Security Vulnerabilities of the NDEF Signature Record Type
Authors: Michael Roland1, Josef Langer1, Josef Scharinger2
Organizations:
1) Upper Austria University of Applied Sciences, Austria
2) Department of Computational Perception, Johannes Kepler University Linz, Austria
The NFC Forum has released a first candidate for their Signature Record Type Definition. This specification adds digital signatures to the NFC Data Exchange Format (NDEF), which is a standardized format for storing data on NFC (Near Field Communication) tags and for transporting data across peer-to-peer links between NFC devices. With an increasing number of applications of the NFC and NDEF technology, more and more security threats became apparent. The signature record type is supposed to increase security for NDEF applications by providing authenticity and integrity to the NDEF data. This paper takes a close look on the recently published Signature Record Type Definition and discusses its various security aspects. First, we introduce the signature record type and its usage. After that, we analyze the security aspects of the current signature method. Finally, we disclose multiple security vulnerabilities of the current Signature Record Type Definition and propose measures to avoid them.