JAVASCRIPT SECURITY USING CRYPTOGRAPHIC HASH FUNCTIONS

The subject of this research is the development of methods of protection against attacks on third-party JavaScript and the document object model (DOM). The purpose of the article is to develop an algorithm and determine the effectiveness of using cryptographic hash functions as one of the methods of...

Full description

Saved in:
Bibliographic Details
Published in:Сучасні інформаційні системи Vol. 3; no. 4; pp. 105 - 108
Main Authors: Rahimova, Irada, Qubadova, Firangiz, Asker zade, Barayat, Pohasii, Serhii
Format: Journal Article
Language:English
Published: National Technical University "Kharkiv Polytechnic Institute" 23.12.2019
Subjects:
cryptographic hash functions
document object model
JavaScript security
method of protection against attacks
ISSN:2522-9052
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The subject of this research is the development of methods of protection against attacks on third-party JavaScript and the document object model (DOM). The purpose of the article is to develop an algorithm and determine the effectiveness of using cryptographic hash functions as one of the methods of protection against attacks on third-party JavaScript resources. The third-party JavaScript code download chain may consist of three or four third-party websites. From a security point of view, this creates a risk of attack on a third-party resource. If the attacker compromises one of the third-party resources, this will affect the entire chain using this resource. Based on these conditions, it is indispensable to solve the following tasks: to develop a secure algorithm for hash functions for protecting applications in JavaScript, which will constantly monitor changes that occur on a web page; determine the advantages and disadvantages of the method in real operating conditions. In the process of the study, the following results were obtained: the problems of writing safe code in JS were considered, the algorithm for using cryptographic hash functions was proposed, the essence of which is that the hash is calculated at the first moment of loading a third-party resource. Each time a third-party resource is loaded, the algorithm calculates its hash and compares it with the value of the first hash. It is established that cryptographic hash functions on the example of sha384 have the property of an avalanche effect. It is recommended to use this method for web pages with mission-critical operations, such as payment pages, registration, password reset or account login. Their strengths and weaknesses were also revealed in the process of improving the JavaScript protection method.
ISSN:2522-9052
DOI:10.20998/2522-9052.2019.4.15