🔒

Understanding Obfuscation Techniques

Feb 23, 2025

Lecture on Obfuscation

Introduction to Obfuscation

  • Definition: Process of making information difficult to understand.
  • Reversibility: Knowing the method allows reversing the process to access original data.
  • Hiding in Plain Sight: Information is hidden visibly; recognition requires knowledge of the hiding method.

Types of Obfuscation

Steganography

  • Definition: Hiding information in an image or other media.
  • Origin: Greek for concealed writing.
  • Commonality: Often used as security through obscurity.
  • Examples:
    • Images: Data stored within image files, known as cover text.
    • Network Traffic: Embedding messages in TCP packets.
    • Printed Dots: Yellow dots (machine identification codes) on printed pages identify printers.
    • Audio/Video Files: Information hidden in audio or video tracks.

Tokenization

  • Definition: Replacing sensitive data with a token.
  • Example: Social security numbers or credit card numbers converted into tokens.
  • Benefits:
    • Practicality if intercepted as tokens are useless without the decryption method.
    • Used in mobile phone payments via temporary, one-time-use tokens.

Credit Card Tokenization Process

  • Step 1: Register credit card on mobile phone.
  • Step 2: Obtain tokens from a remote server, stored on phone.
  • Checkout Process:
    • Use Near Field Communication (NFC) to transfer tokens instead of card numbers.
    • Merchant verifies token with server to retrieve actual card number for transaction approval.
    • Used token is discarded; phone readies a new token.
  • Receipt Obfuscation: Masks card numbers, showing only last four digits.

Data Masking

  • Purpose: Prevent unauthorized access to sensitive data.
  • Methods:
    • Masking parts of numbers (e.g., credit card numbers).
    • Used by customer service to limit exposure to sensitive data.
    • Allows partial visibility of data for security.

Conclusion

  • Obfuscation techniques are varied and are used to enhance security by limiting data visibility unless the correct method is known.
  • These techniques are practical and commonly used in everyday transactions to protect sensitive data.

Full transcript