The Security Research Of Encryption And Signature Algorithm In JSON

In recent years,the Java Script Object Notation(JSON)encryption and signature algorithm are widely used with the development of JSON.The use of JSON encryption algorithm can guarantee the data confidential when stored in the endpoint.The use of JSON signature algorithm can provide better performance,and more extensive user authentication capability.However,there are some security problems remaining related to cryptographic algorithms used in JSON.Therefore,this paper analyses the security of the JSON based encryption and signature algorithm and constructs attack experiment and puts forward the reinforcement scheme to solve.In the research about the security analysis of JSON based encryption algorithm,this paper studies the security problem of the RSA-PKCS#1 cryptography standard and elliptic curve key exchange algorithm based on JSON respectively.A chosen ciphertext attack is proposed to crack the content encrypted by RSA-PKCS#1.And,for this vulnerability,this paper proposes a reinforcement scheme based on specific value filling method to avoid the chosen cipher attack.At the same time,this paper proposes an invalid curve attack aiming at ECDH.Also,a reinforcement scheme will be proposed through the detection of the public parameters.By contrast,in the research about the security analysis of signature algorithm in JSON,for the HMAC,a brute force attack based on distributed computing is proposed.Expanding client limitlessly using the characteristics of Zero MQ can improve the efficiency of the attack.Because brute force attack is not caused by a security vulnerability,this paper proposes a reinforcement scheme to increase the difficulty of cracking by increasing the length of the HMAC algorithm secret.In addition,this paper also designs a signature bypassing attack based on the structure of JSON signature serialization.At the same time,a reinforcement scheme is proposed by replacing the signature algorithm with security request.In order to test the practicability of our attack,we have built the corresponding attack environments.We implement these attacks to proof the existence of the vulnerabilities.The experimental results show that there are exactly some security problems about our four attacks proposed.At the same time,the security of the JSON based encryption and signature algorithm can be effectively enhanced by the reinforcement scheme proposed in the paper.