1122 1050
Full Length Article
Journal of Cybersecurity and Information Management
Volume 6 , Issue 1, PP: PP. 5-17 , 2021 | Cite this article as | XML | Html |PDF

Title

Managing a Secure JSON Web Token Implementation By Handling Cryptographic Key Management for JWT Signature in REST API: : A survey

  Nihal Salah 1

1  Faculty of Computers & Informatics, Zagazig University, Department of Information Technology
    (nihal.radwan@hotmail.com)

Full Text Download


Doi   :   https://doi.org/10.54216/JCIM.060101

Received: January 24, 2021 , Revised: March 24, 2020 , Accepted: April 11, 2020

Abstract :

  JSON Web Token (JWT) is a compact and self-contained mechanism, digitally authenticated and trusted, for transmitting data between various parties. They are mainly used for implementing stateless authentication mechanisms. The Open Authorization (OAuth 2.0) implementations are using JWTs for their access tokens. OAuth 2.0 and JWT are used token frameworks or standards for authorizing access to REST APIs because of their statelessness and the signature implementation. The most important cryptographic algorithms were tested namely a symmetric algorithm HS256 (HMAC with SHA-256) and an asymmetric algorithm RS256 (RSA Signature with SHA-256) used to construct JWT for signing token based on several parameters of the speed of generating tokens, the size of tokens, time data transfer tokens and security of tokens against attacks.In this research,we propose an approach used for handling cryptographic key management for signing RS256 tokens to ensure the security of the application's architecture. JWT offer a variety of options to manage keys, the server always needs to verify the validity of the key before trusting it for verify that a JWT implementation is secure.The experimental results show It's better to use the RS256 signature method for handling cryptographic key management for signing tokens to manage a secure JWT Implementation

Keywords :

Authorization , JWT , Security , Cryptographic key management

References :

1. Ong, S.P., et al., The Materials Application Programming Interface (API): A simple, flexible and efficient API formaterials data based on REpresentational State Transfer (REST) principles. Computational Materials Science, 2015.97: p. 209-215.

2. Hardt, D., The OAuth 2.0 authorization framework. 2012, RFC 6749, October.

3. Jones, M., B. Campbell, and C. Mortimore, JSON Web Token (JWT) profile for OAuth 2.0 client authentication andauthorization Grants. May-2015.[Online]. Available: https://tools. ietf. org/html/rfc7523, 2015.

4. Peyrott, S.E., The JWT Handbook. 2017.

5. Jones, M. JSON Web Key (JWK). May 2015; Available from: https://tools.ietf.org/html/rfc7517.

6. auth0. JSON Web Key Set. Available from: https://auth0.com/docs/jwks.

7. Peyrott, S., The JWT Handbook. Seattle, WA, United States, 2016.

8. Ethelbert, O., et al. A JSON token-based authentication and access management schema for Cloud SaaS applications. in 2017 IEEE 5th International Conference on Future Internet of Things and Cloud (FiCloud). 2017. IEEE.

9. Ehab rushdy, W.K., Nihal salah, Framework to secure the oauth 2.0 and json web token for rest api. Journal of Theoretical and Applied Information Technology, Vol. 99. No. 09 -- 2021

10. Alex, B., et al., Spring Security Reference. URL https://docs. spring. io/springsecurity/site/docs/current/reference/htmlsingle/.[utoljára megtekintve: 2017. 04. 21.], 2004.

Cite this Article as :
Style #
MLA Nihal Salah. "Managing a Secure JSON Web Token Implementation By Handling Cryptographic Key Management for JWT Signature in REST API: : A survey." Journal of Cybersecurity and Information Management, Vol. 6, No. 1, 2021 ,PP. PP. 5-17 (Doi   :  https://doi.org/10.54216/JCIM.060101)
APA Nihal Salah. (2021). Managing a Secure JSON Web Token Implementation By Handling Cryptographic Key Management for JWT Signature in REST API: : A survey. Journal of Journal of Cybersecurity and Information Management, 6 ( 1 ), PP. 5-17 (Doi   :  https://doi.org/10.54216/JCIM.060101)
Chicago Nihal Salah. "Managing a Secure JSON Web Token Implementation By Handling Cryptographic Key Management for JWT Signature in REST API: : A survey." Journal of Journal of Cybersecurity and Information Management, 6 no. 1 (2021): PP. 5-17 (Doi   :  https://doi.org/10.54216/JCIM.060101)
Harvard Nihal Salah. (2021). Managing a Secure JSON Web Token Implementation By Handling Cryptographic Key Management for JWT Signature in REST API: : A survey. Journal of Journal of Cybersecurity and Information Management, 6 ( 1 ), PP. 5-17 (Doi   :  https://doi.org/10.54216/JCIM.060101)
Vancouver Nihal Salah. Managing a Secure JSON Web Token Implementation By Handling Cryptographic Key Management for JWT Signature in REST API: : A survey. Journal of Journal of Cybersecurity and Information Management, (2021); 6 ( 1 ): PP. 5-17 (Doi   :  https://doi.org/10.54216/JCIM.060101)
IEEE Nihal Salah, Managing a Secure JSON Web Token Implementation By Handling Cryptographic Key Management for JWT Signature in REST API: : A survey, Journal of Journal of Cybersecurity and Information Management, Vol. 6 , No. 1 , (2021) : PP. 5-17 (Doi   :  https://doi.org/10.54216/JCIM.060101)