Obfuscation 1.4

Question 1

Obfuscation

Answer 1

The process of making something unclear. It’s now much more difficult to understand.

But its not impossible to understand if you know how to read it.

Hide information in plain sight. Store payment information without storing a credit card number.

Question 2

Steganography

Answer 2

Hide information inside of an image.

Greek for “concealed writing”. Security through obscurity.

Message is invisible but it’s really there.

The covertext. The Container document or file.

Question 3

Common Steganography techniques

Answer 3

Network based. Embed messages in TCP packets.

Use an image. Embed the message in the image itself.

Invisible watermarks. Yellow dots on printers.

Question 4

Audio steganography

Answer 4

Modify the digital audio file. Interlace a secret message within the audio. Similar technique to image steganography.

Question 5

Video Steganography

Answer 5

A sequence of images. Use image steganography on a larger scale, Manage the signal to noise ratio, potentially transfer much more information.

Question 6

Tokenization (see demonstration on video)

Answer 6

Replace sensitive data with a non-sensitive placeholder. EX SSN 266-12-1112 is now 691-61-8539.

Common with credit card processing. Use a temporary token during payment. An attacker capturing the card numbers can’t use them later.

This is not encryption or hashing. The original data and token are not mathematically related.

Question 7

Data obfuscation

Answer 7

Hide some of the original data.

Protect PII and other sensitive data.

May only be hidden from view. The data may still be intact in storage. Control the view based on permissions.

Many different techniques. Substituting, Shuffling, encrypting, masking out, etc.