JAVASCRIPT SECURITY USING CRYPTOGRAPHIC HASH FUNCTIONS
The subject of this research is the development of methods of protection against attacks on third-party JavaScript and the document object model (DOM). The purpose of the article is to develop an algorithm and determine the effectiveness of using cryptographic hash functions as one of the methods of...
Uloženo v:
| Vydáno v: | Сучасні інформаційні системи Ročník 3; číslo 4; s. 105 - 108 |
|---|---|
| Hlavní autoři: | , , , |
| Médium: | Journal Article |
| Jazyk: | angličtina |
| Vydáno: |
National Technical University "Kharkiv Polytechnic Institute"
23.12.2019
|
| Témata: | |
| ISSN: | 2522-9052 |
| On-line přístup: | Získat plný text |
| Tagy: |
Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Abstract | The subject of this research is the development of methods of protection against attacks on third-party JavaScript and the document object model (DOM). The purpose of the article is to develop an algorithm and determine the effectiveness of using cryptographic hash functions as one of the methods of protection against attacks on third-party JavaScript resources. The third-party JavaScript code download chain may consist of three or four third-party websites. From a security point of view, this creates a risk of attack on a third-party resource. If the attacker compromises one of the third-party resources, this will affect the entire chain using this resource. Based on these conditions, it is indispensable to solve the following tasks: to develop a secure algorithm for hash functions for protecting applications in JavaScript, which will constantly monitor changes that occur on a web page; determine the advantages and disadvantages of the method in real operating conditions. In the process of the study, the following results were obtained: the problems of writing safe code in JS were considered, the algorithm for using cryptographic hash functions was proposed, the essence of which is that the hash is calculated at the first moment of loading a third-party resource. Each time a third-party resource is loaded, the algorithm calculates its hash and compares it with the value of the first hash. It is established that cryptographic hash functions on the example of sha384 have the property of an avalanche effect. It is recommended to use this method for web pages with mission-critical operations, such as payment pages, registration, password reset or account login. Their strengths and weaknesses were also revealed in the process of improving the JavaScript protection method. |
|---|---|
| AbstractList | The subject of this research is the development of methods of protection against attacks on third-party JavaScript and the document object model (DOM). The purpose of the article is to develop an algorithm and determine the effectiveness of using cryptographic hash functions as one of the methods of protection against attacks on third-party JavaScript resources. The third-party JavaScript code download chain may consist of three or four third-party websites. From a security point of view, this creates a risk of attack on a third-party resource. If the attacker compromises one of the third-party resources, this will affect the entire chain using this resource. Based on these conditions, it is indispensable to solve the following tasks: to develop a secure algorithm for hash functions for protecting applications in JavaScript, which will constantly monitor changes that occur on a web page; determine the advantages and disadvantages of the method in real operating conditions. In the process of the study, the following results were obtained: the problems of writing safe code in JS were considered, the algorithm for using cryptographic hash functions was proposed, the essence of which is that the hash is calculated at the first moment of loading a third-party resource. Each time a third-party resource is loaded, the algorithm calculates its hash and compares it with the value of the first hash. It is established that cryptographic hash functions on the example of sha384 have the property of an avalanche effect. It is recommended to use this method for web pages with mission-critical operations, such as payment pages, registration, password reset or account login. Their strengths and weaknesses were also revealed in the process of improving the JavaScript protection method. |
| Author | Rahimova, Irada Pohasii, Serhii Qubadova, Firangiz Asker zade, Barayat |
