Steganography and Secure Communication onOnline Social Networks and Online Photo Sharing

Aniello Castiglione∗, Bonaventura D’Alessio†, Alfredo De Santis‡Dipartimento di Informatica “R.M. Capocelli”

Università degli Studi di Salerno

I-84084 Fisciano (SA), Italy

castiglione@ieee.org∗, bdalessio@dia.unisa.it†, ads@dia.unisa.it‡

Abstract—On the in Internet today, there are numerous web-sites offering places to store and share images (photos, drawings,cliparts, etc.). Online Social Networks (OSN) and Online PhotoServices (OPS) usually offer this type of service making itpossible to upload and manage the images they publish. Users canpublish their own images as well as add descriptions and tags.By adjusting the personal privacy settings, the images becomevisible only to authorized users, with it then being possibleto add any comments. Generally, OSN/OPS manipulate thepublished images by resizing, upgrading metadata, compressing,embedding watermarking, and making it difficult to use well-known steganographic techniques on them.

In this paper two new steganographic schemes that mainlytake advantage of the published images and survive the OSN/OPSprocessing before their publication, are proposed and analyzed.Finally, a notification system which uses tags to manage thesent/received information on the secret channel is proposed. Thisallows for the deletion of the received information as well as abandwidth increase of the secret channel.

Index Terms—Steganography, Online Social Network, OnlinePhoto Sharing, OSN, OPS, Secure Channel, Covert Channel,Image Metadata.

I. INTRODUCTION

A “social network” is an association of people drawn

together by family, work or hobby. This term was first coined

in 1954 by J. A. Barnes [1]. Thus, a social network is a social

structure made up of individuals (or organizations) called

“nodes”, which are tied (connected) by one or more specific

types of interdependency, such as friendship, kinship, common

interests, financial exchanges, dislikes, sexual relationships,

as well as relationships of beliefs, knowledge or prestige.

The virtualization of the concept, i.e., when the relationship

between players takes place on the Web, is called Online

Social Network [2]. In order for an OSN to work on the

Internet, it requires an online service, platform, or site that

focuses on the building and reflecting of the Social Network

Sites. A definition of Social Network Sites, proposed in [3], is

the following: “We define social network sites as web-based

services that allow individuals to: construct a public or semi-

public profile within a bounded system, articulate a list of other

users with whom they share a connection, view and traverse

their list of connections and those made by others within the

system”.

Corresponding author: Aniello Castiglione, Member, IEEE, cas-tiglione@ieee.org, Phone: +39089969594, FAX: +39089969821

An OSN is based on the representation of the users, via

a profile consisting of a set of attributes which describes it,

the social links as well as some additional services. These

web-based services allow users to interact via the Internet

and include e-mail, instant messaging as well as data sharing

(e.g., ideas, activities, events, interests, images, etc.). The main

service offered by the OSNs is the creation of a relationship

among users sharing common interests such as hobbies, poli-

tics, sports, and religion.A common service offered by OSN is related to images.

In general, images can be uploaded, organized in albums and

may contain tags of other users. This creates a link to another

member of the OSN who is tagged in the image. The tagging

operations are generally notified to the users involved. Another

feature which is very common on both OSN and OPS is the

possibility to add some keywords to each published image.The most popular OSNs in the world are without a doubt

Twitter and Facebook. However, there are other OSNs which

are prevalent in specific geographic areas. For example, MyS-

pace and LinkedIn are popular in North America, Orkut

and Hi5 in South America and Central America, Nexopia

in Canada, Tuenti in Spain, StudiVZ in Germany, iWiW in

Hungary, and Nasza-Klasa in Poland.An Online Photo Sharing (OPS) web-site makes it possible

to publish online digital images, essentially photos. This

functionality is provided through applications that ease the

upload, visualization and management of the images. Table I

shows a comparison of some OPS web-services [4]. In the

table, there is:

• the name of the site;

• the image file format accepted during the upload;

• the possibility to create and manage albums and directo-

ries;

• the space limits for each user;

• if it allows to tag images or to use keywords;

• if it allows to insert comments;

• the approximate number of registered user.

