, Bonaventura DAlessio
, Alfredo De Santis
, bdalessio@dia.unisa.it
, ads@dia.unisa.it
^
s
^
d
^
K
:
'
Z
& t
/
&
1
(1)
||f
1
(2)
|| ||f
1
(m)
,
which recovers the value of the embedded stego-data S.
There are different ways to x the permutation and, thus,
to establish the order of the fragments:
The permutation can be xed a priori; for example it can
be the identity permutation (i.e., (i) = i), or the reverse
order permutation (i.e., (i) = mi + 1).
The permutation can depend on the sequence of les
P
1
, P
2
, , P
m
; for example the hash values of the
involved photos can be computed and dene the permu-
tation according to the lexicographic order of those hash
values, namely, (i) is equal to the index corresponding
365
to the i-th smaller value in the set of computed hashes
H(P
1
), H(P
2
), , H(P
n
). If H(P
j
) is the i-th smaller
value in this set, then (i) = j.
The permutation can also depend on other information
published on the OSN/OPS. For example, another pub-
lished photo P can be xed and used as a seed in a
Pseudo-Random Number Generator (PRNG) to produce
a sequence PRNG(P) = g
1
||g
2
|| ||g
m
of m values of
a suitable length. The permutation is dened according
to the lexicographic order of values g
1
, g
2
, , g
m
, that
is, (i) is equal to the index corresponding to the i-th
smaller value among them. If g
j
is the i-th smaller value
in this set, then (i) = j.
Finally, the permutation can depend both on the sequence
of photos P
1
, P
2
, , P
m
as well as other published
photos on the OSN/OPS. For example, the output of
the PRNG can be given as the input, together with the
photo P
i
to the hash function. In other words, the m
values g
1
, g
2
, , g
m
, output of the PRNG seeded with
an external photo P, can be concatenated pair-wise to the
sequence of photos P
1
, P
2
, , P
m
in order to obtain the
resulting g
1
||P
1
, g
2
||P
2
, , g
m
||P
m
. The permutation is
dened according to the lexicographic order of values
g
1
||P
1
, g
2
||P
2
, , g
m
||P
m
, that is, (i) is equal to the
index corresponding to the i-th smaller value among
them.
If parties share a private key, the permutation order can also
depend on it. For example, an HMAC can be used instead of
hash values.
It is clear that for some of the methods described above,
in which the permutation is dened on objects published on
the OSN, these objects have not to change after publication
since it could compromise the revealing process of the stego-
system. If the changes cannot be avoided due to OSN/OPS
functionalities, then other methods have to be used to dene
the order of the fragments. The order information has to be
independent from the object and may be either xed a priori
or included in the information published by the OSN/OPS.
For example, it can be included as part of the le name of the
photos. This approach clearly decreases the total information
carried by the stego-system. If k digits were available in the
le name for the stego-data, then q of them can be used
as an index and the remaining k q to embed fragments.
It is also possible to include the order information in the
EXIF [9] metadata of the photos, as a comment or a keyword
of the published photos, as long as this information is not
modied before publication and is not subject to changes
after publication by the OSN/OPS.
Some OSNs, such as Facebook, do not preserve the original
le name but rename it with a new one which contains several
pieces of information such as the Facebook identier. In
these cases, the proposed technique cannot be directly used
due to the hidden data being deleted when the images are
published on the OSN/OPS. This problem can be overcome by
storing the original le name in other elds which are usually
present in most of the OSN/OPS. In the case of Facebook,
for example, the Description eld can be used to store
the original le name and hence adopt the proposed technique.
Stego-data does not have not to be embedded into all the
photos belonging to a user, with it being possible to use only
a subset. The remaining photos, as well as the respective
le names, can be used to further obfuscate and hide the
presence of the stego-system. It is therefore important to
establish which are the photos to be used in order to embed
the fragments.
