Topics In Demand
Notification
New

No notification found.

Leveraging The Power Of Image Tokens
Leveraging The Power Of Image Tokens

June 23, 2021

414

1

Securing personally identifiable information (PII) has come into existence since the inception of GDPR. However, data protection has been a subject of study since 400BC, when messages were first inscribed in tapered batons for secured communication.

Tokenization:

Tokenization has gained popularity in the financial market, mainly for securing credit card numbers, CVV, PAN, etc., over PoS or e-commerce retail transactions. Today, tokenization has found its way into many non-payment security applications such as ePHI disclosure mandated masking of critical healthcare data, automated HR jobs involving employee PIIs for payroll deposits, tax/401K contributions, and storing citizen PIIs (social security number, driver’s license or passport number in public servers for casting online ballot votes or other online services).

Cyberattacks on deciphering these tokens are inevitable; hence hiding them has become an absolute necessity. One such technique is camouflaging these alphanumeric/numeric tokens with an image/audio/video file. This 500 BC archaic art of concealing is less popular than cryptography yet infamously used by cybercriminals.

Tokenization Market Size:

According to a report by MarketResearchFuture, Covid-19 had a positive impact on the Global Tokenization Market. It is expected to grow from $1.9 billion in 2020 to $4.8 billion by 2025 post-covid. The pandemic has accelerated the volume of online payments as people stay indoors and use online payment options. Online shopping has become more popular, and with it, the need for payment security has become crucial.

What is Steganography?

Steganography in Greek means covered writing. The goal is to hide messages in a way that only the intended recipient knows that a message has been sent. This goal is achieved by concealing the existence of information within harmless carriers, viz. text, images, video, or audio files, without altering the data structure. In today’s world, cybercriminals use this technique to embed malicious codes or trojans into .jpg or .mpeg4 files in the form of images or audio/video data. However, some of the common ethical applications of this method are hash markingauthorized viewing, and copyright piracy protection. It allows the copyright information to be hidden into a watermark to provide an extra layer of protection from fraudulent activities. Theoretically, there are multiple steganographic methods starting from the Least Significant Bit method for hiding small bits of information to the Five Modulus Method for masking large datasets. Using advanced technology such as machine learning, more complex techniques can be developed for large datasets, viz. Convolution Neural Network & Generative Adversarial Network that raise the difficulty level in decoding the masked information from the carriers. While masking puts a stealth layer, it easily creates suspicion; hence it would be an intelligent move to mask tokens instead of the sensitive data.

Need-for-Steganography-in-tokenization

Need for Steganography in Tokenization

Steganography is not cryptography, and neither is tokenization some form of encryption. However, taking advantage of both these techniques can provide better encapsulation of the data in motion. Internet of Things (IoT) has been one of the highly cyberattacked domains post COVID-19, as many enterprises with compromised IT networks had backdoors open to their OT networks. While edge computing is an emerging need in IoT, most of the user transactions are still done over the cloud server involving the movement of sensitive user credentials. Image steganography can be used in IoT applications that deal with some form of multi-factor authentication mechanism, e.g., fingerprint image or facial image, as these are user PIIs. Consider an IP camera with low processing power and storage capabilities being used in a smart video surveillance system to capture user images for access control. The camera will capture the image and send it to the authentication server over the cloud for user verification. Such unsecured data over the internet are susceptible to MITM attacks where the attacker can masquerade the user and hack into the system. Similarly, consider a retail transaction over smart PoS devices requiring a photograph of user credit card and/or driving license for verified payment or verifying patient identity over a hospital ERP which requires user photo ID viz. driving license or passport. It would be highly beneficial in these cases if the captured image gets converted into a random token and is hidden in a pseudo image before sending it over the cloud. One of our earlier blogs dealt with Steganography in Tokenization

As this is an upcoming area, there are only a handful of niche, specialized companies that offer both a tokenization server and a steganography server along with the capabilities of combining them into a single system. 


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


HughesSystique

© Copyright nasscom. All Rights Reserved.