Lecture on Obfuscation and Information Security

Overview of Obfuscation

Obfuscation: The process of taking easily understandable information and making it difficult to understand.
Often used to hide information in plain sight, requiring knowledge of the method to interpret the data.

Definition: From Greek, meaning "concealed writing".
Purpose: Hiding information within an image or other media types.
- Example: Data hidden within an image, often called "cover text".
Security Through Obscurity: If you know the method, you can easily recover the data.
Methods:
- Images: Data hidden within image files.
- Network Traffic: Embedding messages in TCP packets.
- Print Watermarks: Using yellow dots (machine identification codes) from printers to match back to the specific printer.
- Audio and Video Steganography: Hiding information within audio files or video files.

Definition: Replacing sensitive data with non-sensitive 'tokens'.
Example: Credit card tokenization during mobile transactions.
- Process:
  - Register credit card number on mobile phone.
  - Token service generates tokens for local storage.
  - During a transaction, a token is used instead of the actual credit card number.
  - The merchant sends the token to the token service to retrieve the actual number.
  - Token is validated, the transaction is approved, and the token is discarded after use.
Advantages:
- Tokens are one-time use, enhancing security.
- No need for encryption since the token is not the actual sensitive data.

Purpose: Hiding parts of data, such as credit card numbers, to protect sensitive information.
Methods:
- Commonly uses asterisks to mask parts of the number.
- Used in receipts and by customer service representatives.
- Alternative methods include rearranging numbers or replacing them with reversible alternatives.

Security in Transactions: Mobile payments use tokenization to protect credit card information.
Data Protection: Masking methods ensure only necessary information is visible to unauthorized individuals.