The NFC Forum, which manages and promotes the Near Field Communications protocol, has just come up with a major update of its Signature Record Type Definition (SRTD) 2.0 spec for securing NFC transactions. It comes none too soon, with companies introducing a flood of applications related to cell phones as well a variety of IoT use cases.
According to NFC Forum estimates derived from shipment numbers its members reported, there are in excess of 500 million NFC-enabled smartphones in the global marketplace. And according to market research collected by Strategy Analytics, the number of NFC-enabled devices will grow sharply as an increasing number of manufacturers integrate NFC technology into devices in the home and in commercial buildings, where many will use already widely available smart phones as the means to access such devices.
Then, too, there is the use of NFC in wearable Internet of Things (IoT) applications, where its transmission range of about four inches (10 centimeters) makes NFC ideal for a variety of near-body network apps where such devices need to pass information back and forth and coordinate activities.
The barrier to widespread application is that NFC has had to overcome the lack of adequate security for its various transaction modalities. NFC devices are used in three ways: reader-writer, in which the NFC module either collects data from or writes data to an NFC RFID tag; peer-to-peer, in which two NFC devices exchange data when in close proximity; and card emulation, in which the only NFC function is a proxy, such as for a credit card or a contactless building-access card. In a transaction involving a smartphone, the module inside the phone acts as a contactless card and the module inside the payment terminal acts as a reader, collecting data from the phone and then triggering a secure transaction.
In Version 1.0 of the SRTD spec, the mechanisms used for guaranteeing the security of messages using the NFC Data Exchange Format (NDEF) were based on techniques similar to those used in most web browsers, where code signing techniques for securing a transaction are tied to internally create digital certificates, causing a host of security problems.
According to Tony Rosati, NFC Forum Security Technical Working Group Chair, in the original specification signed NDEF records were used to prevent malicious use of NFC tags. So when a smartphone user taps NFC tags containing URLs, there was some protection against such things as phishing attacks that directed users to unsafe network locations. Theoretically, signing the NDEF record protected the integrity of the contents and allowed the user to identify the signer if they wish.
However, the signature RTD mechanisms incorporated into the original specification contained vulnerabilities that permitted the content of signed NDEF records to be manipulated. Only parts of the signed record fields were secured, while other things such as header fields were not, leaving them open to access. Signature RTDs were also susceptible to security issues due to use of remote URIs (uniform access identifiers) that could be manipulated to gain access to such things as usage information from the NFC tags.
According to Rosati, many of these concerns have been dealt with successfully in the Forum's new Signature Record Type Definition RTD 2.0 spec. In the new version, the signing certificate mechanisms have been beefed up to prevent malicious use of NFC tags. This is done through the use of protected NDEF records that are assigned a certificate obtained from third party Certificate Authorities. This prevents malicious hackers from tampering with trusted messages because the signature record in each NFC transaction identifies the signer by name. Signers who act in bad faith can have their privileges quickly revoked.