Lecture on Obfuscation and Tokenization

Overview of Obfuscation

• Definition: Process of making information more difficult to understand.
• Reversibility: If the method of obfuscation is known, one can reverse it to access the original data.
• Hiding in Plain Sight: Data is hidden in such a way that it's not obvious unless you know how to find it.

Steganography

• Definition: Hiding information within other non-obvious mediums (e.g., images).
• Origin: From Greek, meaning 'concealed writing'.
• Types:
  • Image Steganography: Data hidden within an image (termed as 'cover text').
  • Network Steganography: Embedding messages within network traffic (e.g., TCP packets).
  • Printed Dots: Yellow dots (machine identification codes) on printed pages, linking to the printer.
  • Audio/Video Steganography: Hiding information in audio files or video files.

Tokenization

• Definition: Replacing sensitive data with a non-sensitive equivalent (token).
• Example: Social security numbers replaced with tokens for safe transmission.
• Application in Payments:
  • Mobile Payment Systems: Temporary tokens created from credit card numbers for transactions.
  • One-Time Use Tokens: Tokens are valid for a single transaction, increasing security.

Process of Tokenization in Mobile Payments

1. Registration: Credit card registered with a remote token service server.
2. Token Storage: Phone stores the tokens received from the server.
3. Transaction:
   • Near Field Communication (NFC): Token sent to the payment system.
   • Merchant Verification: Token sent to server for credit card verification.
   • Token Disposal: Used token is discarded; new token prepared for next transaction.

Data Masking

• Purpose: To conceal parts of sensitive information, such as credit card numbers.
• Applications:
  • Receipts: Show only partial credit card numbers, e.g., last four digits.
  • Customer Service: Partial information shown for security.
• Methods: Use of asterisks, rearranging numbers, or replacing numbers.