Understanding Obfuscation and Security Techniques

Aug 5, 2024

Obfuscation and Steganography Lecture Notes

Definition of Obfuscation

  • Obfuscation: Making information more difficult to understand.
  • Essential idea: Hide information in plain sight; only recognizable if you know how it was hidden.

Steganography

  • Definition: Technique of hiding information within another medium.
  • Origins: Greek for 'concealed writing'.
  • Security Through Obscurity: If you know how the data was hidden, you can recover it; not true security.

Applications

  1. Images: Data hidden within pixels; image referred to as 'cover text'.
  2. Network Traffic: Embedding messages within TCP packets; data reconstructed on the other side.
  3. Printed Pages: Yellow dots as machine ID codes; can identify the printer.
  4. Audio and Video Files: Hidden information within audio tracks and video files.

Tokenization

  • Definition: Replacing sensitive data with a token.
  • Use cases: Mobile payments, credit card transactions.

Process

  1. Register credit card on mobile phone.
  2. Remote token service server generates tokens.
  3. Tokens stored on the mobile phone.
  4. During payment, token is sent instead of actual credit card number.
  5. Token service server does a reverse lookup to retrieve the credit card number.
  6. Token is validated and transaction approved.
  7. Used token is discarded; a new token is readied.

Benefits

  • Security: Tokens are one-time use; capturing the token is useless.
  • Data Transfer: No need to encrypt or hash; token doesn’t correlate back to the original sensitive data.

Data Masking

  • Definition: Hiding parts of the original number, showing only a portion.
  • Use cases: Receipts, customer service interactions.
  • Methods: Using asterisks or replacing/rearranging numbers.

Applications

  1. Receipts: Show asterisks and last four digits of the credit card number.
  2. Customer Service: Representatives only see a portion of the credit card number.

Summary

  • Obfuscation and steganography are techniques to hide information, making it accessible only to those who know how to reveal it.
  • Tokenization and data masking provide enhanced security for sensitive data in everyday transactions and interactions.