A Record Composition/Decomposition attack on the NDEF Signature Record Type Definition

The Signature Record Type Definition was released by the Near Field Communication (NFC) Forum to provide integrity and authenticity to the NFC Data Exchange Format (NDEF). It achieves this goal by adding a digital signature and corresponding certificates to the NDEF message. Although the Signature Record Type Definition (Signature RTD) specifies the use of strong cryptographic algorithms like RSA, DSA, ECDSA, a few vulnerabilities have been discovered in its implementation. A recently published Record Composition Attack by Roland et al. (2011) describes how data can be modified in an NDEF message by exploiting the Type Name Format (TNF) field even though the NDEF message is protected by a Signature Record. This paper takes a close look at this attack and points out that, apart from TNF value, a few other fields of the NDEF header must also be manipulated in order to implement this attack successfully. It is shown how to do this and some modifications to the signature scheme are proposed in order to counter such attacks. However, more significantly, we need to propose an update to the NDEF record specification in order to achieve the security required from a signature scheme.