Lecture on Obfuscation and Tokenization

Obfuscation

Definition: Process of making something difficult to understand by altering its form.
Concept: If you know the method of obfuscation, you can reverse it to obtain original data.
Purpose: Information is hidden in plain sight but recognizable if you know the method used.

Definition: Hiding information within another medium.
Origin: Greek for "concealed writing."
Common Use: Hiding data in an image, Network traffic, printed pages, audio, or video files.
Example: Using a third-party utility to embed data within an image.
- Cover Text: The document/image hiding the data.
- Printer Watermarks: Yellow dots (machine identification codes) on pages to trace back to the printer.
Security Aspect: Known as security through obscurity—relies on obscurity rather than robust security measures.

Definition: Replacing sensitive data with tokens that can be mapped back to the original data.
Common Application: Mobile payments (e.g., credit card tokenization).

Registration: Credit card details registered with a token service server.
Token Issuance: Server provides tokens to the mobile phone.
Checkout: Token used in Near Field Communication (NFC) to transact.
Validation: Merchant sends token to server for credit card lookup and funds validation.
Approval: Transaction is approved if funds are available.
Token Disposal: Used token is discarded; a new one is readied.

Security: Tokens are one-time use, preventing reuse if captured.
Data Safety: No need for encryption; tokens are not mathematically related to original data.
Receipts: Show tokenized numbers (often masked with asterisks) to protect credit card info further.

Purpose: Hiding part of a piece of data (e.g., credit card number) to enhance security.
Common Use: Customer service interactions or printing receipts with only partial data visible.
Methods: Typically involves replacing parts of the number with asterisks or rearranging digits.