An Attack on Signed NFC Records and Some Necessary Revisions of NFC Specifications

The Signature Record Type Definition was released by the Near Field Communication (NFC) Forum to provide integrity and authenticity to the NFC Data Exchange Format (NDEF). It achieves this goal by adding a digital signature and corresponding certificates to the NDEF message. Although the Signature Record Type Definition (Signature RTD) specifies the use of strong cryptographic algorithms like RSA, DSA and ECDSA, a few vulnerabilities have been discovered in its implementation. A recently published Record Composition Attack by Roland et al. (2011) describes how data can be modified in an NDEF message by exploiting the Type Name Format (TNF) field even though the NDEF message is protected by a Signature Record.
This paper takes a close look at the attack and points out that, apart from the TNF value, a few other fields of the NDEF header must also be manipulated in order to implement this attack successfully. It is shown how to do this and some necessary modifications to the signature scheme are proposed in order to counter such attacks. Our main contribution is proposing a revision to the Signature specification by signing more fields but keeping the existing NDEF specification.