Integrity Protection of NDEF Message with Flexible and Enhanced NFC Signature Records

The NFC-Forum released a specification of Signature Record Type Definition (SRTD) shortly after the attacks related to NFC tags surfaced in 2009. The specification adds digital signatures to provide authenticity and integrity to the NFC Data Exchange Format (NDEF) messages. However, the specification in its current form has some shortcomings. For instance it has very limited options for signature algorithms. Further there is no fully-compliant implementation of the SRTD and the application developers might end up implementing their own integrity solution in non-standard (non-compliant to SRTD) way. In this paper, we revamp the current SRTD specification to improve its deficiencies. First, we propose a larger and more flexible combination of signature algorithms for efficient authentication of tag data. Subsequently, we develop a fully compliant prototype of our modified SRTD with all the standard authentication/certification primitives on NFC-based tags and Smartphone. Finally, we perform an in-depth performance evaluation of different signing and verification operations that focuses on execution time and data overheads.