Generally, OSN as well as OPS apply some processing

to the images before their publication, for example by

resizing, renaming, compressing, etc.. A characterization

of the processing performed by some OSN/OPS has been

presented in [5]. Facebook resizes the images to a resolution

2011 International Conference on Broadband and Wireless Computing, Communication and Applications

978-0-7695-4532-5/11 $26.00 © 2011 IEEE

DOI 10.1109/BWCCA.2011.60

363

of 720 pixel or 2048 for high resolution images, and renames

them with a string containing, among other things, the

Facebook numeric user-id as well as the sequence-number

of the photo. The two resolutions, 720 pixel and 2048, are

referred to the bigger side of the images. Facebook, when

resizing, scales the bigger side of an image to one of the

two resolutions and modifies the other side keeping the

original aspect ratio of the image. On the contrary, Picasa, the

OPS developed by Google, does not perform any processing

neither in the resolution nor compression of the published

images. In fact, when submitting images at the one resolution

managed by Picasa, i.e., “original resolution”, 1600, 1200

or 640 pixel (on the bigger side) the images are left unchanged.

Table IA COMPARISON OF SOME OPS WEB-SITES

Name Format Album Limit Tags Com. UsersFlickr JPEG Yes 3GB Yes Some 26, 000, 000Fotki GIF

JPEGPNG

Yes 50MB Yes Yes 1, 250, 000

Picasa GIFJPEGPNG

Yes 1GB Yes Some 500, 000

Shutterfly JPEG Yes unlimit No Some 2, 000, 000SmugMug JPEG

TIFFPNGGIF

No unlimit Yes Yes 315, 000

Snapfish JPEG No unlimit No 70, 000, 000Webshots JPEG No 2GB Yes Some 32, 000, 000WindowsLivePho-tos

JPEG Yes 25GB Yes Some 56, 000, 000

Zooomr JPEGTIFFPNGGIF

Yes unlimit Yes Yes 100, 000

This paper proposes and analyzes two new steganographic

techniques to hide information. The first technique uses the

file name of the images as generated by a digital camera. The

second one takes advantage of the feature of inserting tags in

images. Finally, this paper proposes a technique to establish

a secure communication channel among users exploiting

the OSN/OPS involved. The tags are used to construct a

notification system which allows users to announce having

sent a new secret message as well as acknowledge it having

been received.

The paper is structured as follows. Section II gives a classi-

fication of Information Hiding. In Section III the technique

of hiding data by using the file name of the published

images is described. In Section IV the second steganographic

technique, which uses the tags to hide information in a

OSN/OPS is presented. Section V illustrates how to create a

secure communication channel, by adding to the two proposed

steganographic schemes a notification system based on tags.

Some concluding remarks are given in Section VI.

II. INFORMATION HIDING

Information Hiding is a field of Information Security. This

term refers to several techniques used to hide information in

different types of “digital containers” (transmission channels,

documents, audio, video, programs, images, etc). The reasons

for hiding information can be different, for example, to store

secret messages in a secure way or create covert channels. A

covert channel is a communication channel that violates the

system security policy, as defined in [6] by Lampson, “Covert

channels, i.e. those not intended for information transfer at all,

such as the service program’s effect on the system load”.

Figure 1 shows the classification of Information Hiding

adapted from Bauer [7].

����������� ��

����� �������� ������������

������������������

���������

��������������

������������

������� ��

�������� �

������ ������

��������

!���������

��������������������

"������ �����������#��

$�%�������������#��

&��������� '������#��

�������%��(������#��

��%��(������#��

&�����(������#��

Figure 1. Classification of Information Hiding adapted from Bauer.

An important area of the Information Hiding is Steganog-

raphy. While Cryptography studies how to protect the content

of a message, Steganography deals with the techniques used

to hide the existence of a message.

It is also possible to implement steganographic techniques

on OSN/OPS. The simplest one is to divide the secret message

into pieces that are added as comments to photos. How-

ever, since it usually publishes textual information (such as

comments, photo descriptions, etc.), Linguistic steganographytechniques can be used. Linguistic steganography is a tech-

nique in which the message is concealed in the carrier not

using obvious methods.