It is possible to use an approach similar to the one adopted in
the determination of the permutation illustrated above. Let
P
1
, P
2
, , P
n
be the sequence of all the images published
by a user as they appear on the OSN/OPS. A characteristic
binary vector c
1
, c
2
, , c
n
is chosen to establish which
photo should be part of the sequence used for the embedding
procedure. That is, c
i
= 1 implies that the photo P
i
is part of
the sequence, while c
i
= 0 tells that the photo P
i
should not
be considered. Therefore, the initial sequence of the photos
is P
i1
, P
i2
, , P
im
where 1 i
1
< i
2
< < i
m
n and
c
i1
= c
i2
= = c
in
= 1 and the other c
j
values are equal
to zero.
Similarly to the determination of the permutation , there
are different ways to x the characteristic binary vector:
It can be xed a priori. For example, it can be a part of
the binary expansion of or the outcome of the Lottery.
It can vary with the sequence of photos. For example, it
can be the concatenation of the hash values of the rst
few photos.
It can also depend on other information published on the
OSN/OPS. For example, it can be the output of a PRNG
seeded with a priori xed photo.
Finally, it can depend both on the sequence of photos
P
1
, P
2
, , P
n
as well as an additional photo P
published on the OSN/OPS. For example, the PRNG
can be seeded with the photo P and then its output can
be XORed piece-wise with the hash values computed on
the rst few photos.
Another possibility offered by the OSN/OPS is the grouping
and organization of photos in folders whose name is usually
left to the user choice. This makes it possible to use the
folder le names to hide parts of the stego-data.
In order to improve the efciency of the entire system, it
is advisable to compress the stego-data before embedding it.
For example, the Deate algorithm [8] can be used.
Since the stego-data can be discovered, an encryption algo-
rithm (either symmetric or asymmetric) should be used before
embedding it. This increases the entropy and makes it more
difcult to detect the existence of the stego-data.
366
Time Consistency
The EXIF (Exchangeable Image File Format) standard [9]
is used to associate metadata to the image. Among the
information supplied by the EXIF standard, in this subsection
the attention is focused on the time and date. Such information
allows for the reconstruction of the temporal sequence of all
the photos, assuming that the time and date were correctly
set on the digital camera and that nobody has manually
modied them later. The order established by the sequence
number contained in the le name has to be coherent with
the temporal sequence of the creation time contained in the
EXIF metadata. To avoid inconsistency, it is necessary to
avoid or limit anomalies between the two temporal sequences.
Therefore, if the fragment index does not depend on the
photos containing the stego-data, then the le name should
be bound to the images in such a way as to preserve this
relationship.
Another possibility is to remove the EXIF metadata from
the images before uploading them to a OSN/OPS. It is worth
mentioning that this operation is usually performed by most
of the OSNs while, on the contrary, most of the OPSs leave
the EXIF metadata unchanged.
Photos produced with a given digital camera and shot in a
short time interval, have a relatively close sequence number
in the le names. Vice versa, a large difference in sequence
numbers in le names usually corresponds to photos shot
over longer time interval. To avoid anomalies with respect
to the above mentioned property, a smaller value of k can
be used by xing the rst few digits of the le name and
using the remaining digits of the le names to hold fragments.
IV. STEGANOGRAPHY USING TAGS
In this section a new steganography technique that takes
advantage of the use of tags is proposed. The tag, whose
circulation has increased with the advent of the Web 2.0, is
a metadata that links different elements. Tagging is very
popular in OSN/OPS, where the terminology refers to the
specic case where a user identies the people depicted
in a photo, and marks the photo with their names, thus,
explicitly linking those people to the photo [3]. The proposed
steganographic technique uses a set of photos posted by a
user on an OSN/OPS and the tags on them in order to encode
a secret message. The technique applies also to general
images and is not limited to photos.