| Author_xml | – sequence: 1 givenname: Irada surname: Rahimova fullname: Rahimova, Irada – sequence: 2 givenname: Firangiz surname: Qubadova fullname: Qubadova, Firangiz – sequence: 3 givenname: Barayat surname: Asker zade fullname: Asker zade, Barayat – sequence: 4 givenname: Serhii surname: Pohasii fullname: Pohasii, Serhii |
| BookMark | eNo9kMtuwjAURL2gUmnLH3SRHwi9vo4TexlZQFwhQHlUYmU5sVOBKKmSbvr3JVCxGs2MdBbniUzO3dkT8kphjiCleEOOGErgeOlUzqM55RMyva-PZDYMRwBASZHGckri9_QjLVSud2VQLFSV63IfVIXerAKV73fldpWnu0yrIEuLLFhWG1Xq7aZ4IQ-tPQ1-9p_PpFouSpWF6-1Kq3QdNpQnPIyhbigKBw4EQ0-lEyxuEk6hrrFmyKRzLGoFgh1fcC33SRJbRp0VtkH2TPSN6zp7NN_94cv2v6azB3Mduv7T2P7n0Jy88ZIzBwmvJWDEmJUeRXSxkEhLW9nwCyu6sZq-G4bet3ceBXPVZ0ZRZhRlRn0mMpSzPxc1Xyg |
| ContentType | Journal Article |
| DBID | AAYXX CITATION DOA |
| DOI | 10.20998/2522-9052.2019.4.15 |
| DatabaseName | CrossRef DOAJ Directory of Open Access Journals |
| DatabaseTitle | CrossRef |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: DOA name: DOAJ Directory of Open Access Journals (WRLC) url: https://www.doaj.org/ sourceTypes: Open Website |
| DeliveryMethod | fulltext_linktorsrc |
| EndPage | 108 |
| ExternalDocumentID | oai_doaj_org_article_e953d075b902433a9e28420179a1f9c5 10_20998_2522_9052_2019_4_15 |
| GroupedDBID | AAYXX ALMA_UNASSIGNED_HOLDINGS CITATION GROUPED_DOAJ |
| ID | FETCH-LOGICAL-c1575-60bc128d0d0832e19d836c7510bb2b3239dd34f820a2e190df5e776a31da8ac23 |
| IEDL.DBID | DOA |
| ISSN | 2522-9052 |
| IngestDate | Fri Oct 03 12:36:34 EDT 2025 Sat Nov 29 02:13:06 EST 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 4 |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c1575-60bc128d0d0832e19d836c7510bb2b3239dd34f820a2e190df5e776a31da8ac23 |
| OpenAccessLink | https://doaj.org/article/e953d075b902433a9e28420179a1f9c5 |
| PageCount | 4 |
| ParticipantIDs | doaj_primary_oai_doaj_org_article_e953d075b902433a9e28420179a1f9c5 crossref_primary_10_20998_2522_9052_2019_4_15 |
| PublicationCentury | 2000 |
| PublicationDate | 2019-12-23 |
| PublicationDateYYYYMMDD | 2019-12-23 |
| PublicationDate_xml | – month: 12 year: 2019 text: 2019-12-23 day: 23 |
| PublicationDecade | 2010 |
| PublicationTitle | Сучасні інформаційні системи |
| PublicationYear | 2019 |
| Publisher | National Technical University "Kharkiv Polytechnic Institute" |
| Publisher_xml | – name: National Technical University "Kharkiv Polytechnic Institute" |
| SSID | ssj0002912169 |
| Score | 2.0896804 |
| Snippet | The subject of this research is the development of methods of protection against attacks on third-party JavaScript and the document object model (DOM). The... |
| SourceID | doaj crossref |
| SourceType | Open Website Index Database |
| StartPage | 105 |
| SubjectTerms | cryptographic hash functions document object model JavaScript security method of protection against attacks |
| Title | JAVASCRIPT SECURITY USING CRYPTOGRAPHIC HASH FUNCTIONS |
| URI | https://doaj.org/article/e953d075b902433a9e28420179a1f9c5 |
| Volume | 3 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVAON databaseName: DOAJ Directory of Open Access Journals (WRLC) issn: 2522-9052 databaseCode: DOA dateStart: 20170101 customDbUrl: isFulltext: true dateEnd: 99991231 titleUrlDefault: https://www.doaj.org/ omitProxy: false ssIdentifier: ssj0002912169 providerName: Directory of Open Access Journals |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV09T8MwELVQxcCCQIAoX8rAmtZf-fAYorYpQ4mSFLWT5diJxFJQKfx-fE6psrGwOpHlvLv4naXzewg9KlXbPAmMz00QgoVZ4NcR6N5yrm05QZUKW2c2ES0W8Wol8p7VF_SEdfLAHXDjRgTMWF6rBWjnMSUau6FSyCNFWqGdeimORO8wBXswFYQS52dHbYHhCxzQ7t4c3BSNx4dB6O0SIz4CV9weL_Xk-x3PTM_Q6b5A9JJuYefoqNlcoPA5eU3KtJjnlVdO0mUxr9YeOGbMvLRY59XLrEjybJ56WVJm3nS5cK0h5SVaTidVmvl7xwNfE1s3-SGutSUMg42tjGhDhIlZqCP739Q1rRllwhjGW8vaCp5i0wZNFIWKEaNiZcG9QoPN-6a5Rh4XFMdaBIobwU3LFcEac1MzoeO4wWyI_N_vlR-dsIW0BwKHjwR8JOAjAR_JJQmG6AlAObwLstRuwAZL7oMl_wrWzX9McotOYFXQU0LZHRrstl_NPTrW37u3z-2Dy4MfZGaqQg |
| linkProvider | Directory of Open Access Journals |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=JAVASCRIPT+SECURITY+USING+CRYPTOGRAPHIC+HASH+FUNCTIONS&rft.jtitle=%D0%A1%D1%83%D1%87%D0%B0%D1%81%D0%BD%D1%96+%D1%96%D0%BD%D1%84%D0%BE%D1%80%D0%BC%D0%B0%D1%86%D1%96%D0%B9%D0%BD%D1%96+%D1%81%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D0%B8&rft.au=Rahimova%2C+Irada&rft.au=Qubadova%2C+Firangiz&rft.au=Asker+zade%2C+Barayat&rft.au=Pohasii%2C+Serhii&rft.date=2019-12-23&rft.issn=2522-9052&rft.volume=3&rft.issue=4&rft.spage=105&rft.epage=108&rft_id=info:doi/10.20998%2F2522-9052.2019.4.15&rft.externalDBID=n%2Fa&rft.externalDocID=10_20998_2522_9052_2019_4_15 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2522-9052&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2522-9052&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2522-9052&client=summon |