It uses the following techniques:

• Visual Semagram, where innocent-looking or everyday

physical objects hide the message (e.g., positions of

elements in a published image);

• Text Semagram, where the message is hidden taking

advantage of the ways of visualizing the data (e.g., uses

the addition of extra spaces in the field description);

• Jargon code, which uses a language understood by a

limited group of people (e.g., innocent comments that

364

hide special meanings that have sense only for the inter-

locutors);

• Covered Grille cipher, where a template is applied to the

carrier message; in this way only the characters which

compose the secret message are visible while the others

are obfuscated;

• Covered Null cipher, where the message is hidden using

a set of rules agreed upon by the users (e.g., see the first

character of every word or read every five words).

The technique analyzed in Section III can be classified as

Covered Null cipher, while the one shown in Section IV can

be classified as Visual Semagram.

III. STEGANOGRAPHY IN THE FILE NAME

User images are usually processed by the OSN/OPS before

their publication. The processing may vary depending on the

service, and usually involves some other characteristics of

the images, such as image format, size, metadata, quality

factor, etc. (see for example [5]). While the OSN usually

perform some modifications on the file name of the published

images, the OPS usually leave it unchanged. Therefore, a

published image on a OSN/OPS with a file name following

the common encoding rules assigned automatically from the

digital cameras, does not raise suspicion. In this section the

authors focus their attention on digital photos rather than

considering general images. The key idea is to embed the

secret message into a sequence of file names that follow

the naming convention adopted by the digital cameras when

saving the captured photos.

The digital photos are raster images (bitmap images) charac-

terized by resolution (in pixel), number of bits used to describe

the color and compression format. Digital cameras usually

generate photos in the JPEG format with an assigned name

which is usually compliant with a particular naming conven-

tion. Furthermore, the file size of digital photos depends on

the camera model, internal file size, compression settings and

user-selected resolution. Thus, the number of images that can

be saved in a storage device (e.g., a microSD) depends on the

above-mentioned variables. The file name is created according

to a naming convention which, although being different and

depending on the brand, has as a common feature, its length

which is eight characters (xxxxxxxx) followed by a dot and

an extension (yyy) which results in xxxxxxx.yyy. Generally,

the extension is “JPG” and the name is composed of:

• a first part of alphabetic characters;

• an eventual “_”;• a few digits that identify the sequence number of the

photos.

Table II illustrates the naming convention adopted by some

well-known brands. Occasionally, a brand uses the same

naming convention to refer to different digital camera models.

The proposed technique uses the variable part of the photo

file name to hold secret information. For example, as shown

Table IIEXAMPLE OF COMMON NAMING CONVENTION AMONG DIGITAL CAMERAS

Brand Naming convention File typeCanon IMG_xxxx.JPG JPEG

Canon (reflex) iMG_xxxx RAWPanasonic, Sony, Nikon DSC_xxxx.JPG JPEG

Panasonic Pxxxxxxx.JPG JPEGCasio CIMGxxxx.JPG JPEG

Fujifilm DSCFxxxx.JPG JPEGLeica L1001xxx.JPG JPEG

Olympus P305xxxx.JPG JPEGPentax IMGPxxxx.JPG JPEG

Samsung SNCxxxxx.JPG JPEGSigma SDIMxxxx.JPG JPEG

in Table II, the maximum length of the variable part of each

file name is seven digits for Panasonic. If the information to

hide is longer than the number of digits k (with k < 7) of thevariable part of the photo file name, then it is necessary to use

several photos and properly distribute the information content

in the variable parts. If there are t photos generated by the

same camera model and with the same file naming, than there

are k · t decimal digits useful to encode the message. These

correspond to log2 10k·t� 3.32 · k · t bits. The value t can be

large and depends on the policy of the service (for example,

for some OPS, see Table I) as well as the processing applied

before publishing.

Since the secret message is fragmented into several parts,

it is important for its subsequent reconstruction to establish

their correct order. Before describing techniques to establish

the order of the fragments, it is necessary to introduce some

notation.

