Domain 1 · 1.4 Cryptographic Solutions

1.4.4 Obfuscation

Steganography, tokenization, data masking.

10 min

Obfuscation makes data difficult for people or tools to understand or interpret without the proper key or context.

Data Masking and Minimization - Data masking hides original data with modified content — for example, showing only the last four digits of a credit card and replacing the rest with asterisks. - Anonymization permanently removes all identifying markers so individuals cannot be re-identified, often for research or analytics. - Pseudo-anonymization replaces identifiers with artificial ones, allowing re-identification only if the linking key is available. - Data minimization is a core privacy principle (central to GDPR): collect and keep only the minimum PII/PHI needed for the task.

Tokenization - Tokenization swaps a sensitive value for a non-sensitive substitute called a token. - Nonsensical values: a token has no exploitable meaning outside the system that issued it. - The vault: a secure database maps each token back to the original data, such as a primary account number (PAN). - Security benefit: because tokens are random, they are useless to an attacker even if intercepted or stolen.

Steganography - Steganography hides a secret message or file inside another, ordinary-looking file such as an image or audio clip. - LSB (Least Significant Bit): a common technique that alters the last bit of each pixel's color value to store data without visibly changing the image. - Cover object: the carrier file (for example a .jpg or .mp4) that conceals the payload. - Detection: finding hidden data needs forensic tools that spot statistical anomalies in file size or bit patterns.

Administrative Roles in Data Protection - Data controller: decides the why and how of processing and ensures overall regulatory compliance (a GDPR term). - Data processor: handles and processes data on behalf of the controller. - Data custodian / steward: the technical role managing storage, backups, and security controls. - Data owner: usually the organization, holding legal rights and ultimate responsibility for the data.

Quick recall - Asterisks and Xs → trigger for data masking. - Random substitute strings / credit cards → trigger for tokenization. - Images or audio files → trigger for steganography. - LSB (Least Significant Bit) → the primary mechanism of digital steganography. - PII/PHI → the data types these methods protect.