🛡️

Understanding Obfuscation Techniques in Data Security

Sep 2, 2024

Lecture Notes on Obfuscation

Definition of Obfuscation

  • Obfuscation: Process of making information difficult to understand.
  • Reversibility: If you know how obfuscation is done, you can reverse it to access original data.
  • Information hidden in plain sight.

Steganography

  • Definition: A popular form of obfuscation; hiding information within images.
    • Roots in Greek meaning "concealed writing."
    • Considered security through obscurity.
    • Not true security as knowing the method allows data recovery.
  • Process:
    • Use of third-party utilities to hide info in images.
    • Image becomes "cover text" containing hidden data.
    • Not limited to images; can be used in network traffic (e.g., TCP packets).
  • Examples:
    • Laser printers use yellow dots (machine identification codes) as steganography.
    • Audio and video files can also hide information.

Tokenization

  • Definition: Replacing sensitive data with a token.
    • Example: Social security numbers replaced with tokens.
    • Allows safe data transfer across networks without actual data exposure.
  • Process:
    • Mobile payments use tokenization for credit card numbers.
    • Temporary tokens are created, allowing safe transaction without encryption.
    • Tokens are one-time use, ensuring security even if intercepted.

Credit Card Tokenization Process

  • Registration: Credit card number registered on mobile phone.
  • Token Storage: Tokens stored locally on the phone.
  • Checkout: Tokens used for payment via near-field communication.
  • Transaction Validation: Merchant sends token to server, which retrieves actual credit card number to validate funds.
  • Token Lifecycle:
    • Used token discarded post-transaction.
    • New token prepared for the next use.

Data Masking

  • Purpose: Hide parts of data, showing only necessary portions.
    • E.g., credit card receipts displaying only last four digits for security.
    • Used in customer service to limit access to full data.
  • Methods:
    • Asterisks commonly used.
    • Alternatives include rearranging or replacing numbers for reversible obscuration.

Key Considerations

  • Obfuscation methods like steganography and tokenization offer ways to protect data visibility.
  • Security through obscurity is not inherently secure; understanding methods is crucial for both protection and data recovery.
  • Practical applications in everyday technology like mobile payments and printed documents.