SY0-701 Security+: 1.4 Obfuscation

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/6

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

7 Terms

1
New cards

Obfuscation

The process of making something unclear or harder to understand. But if someone knows how the it was done, they can reverse it and reveal the original data.

  • It's a way to hide information in plain sight—like storing payment details without directly saving a credit card number.

  • One example is steganography, where information is hidden inside an image.

2
New cards

Steganography

The art and science of concealing a message within another message or file to avoid detection.

  • Comes from a Greek word meaning “concealed writing”.

  • It’s a form of security through obscurity, where the message is invisible but still exists.

  • However, relying only on obscurity isn’t considered real security.

  • The image or document that holds the hidden data is called the covertext; it’s the file that contains the concealed message.

3
New cards

Common Steganography Techniques

Network-based

  • Messages are hidden inside network traffic, for example, embedded within TCP packets.

Images

  • The data is built into the image itself.

Invisible watermarks

  • Tiny yellow dots printed by many color printers are called machine identification codes.

  • If you know how to read them, you can trace the printout back to the specific printer that created it.

4
New cards

Other Steganography Types

Audio steganography

  • involves changing a digital audio file to hide a secret message within it; similar to how messages can be hidden in images.

Video steganography

  • Works the same way but on a bigger scale, since video is made up of many images.

  • By adjusting details carefully, like the signal-to-noise ratio, a large amount of hidden data can be placed inside a video file without making it obvious.

5
New cards

Tokenization

When you replace sensitive data with a non-sensitive placeholder

  • For example, a Social Security number can be swapped out for a random number. That random number is sent across the network, and only the system on the other end knows how to swap it back to the original.

  • If someone intercepts the token, it’s useless to them because it doesn’t reveal any real information.

  • This method is commonly used in credit card processing, where your actual card number is turned into a one-time-use token. If someone tries to reuse that token, it won’t work.

Not the same as encryption or hashing—there’s no mathematical link between the original data.

6
New cards

Tokenization Example

  • When you first register your credit card on a mobile phone, it contacts a remote token service server. That server gives your phone a set of tokens—random numbers that act as substitutes for your actual card number. These tokens are stored on your phone, and you usually never see them. Sometimes, if you look at a receipt, you might notice the number shown doesn’t match your real card—that’s the token.

  • When you make a purchase in a store using near-field communication (NFC), your phone sends one of those tokens—not your real credit card number—to the store’s payment system. The merchant then forwards that token to the token service server, which looks up the actual credit card number tied to it. It checks your account for available funds or credit, approves the transaction, and completes the payment.

  • Once a token is used, your phone deletes it. It either moves on to the next token it already has or requests a new one for the next transaction. Each token is used only once to keep your real card number safe.

7
New cards

Data Masking

A type of data obfuscation that hides parts of the original information.

  • A common example is a credit card number on a receipt—you usually see just the last four digits, while the rest are replaced with asterisks. This helps prevent someone from stealing the number off a printed receipt and using it to make purchases.

  • Protects PII (personally identifiable information) and other sensitive data. Often, the data is just hidden from view, not actually removed. The full data might still exist in storage, but access is controlled based on permissions. For example, your credit card company knows the full number, but only part of it is shown on receipts.

  • There are many ways to mask data, including substitution, shuffling, encryption, and masking techniques.