Let P1, P2, · · · , Pm be the sequence of photos in which

the secret message will be embedded, as they appear on the

OSN/OPS. Let S = s1||s2|| · · · ||sm be the stego-data which

is the concatenation of m pieces si of size k bits, where only

the last piece, sm, is of size ≤ k.A permutation σ is chosen to establish where to embed

each fragment. Specifically, fragment sσ(i) is inserted in the

file name of the photo Pi. In the following, the σ(i) is referred

to as the fragment index. In order to extract the stego-data

from the sequence of photos P1, P2, · · · , Pm, the recipient

has to compute the inverse permutation σ−1. If fi is the

fragment extracted from the file name of the photo Pi, then

the stego-data is retrieved as fσ−1(1)||fσ−1(2)|| · · · ||fσ−1(m),

which recovers the value of the embedded stego-data S.

There are different ways to fix the permutation σ and, thus,

to establish the order of the fragments:

• The permutation can be fixed a priori; for example it can

be the identity permutation (i.e., σ(i) = i), or the reverse

order permutation (i.e., σ(i) = m− i + 1).• The permutation can depend on the sequence of files

P1, P2, · · · , Pm; for example the hash values of the

involved photos can be computed and define the permu-

tation according to the lexicographic order of those hash

values, namely, σ(i) is equal to the index corresponding

365

to the i-th smaller value in the set of computed hashes

H(P1), H(P2), · · · , H(Pn). If H(Pj) is the i-th smaller

value in this set, then σ(i) = j.• The permutation can also depend on other information

published on the OSN/OPS. For example, another pub-

lished photo P can be fixed and used as a seed in a

Pseudo-Random Number Generator (PRNG) to produce

a sequence PRNG(P ) = g1||g2|| · · · ||gm of m values of

a suitable length. The permutation is defined according

to the lexicographic order of values g1, g2, · · · , gm, that

is, σ(i) is equal to the index corresponding to the i-thsmaller value among them. If gj is the i-th smaller value

in this set, then σ(i) = j.• Finally, the permutation can depend both on the sequence

of photos P1, P2, · · · , Pm as well as other published

photos on the OSN/OPS. For example, the output of

the PRNG can be given as the input, together with the

photo Pi to the hash function. In other words, the mvalues g1, g2, · · · , gm, output of the PRNG seeded with

an external photo P , can be concatenated pair-wise to the

sequence of photos P1, P2, · · · , Pm in order to obtain the

resulting g1||P1, g2||P2, · · · , gm||Pm. The permutation is

defined according to the lexicographic order of values

g1||P1, g2||P2, · · · , gm||Pm, that is, σ(i) is equal to the

index corresponding to the i-th smaller value among

them.

If parties share a private key, the permutation order can also

depend on it. For example, an HMAC can be used instead of

hash values.

It is clear that for some of the methods described above,

in which the permutation is defined on objects published on

the OSN, these objects have not to change after publication

since it could compromise the revealing process of the stego-

system. If the changes cannot be avoided due to OSN/OPS

functionalities, then other methods have to be used to define

the order of the fragments. The order information has to be

independent from the object and may be either fixed a priori

or included in the information published by the OSN/OPS.

For example, it can be included as part of the file name of the

photos. This approach clearly decreases the total information

carried by the stego-system. If k digits were available in the

file name for the stego-data, then q of them can be used

as an index and the remaining k − q to embed fragments.

It is also possible to include the order information in the

EXIF [9] metadata of the photos, as a comment or a keyword

of the published photos, as long as this information is not

modified before publication and is not subject to changes

after publication by the OSN/OPS.

Some OSNs, such as Facebook, do not preserve the original

file name but rename it with a new one which contains several

pieces of information such as the “Facebook identifier”. In

these cases, the proposed technique cannot be directly used

due to the hidden data being deleted when the images are

published on the OSN/OPS. This problem can be overcome by

storing the original file name in other fields which are usually

present in most of the OSN/OPS. In the case of Facebook,

for example, the “Description” field can be used to store

the original file name and hence adopt the proposed technique.

Stego-data does not have not to be embedded into all the

photos belonging to a user, with it being possible to use only

a subset. The remaining photos, as well as the respective

file names, can be used to further obfuscate and hide the

presence of the stego-system. It is therefore important to

establish which are the photos to be used in order to embed

the fragments.

