Securing JSON request and response from WCF service

Question

We have developed an application for iPad which consumes data from WCF service. iPad application sends request in JSON data format to WCF service and receives response in JSON data format from WCF service. We found during penetration test that users can manipulate request JSON data like changing role of logged in user to get higher privileged user data in the application. JSON request data is not encrypted. It is plain text data. Same is the case with response.

How to secure request and response JSON data?

We can encrypt request at iPad and decrypt at WCF side and do similarly for response JSON data. This will add overhead. Another option is to compute hash for request JSON data at iPad and send it as input to WCF. At WCF side, compute hash again for actual request JSON data and compare. This will help to identify whether request is manipulated or not.

Any suggestions???

Can we use ProtectionLevel Property on Operation Contract???

As per MSDN (http://msdn.microsoft.com/en-us/library/aa347692(v=vs.90).aspx) article we can encrypt and sign operation contract. In this case, what changes should be made at iPad application side???