Obfuscation Techniques Overview

Jul 23, 2025

Overview

This lecture covers methods of obfuscation, including techniques for hiding or masking information such as steganography, tokenization, and data masking, with real-world examples like credit card payment systems.

Obfuscation Concepts

  • Obfuscation is making simple information harder to understand or interpret.
  • Only those who know the obfuscation method can reverse it to access the original data.
  • Obfuscation hides information in plain sight within data or objects.

Steganography

  • Steganography is concealing data within other media, such as images, audio, or video files.
  • The term comes from Greek, meaning "concealed writing."
  • Images containing hidden data are called cover texts.
  • Steganography can be applied to network traffic, embedding data in TCP packets.
  • Printers use steganography by placing nearly invisible yellow dots (machine identification codes) on each page to trace the printer used.

Tokenization

  • Tokenization replaces sensitive data with a non-sensitive equivalent called a token.
  • Commonly used for credit cards: your number is swapped with a temporary token for transactions.
  • Tokens have no mathematical relation to the original data, making them useless if intercepted.
  • Most payment apps generate one-time-use tokens, which are invalid after a single use.
  • Token service servers manage token creation, assignment, and validation during transactions.

Data Masking

  • Data masking hides parts of sensitive information, often showing only the last few digits.
  • Commonly used for credit card receipts, displaying asterisks with the last four digits.
  • Masking is used for privacy in customer service, so only partial information is visible.
  • Masking methods can include asterisks, rearrangement, or replacement of numbers.

Key Terms & Definitions

  • Obfuscation — The process of making information more difficult to interpret.
  • Steganography — Hiding information within other, non-secret data or media.
  • Cover Text — The file or document containing the hidden data in steganography.
  • Tokenization — Replacing sensitive data with a non-sensitive substitute (token).
  • Token — A generated value that stands in for sensitive data in transactions.
  • Data Masking — Hiding portions of data to prevent unauthorized access.

Action Items / Next Steps

  • Review examples of steganography and tokenization in real-world applications.
  • Inspect a printed page from a laser printer for machine identification code dots.
  • Examine a recent credit card receipt for data masking practices.

Full transcript