Assume a user u has posted t photos on an OSN/OPS. Let
P
1
, P
2
, , P
t
be the sequence of published photos which
is the part of all users photos that will be used to embed
the stego-text. In addition, let U be the sequence of users
u
1
, u
2
, , u
m
who can be tagged in the photos in order to
hide the information. Therefore, in every photo P
i
, u can add
or not a tag to one of the m users u
j
. This makes it possible
to construct a matrix where the element b
j,i
will be:
1, if in the photo P
i
the user u
j
has been tagged;
0, if in the photo P
i
the user u
j
has not been tagged.
Table III
BINARY ENCODING OF THE TEST SECRET MESSAGE
t h i s
01110100 01101000 01101001 01110011 01000000
m e s s a
01101101 01100101 01110011 01110011 01100001
g e i s
01100111 01100101 01000000 01101001 01110011
h i d d
01000000 01101000 01101001 01100100 01100100
e n
01100101 01101110
The sequence of m t bits b
1,1
b
1,2
b
m,t
will encode
the secret message.
Table IV
SEQUENCE OF BITS b
j,i
IN MATRIX REPRESENTATION
Photos
P
1
P
2
P
3
P
4
P
5
P
6
P
7
P
8
P
9
P
10
P
11
u
1
0 1 1 1 0 1 0 0 0 1 1
u
2
0 1 0 0 0 0 1 1 0 1 0
u
3
0 1 0 1 1 1 0 0 1 1 0
u
4
1 0 0 0 0 0 0 0 1 1 0
u
5
1 1 0 1 0 1 1 0 0 1 0
u
6
1 0 1 1 1 0 0 1 1 0 1
u
7
1 1 0 0 1 1 0 1 1 0 0
u
8
0 0 1 0 1 1 0 0 1 1 1
u
9
0 1 1 0 0 1 0 1 0 1 0
u
10
0 0 0 0 0 0 1 1 0 1 0
u
11
0 1 0 1 1 1 0 0 1 1 0
u
12
1 0 0 0 0 0 0 0 1 1 0
u
13
1 0 0 0 0 1 1 0 1 0 0
u
14
1 0 1 1 0 0 1 0 0 0 1
u
15
1 0 0 1 0 0 0 1 1 0 0
u
16
1 0 1 0 1 1 0 1 1 1 0
Clearly, in order to increase the size of the secret message,
in addition to posting more photos, it is also possible to
increase the cardinality of U. To do this, u can create
ctitious users in the OSN/OPS, who will link to his prole,
inserting them into the sequence U. Using the privacy
settings, available on several OSN/OPS, it may be possible to
increase the degree of condentiality of the message due to
the sharing of photos, albums and notication of tags being
limited to small groups of users and not visible to everyone.
The privacy settings should be congured in such a way as
to allow the receiver of the secret message to see all photos
in the sequence as well as the tags applied.
The described technique has two aspects for improvement
compared to the one discussed in Section III. The rst is
the amount of hidden information that, on the basis of the
number of images available on the OSN/OPS, is higher due
to it using a system that exploits a number of tagged users
which is greater than the number of bits in the le name
that can be used to embed the stego-data. The second is
the time required to hide the message. With the technique
described in Section III, having to rename the images
367
published generally requires uploading them again. This can
be a rather time consuming process, depending on the size
of the les. While the time taken to hide information using
the technique discussed in this section is relatively quick due
to it adding the appropriate tags to images that have already
been published.
As an example, consider the case where the message this
message is hidden is the one to be hidden. The text
consists of 22 characters, and since each character is ASCII
encoded with a byte, 176 bits are needed to represent the
message (see Table III).
Assuming one has 11 photos and 16 users to tag in each
photo, than the entire message of 176 = 11 16 bits can be
encoded. The sequence of bits b
j,i
, represented as a matrix,
is the one reported in Table IV. Therefore, in photo P
1
users
u
4
, u
5
, u
6
, u
7
, u
12
, u
13
, u
14
, u
15
and u
16
have to be tagged,
in photo P
2
users u
1
, u
2
, u
3
, u
5
, u
7
, u
9
and u
11
have to be
tagged and so on, up to photo P
11
where users u
1
, u
6
, u
8
,
and u
14
have to be tagged.
