Lecture on Obfuscation and Steganography

Introduction to Obfuscation

Steganography: hiding information within an image.
- Derived from Greek, meaning "concealed writing."
- A form of "security through obscurity."
- If the process is known, data can be easily recovered.
Example:
- Data hidden within an image is not visible.
- The image containing data is called "cover text."
Steganography can also be applied in other media:
- Network Traffic: Embedding messages in TCP packets.
- Printed Documents: Hidden dots as machine identification codes.
- Audio and Video: Information hidden in audio files or video tracks.

Tokenization: Replacing sensitive data with a token.
- Example: Social Security numbers replaced with tokens.
- Allows secure transmission across networks.
- Tokens do not have a direct mathematical relationship to original data.

Process involves:
- Registering a credit card on a mobile phone.
- Receiving tokens from a token service server.
- Using tokens for transactions via nearfield communication.
Security:
- If captured, tokens are useless without the server's reverse lookup.
- Tokens are one-time use and discarded after transactions.

Data Masking: Hiding parts of original data.
- Often seen in credit card receipts as asterisks with last four digits visible.
- Protects against unauthorized use of captured data.
- Used by customer service to limit exposure of sensitive information.

Obfuscation and steganography are critical in data security.
Techniques like tokenization and data masking provide secure ways to handle sensitive data.