JOSE is a framework for implementing Cryptography to JSON messages Used for Client authentication and authorization Supported by various programming languages

  • JWS: JSON Web Signature
    – Securing JSON data using digital signature or Message Authentication Code (MAC) using base64 URL
     – Used for Authorization headers and URI query parameters
    – Simple and compact
    – No canonicalization
    JWS Format: <Hader> + <.> + Payload + <.> + Signture.
  • JWE: JSON Web Encryption
    – Encryption of JSON
    – Complicated
    JWE Format: <Header> + <.> + Encrypted Key + <.> + Initialization Vector + <.> + Cipertext + <.> + Authentication Tag
  • JWT: Java Web Token
    – JWT Is a JWS or / and JWE with JSON claim (Name / value pair) transferred between clients
  • JWK: JSON Web Key
    – Public cryptographic keys containing metadata
    – Can be added to JWS, JWE or JWT header
    – Published at HTTPS endpoint
    – Replacement of self signed certificate
    – Saved in files
  • To implement JOSE in Spring include the following paackages
    org.springframework.security.oauth2.jwt
     org.springframework.security.oauth2.jose
  • JWA: JSON Web Algorithms
    – List of Crypto algorithms used for JWE / JWS
    – The “alg" parameter of JWS denotes the algorithm
    – The “alg" and “enc" parameter of JWE denotes the algorithm

List of supported Algorithm – JWS

Attacks against JWT, JWS and JWE

  • Signature Exclusion Attack: The attacker removes the signature of a signed message, makes it a unsigned message and hence, the message is considered as valid
  • Countermeasures: Implementing no algorithm specifies that the JWS payload is insecure or the payload is not secured by digital signature or MAC value
  • Key Confusion (Algorithm Substitution): The attacker replaces the key with a known crypto key for implementing a known algorithm
  • Countermeasures: Using an algorithm parameter in the signature verification function. This will determine the actually implemented algorithm and detect any change found

    Verify(string token , string algorithm , string verificationKey)
  • Bleichenbacher Million Message Attack: Ciphertext attack on protocols based on the RSA encryption, where the attacker sends multiple ciphertexts to the server and studies the received response error messages, timing differences etc. to identify valid and invalid padded messages and extracts sensitive information in the payload
  • Countermeasures: Implement alternative Optimal Asymmetric Encryption Padding (OAEP) technique. Respond consistently to all errors by checking the length of CEK and parity bits. Random Filling where the misformatted messages are considered properly PKCS-1 formatted