reached 58.8 million phones (source: Symbian website).

The newest version of the operating system, version 9.1 is just about to appear in commercially available mobile phones. Both Nokia and Sony Ericsson have announced phones based on this version, most notably the Nokia N91 and the Sony Ericsson W950i type. While one of the most important novelties of the new OS is a Trusted Computing based security model (especially suitable for DRM), the main customer-attracting function is to act as an easily usable music player – undoubtedly an attempt to gain a foothold in the Apple iPod-dominated market segment.

In this article first the Trusted Computing based security model of Symbian v9.1 will be introduced, then I will evaluate the possibilities of using v9.1 for DRM, and finally I will look into the chances of the music-enabled phones to become real competitors of the iPod.

Platform security in Symbian OS
The implementation of the Trusted Computing concept in the new Symbian operating system is called Platform Security and its main security functions are the following:

  • In the capability model so called capabilities (similar to permissions) are assigned to groups of sensitive operations (e.g. network access, PIM access, local connectivity or camera access). Only processes having the corresponding capabilities can carry out the given sensitive operation. Capabilities are grouped: the most critical (e.g. access to all files of the phone) form the Trusted Computing Base (TCB), which allows full access to all system resources; the Trusted Computing Environment (TCE) comprises capabilities for selected system services and finally all other capabilities are user-visible. Naturally, only a small, highly trusted group of applications will have TCB capabilities, most programs will only have user visible capabilities at most.

  • Symbian v9.1 incorporates a secure software installation mechanism: only digitally signed applications can be installed. The set of capabilities assigned to the applications is included in the installation package (also protected by the signature) and cannot be altered. The signatures are centrally issued (by Symbian, see SymbianSigned, or by the vendor or operator) only after the developer has been reliably identified and the need for the required capabilities is justified. A crucial property of v9.1 is that applications cannot be modified after they have been installed – the kernel (i.e. the system’s innermost core) ensures that the location of executable applications is read-only, thus only what has been digitally signed can run on the phone. This means that no third party program can be run on the system with crucial capabilities without prior authorization, thereby mitigating the chance that hackers gain access to the system and also the possibility of virus spreading can also be effectively limited.

  • Finally, the OS enforces separation of the applications and processes. During run-time applications cannot access each other’s memory area except for carefully guarded inter-process communication, whereas for persistent storage each application may create a private directory to which only that application has access. This technique is called data caging, so storing sensitive data in private directories applications can protect their assets from other applications and therefore even against the user himself.

With these new features Symbian took a large step forward providing a secure mobile platform – a risky undertaking considering that the new architecture broke compatibility with the old one, thus previous applications of Symbian v6 and v7 will not run on v9.1. It remains to be seen whether this change was worthwhile, only time will tell the real strength of the architecture since there are currently no devices on the market with Symbian OS v9.1 and thus it has not yet been tested by the community.

DRM based on platform security
Although the aim of Platform Security was not mainly to provide a secure architecture for Digital Rights Management, Symbian v9.1 surely is a starting base for DRM:

  • Due to the secure software installation mechanism and the capability model (as DRM is also guarded by a dedicated capability) only digitally signed and designated applications can access DRM services thus limiting the possibility of unauthorized access. The fact that only tested, signed (and thus back-traceable) applications are allowed to run on a phone is also in favour of DRM.

  • On the other hand data caging is especially useful for storing secret DRM information (e.g. keys or usage count for limited access assets), since only the dedicated DRM application has access to these pieces of information and thus the secrets can be effectively hidden from unauthorized parties.

These special functions make Symbian v9.1 a safe choice to implement a DRM system.

Music players based on Symbian v9.1
In 2005 Nokia announced the N91 music-enabled mobile phone with 4 GB internal storage for multimedia files. Sony Ericsson soon followed with the W950i, which has similarly 4 GB of space for multimedia. Although neither of them is available on the market yet, both are planned to have Symbian v9.1 as the operating system. While it is yet unsure what DRM solutions W950i will support, Nokia has already announced full OMA DRM 2 and Windows Media DRM 10 support for N91.

Up till now mobile phones on their own did not have enough capacity to store a reasonable amount of music files internally, and only high-end models were outfitted with some sort of memory card slots to be able to play music files from removable storage. This was clearly inferior to Apple’s various iPod versions where the smallest version has 1 GB internal storage capacity (and larger ones going up to 60 GB). With this first step of 4 GB internal drives the mobile vendors demonstrate their decision to enter the market of portable music players. What can be the advantages of such devices against the market-dominant iPods?

  • First of all these devices are not just music players, they are fully featured smart phones with a wide variety of functions ranging from office applications, PIM services to naturally all kinds of connectivity (GSM, GRPS, 3G, Bluetooth and sometimes even W-LAN etc.).

  • Secondly, Nokia has already demonstrated the will to support multiple DRM formats (namely OMA DRM2 and Windows Media DRM 10). This will not only attract content providers but also customers as music from different platforms can be accessed and shared. Many surveys clearly showed that interoperability is a key advantage in case of DRM solutions.

  • Finally, Symbian-based platforms have a reputation of being secure – whereas installing a custom OS onto iPod has a lively community (see the iPodLinux homepage) and the Fairplay DRM system has already been circumvented (Orlowski, 2004), cracking or re-flashing a Symbian-based phone has not yet been demonstrated in public.

All these advantages and the ease of usage will compete with the dominance of iPod and iTunes.

Bottom line
Apple’s dominance with the iPod music player on the market is unquestionable; however the competition is slowly starting to react. The newest potential rivals arrive in the form of smart phones with 4 GB of internal storage for music files. The device from both Nokia and Sony Ericsson are based on the upcoming operating system of Symbian with enhanced security functions based on Trusted Computing. The applicability of such phones for DRM-based solutions is obvious, thus support from content providers can be anticipated, and their rich feature set may provide them with an advantage over the iPods. The question is whether the market will also appreciate these devices and how the different DRM solutions will be affected – could it be that this new competition will enforce their interoperability?

Sources

About the author: Gergely Tóth is a researcher at SEARCH Laboratory, Budapest, Hungary. Besides Digital Rights Management his core interests include security and privacy. Please visit http://www.planeforge.com/home/tgm.

Status: first posted 02/03/06; licensed under Creative Commons; included in the INDICARE Monitor of February 2006
URL: http://www.indicare.org/tiki-read_article.php?articleId=185