The Practical Uses of the NFC Signature RTD 2.0 Specification
Imagine walking into your favorite coffee shop and, while you wait in line, you tap an NFC smart poster with your smartphone. It connects you to free Wi-Fi, offers you the promotion of the day, and allows you to place an order without having to configure anything. A great user experience! How do you implement it? Program a URL on an NFC tag embedded in the smart poster. How do you trust the NFC tag? That’s where the recently published Signature RTD 2.0 comes in.
There are a million use cases for NFC tags. Check out the NFC Forum product showcase or NFC World for examples. NFC tags can be found in Adidas running shoes, collectible college footballs, advertising, and sushi plates (to tally your bill). And the list goes on. Soon, they will be used on everyday items simply to connect those objects to the Internet. It’s great for consumers: tap to register your product, get support, or take advantage of promotions. For manufacturers, NFC enables “tap analytics,” providing a way to measure user interactions with everyday objects, and thereby aid in product development.
When used for good, NFC tags empower brands, retailers, venues, municipalities, and manufacturers in new and exciting ways. When used for evil, tags can open the door to things like phishing attacks — and that could seriously degrade the usability of the NFC experience.
The answer is to sign the NFC tag’s message with a digital signature. Signing protects the integrity of messages by preventing them from being modified. One can also identify the author (i.e. the tag signer). One can further couple signed tags with a web service to detect cloning with “tap analytics.”
What is the user experience on a mobile device for signed NFC tags versus unsigned NFC tags?
This is really up to the OS vendors and app developers. At a high level, one can improve the user experience. Tap the NFC tag, and if the signature verifies, then perform the action. If there is no signature, then ask the user if it’s okay to proceed. The user should be able to get a little more information, such as the name of the tag author, but most users won’t care about that. NFC tag authors are vetted by globally recognized and reputable Certificate Authorities (CAs). Can hackers get a signing certificate? Yes, they can, but they probably won’t because they could then be tracked and have their certificates easily revoked. A hacker would almost certainly try to be malicious without signatures and hope that the user would accept URLs, for example.
How does the system work?
The Signature Record applied to an NDEF record adds integrity protection to the contents of the NFC tag. The signature record contains both the signature and certificate chain. When a user taps a signed NFC tag, the signature is verified through a certificate chain from a trusted third party CA root certificate. As long as the mobile device has an NFC root certificate, the signature can be verified off-line.
Technically, the Signature RTD idea borrows heavily from Code Signing where apps are digitally signed so that they can’t be modified. In this system, bad authors can be easily identified (and revoked).
The ecosystem for NFC signatures works as follows: CAs (following the NFC Forum Signature RTD Certificate Policy) issue signing certificates to organizations and individuals so that they can sign their NFC tags (NDEF messages). Let’s call them NFC tag authors. These signing certificates chain back to a root certificate that is stored on NFC enabled devices so that they can verify NFC tags. Note that NFC root certificates are typically stored in a mobile devices certificate store.
What are the storage requirements of the Signature Record? In the past, certificates were rather large (at least 1 Kbytes) using the traditional X.509 format. This means they will not fit on low-cost Type 1 and 2 NFC tags. To address this, the NFC Forum Security Working Group defined a machine-to-machine (M2M) compact certificate format that enables a much smaller size — around 300 bytes.
Can the Signature RTD prevent NFC Tag cloning? Yes. Along with the NDEF message, one can sign hardware attributes of the NFC tag. If a tag is cloned, then the verifier can see that the signed hardware attributes do not match the hardware attributes received from the actual NFC tag.
Can NFC tags be removed and replaced by bad actors? Yes. However, tag users can avert this threat by mounting the NFC tag in a poster or behind a barrier of glass or plastic. There are simple countermeasures to prevent tag replacement.