Clearly, in order to improve efciency and security it
is advisable to compress and encrypt the stego-data before
embedding it.
V. SECURE COMMUNICATION ON OSN AND OPS
The solution introduced in this section aims to establish
secure communication paths among users of a OSN/OPS.
Using the proposed solution, it is possible to transmit
information in a secure way and hide it with respect to a
limited number of users in a selective manner. The idea is to
apply the techniques described in Section III and IV to hide
data, as well as implement a notication mechanism which
noties when a secret message has been read and by who.
The notication system proposed in this section uses the tags
on the photos present on OSN/OPS. Even in this case, one
can perform the tag operation even to other kind of images
besides photos.
After having concealed the message, the sender applies the
tag related to the receivers of the message to one photo
stored in the albums which has to be different from the photos
used in the above-mentioned steganographic technique of
Section IV. Then, the OSN/OPS will notify to the users who
have been tagged in that photo. Thus, they will discover
that a hidden piece of information directed to them has
been published. After reading the message, the users will
remove the tag inserted by the sender. In this way, the sender,
monitoring who has removed the tag from the photo, will
known who has received and read the secret message.
How the proposed notication system works will now
be described in further detail. To post a hidden message, a
generic user u will use the techniques described in Section III
and IV. Having published the message, u should notify its
publication to a set of users U
, having decoded
the hidden data, removed the tag from P, thus notifying u
that the secret message has been read. Then, new message
can be sent. In this way it is established a synchronous
communication channel.
In order to make it more difcult to intercept secure
communications, as well as increase the amount of
information transmitted, the system may be distributed
across multiple sites. Using the privacy settings, available
on several OSN/OPS, it may be possible to increase the
degree of condentiality of the message due to the sharing of
photos, albums and notication of tags being limited to small
groups of users and not necessarily everyone.
VI. CONCLUSIONS
New techniques to create a secure communication on the
Internet have been presented in this paper. The most important
elements in implementing these techniques are the availability
of photos, published and shared on the Web, as well as
the ability to create tags on the other users. The amount
of information that can be hidden depends on the number
of photos published, the numbers of users to involve, the
name assigned to them as well as how they are distributed in
various albums. A notication system which uses tags has been
proposed to implement a secure synchronous communication
channel.
Since most of the OSN/OPS change the published photos,
it is not possible to use classic steganographic techniques
directly on these images. Thus, the proposed steganographic
technique may be very useful to create a covert channel even
on OSN/OPS that notoriously modify the multimedia les
before publication.
REFERENCES
[1] J. Barnes, Human relations, Class and Committees in a Norwegian
Island Parish, vol. 7, pp. 3958, 1954.
[2] S. Grabner-Krauter, Web 2.0 social networks: The role of trust, Journal
of Business Ethics, vol. 90, pp. 505522, December 2009.
[3] D. M. Boyd and N. B. Ellison, Social network sites: Denition, history,
and scholarship, Journal of Computer-Mediated Communication, vol. 13,
no. 1, pp. 210230, 2007.
[4] Wikipedia, List of photo sharing websites, http://en.wikipedia.org/wiki/
List_of_photo_sharing_websites, visited June 2011.
[5] A. Castiglione, G. Cattaneo, and A. De Santis, A forensic analysis of
images on online social networks, Submitted, June 2011.
[6] B. W. Lampson, A note on the connement problem, Commun. ACM,
vol. 16, pp. 613615, October 1973.
[7] F. L. Bauer, Decrypted secrets - methods and maxims of cryptology (4.
ed.). Springer, 2007.
[8] P. Deutsch, Deate compressed data format specication version 1.3,
http://www.ietf.org/rfc/rfc1951.txt, May 1996.
[9] Camera & Imaging Products Association, Standardization Committee,
Exchangeable image le format for digital still cameras: Exif Version
2.3, http://www.cipa.jp/english/hyoujunka/kikaku/pdf/DC-008-2010_E.
pdf, 26 April 2010.
368