Leveraging The Power Of Image Tokens

June 01, 2021

Securing personally identifiable information (PII) has come into existence since the inception of GDPR. However, data protection has been a subject of study since 400BC, when messages were first inscribed in tapered batons for secured communication.


Tokenization has gained popularity in the financial market, mainly for securing credit card numbers, CVV, PAN, etc., over PoS or e-commerce retail transactions. Today, tokenization has found its way into many non-payment security applications such as ePHI disclosure mandated masking of critical healthcare data, automated HR jobs involving employee PIIs for payroll deposits, tax/401K contributions, and storing citizen PIIs (social security number, driver’s license or passport number in public servers for casting online ballot votes or other online services).

Cyberattacks on deciphering these tokens are inevitable; hence hiding them has become an absolute necessity. One such technique is camouflaging these alphanumeric/numeric tokens with an image/audio/video file. This 500 BC archaic art of concealing is less popular than cryptography yet infamously used by cybercriminals.

Tokenization Market Size:

According to a report by MarketResearchFuture, Covid-19 had a positive impact on the Global Tokenization Market. It is expected to grow from $1.9 billion in 2020 to $4.8 billion by 2025 post-covid. The pandemic has accelerated the volume of online payments as people stay indoors and use online payment options. Online shopping has become more popular, and with it, the need for payment security has become crucial.

What is Steganography?

Steganography in Greek means covered writing. The goal is to hide messages in a way that only the intended recipient knows that a message has been sent. This goal is achieved by concealing the existence of information within harmless carriers, viz. text, images, video, or audio files, without altering the data structure. In today’s world, cybercriminals use this technique to embed malicious codes or trojans into .jpg or .mpeg4 files in the form of images or audio/video data. However, some of the common ethical applications of this method are hash marking, authorized viewing, and copyright piracy protection. It allows the copyright information to be hidden into a watermark to provide an extra layer of protection from fraudulent activities. Theoretically, there are multiple steganographic methods starting from the Least Significant Bit method for hiding small bits of information to the Five Modulus Method for masking large datasets. Using advanced technology such as machine learning, more complex techniques can be developed for large datasets, viz. Convolution Neural Network & Generative Adversarial Network that raise the difficulty level in decoding the masked information from the carriers. While masking puts a stealth layer, it easily creates suspicion; hence it would be an intelligent move to mask tokens instead of the sensitive data.


Need for Steganography in Tokenization

Steganography is not cryptography, and neither is tokenization some form of encryption. However, taking advantage of both these techniques can provide better encapsulation of the data in motion. Internet of Things (IoT) has been one of the highly cyberattacked domains post COVID-19, as many enterprises with compromised IT networks had backdoors open to their OT networks. While edge computing is an emerging need in IoT, most of the user transactions are still done over the cloud server involving the movement of sensitive user credentials. Image steganography can be used in IoT applications that deal with some form of multi-factor authentication mechanism, e.g., fingerprint image or facial image, as these are user PIIs. Consider an IP camera with low processing power and storage capabilities being used in a smart video surveillance system to capture user images for access control. The camera will capture the image and send it to the authentication server over the cloud for user verification. Such unsecured data over the internet are susceptible to MITM attacks where the attacker can masquerade the user and hack into the system. Similarly, consider a retail transaction over smart PoS devices requiring a photograph of user credit card and/or driving license for verified payment or verifying patient identity over a hospital ERP which requires user photo ID viz. driving license or passport. It would be highly beneficial in these cases if the captured image gets converted into a random token and is hidden in a pseudo image before sending it over the cloud.

Hughes Systique offers both a tokenization server and a steganography server along with the capabilities of combining them into a single system. To learn more about our tokenization capabilities, read our blog on Steganography in Tokenization.

No Comments

Add Comment


We use cookies (including third party cookies) to ensure you get the best experience while visiting our website. Click "Accept All Cookies" to accept the cookie usage. Click "Cookie Settings" to adjust cookie settings.

Mandatory Cookies

These cookies cannot be disabled

These cookies are necessary for the website to function and cannot be switched off.

  • __RequestVerificationToken
  • authentication
  • dnn_IsMobile
  • language
  • LastPageId
  • NADevGDPRCookieConsent_portal_0
  • userBrowsingCookie

Analytics Cookies

These cookies allow us to monitor traffic to our website so we can improve the performance and content of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited or how you navigated around our website.

  • _ga
  • _gat
  • _gid

Functional Cookies

These cookies enable the website to provide enhanced functionality and content. They may be set by the website or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

  • __atuvc
  • euconsent

Targeting Cookies

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.


Not used.