It is possible to use an approach similar to the one adopted in

the determination of the permutation σ illustrated above. Let

P1, P2, · · · , Pn be the sequence of all the images published

by a user as they appear on the OSN/OPS. A characteristic

binary vector c1, c2, · · · , cn is chosen to establish which

photo should be part of the sequence used for the embedding

procedure. That is, ci = 1 implies that the photo Pi is part of

the sequence, while ci = 0 tells that the photo Pi should not

be considered. Therefore, the initial sequence of the photos

is Pi1 , Pi2 , · · · , Pim where 1 ≤ i1 < i2 < · · · < im ≤ n and

ci1 = ci2 = · · · = cin= 1 and the other cj values are equal

to zero.

Similarly to the determination of the permutation σ, thereare different ways to fix the characteristic binary vector:

• It can be fixed a priori. For example, it can be a part of

the binary expansion of π or the outcome of the Lottery.

• It can vary with the sequence of photos. For example, it

can be the concatenation of the hash values of the first

few photos.

• It can also depend on other information published on the

OSN/OPS. For example, it can be the output of a PRNG

seeded with a priori fixed photo.

• Finally, it can depend both on the sequence of photos

P1, P2, · · · , Pn as well as an additional photo Ppublished on the OSN/OPS. For example, the PRNG

can be seeded with the photo P and then its output can

be XORed piece-wise with the hash values computed on

the first few photos.

Another possibility offered by the OSN/OPS is the grouping

and organization of photos in folders whose name is usually

left to the user choice. This makes it possible to use the

folder file names to hide parts of the stego-data.

In order to improve the efficiency of the entire system, it

is advisable to compress the stego-data before embedding it.

For example, the Deflate algorithm [8] can be used.

Since the stego-data can be discovered, an encryption algo-

rithm (either symmetric or asymmetric) should be used before

embedding it. This increases the entropy and makes it more

difficult to detect the existence of the stego-data.

366

Time Consistency

The EXIF (Exchangeable Image File Format) standard [9]

is used to associate metadata to the image. Among the

information supplied by the EXIF standard, in this subsection

the attention is focused on the time and date. Such information

allows for the reconstruction of the temporal sequence of all

the photos, assuming that the time and date were correctly

set on the digital camera and that nobody has manually

modified them later. The order established by the sequence

number contained in the file name has to be coherent with

the temporal sequence of the creation time contained in the

EXIF metadata. To avoid inconsistency, it is necessary to

avoid or limit anomalies between the two temporal sequences.

Therefore, if the fragment index does not depend on the

photos containing the stego-data, then the file name should

be bound to the images in such a way as to preserve this

relationship.

Another possibility is to remove the EXIF metadata from

the images before uploading them to a OSN/OPS. It is worth

mentioning that this operation is usually performed by most

of the OSNs while, on the contrary, most of the OPSs leave

the EXIF metadata unchanged.

Photos produced with a given digital camera and shot in a

short time interval, have a relatively close sequence number

in the file names. Vice versa, a large difference in sequence

numbers in file names usually corresponds to photos shot

over longer time interval. To avoid anomalies with respect

to the above mentioned property, a smaller value of k can

be used by fixing the first few digits of the file name and

using the remaining digits of the file names to hold fragments.

IV. STEGANOGRAPHY USING TAGS

In this section a new steganography technique that takes

advantage of the use of tags is proposed. The tag, whose

circulation has increased with the advent of the Web 2.0, is

a metadata that links different elements. “Tagging” is very

popular in OSN/OPS, where the terminology refers to the

specific case where a user identifies the people depicted

in a photo, and marks the photo with their names, thus,

explicitly linking those people to the photo [3]. The proposed

steganographic technique uses a set of photos posted by a

user on an OSN/OPS and the tags on them in order to encode

a secret message. The technique applies also to general

images and is not limited to photos.

Assume a user u has posted t photos on an OSN/OPS. Let

P1, P2, · · · , Pt be the sequence of published photos which

is the part of all user’s photos that will be used to embed

the stego-text. In addition, let U be the sequence of users

u1, u2, · · · , um who can be tagged in the photos in order to

hide the information. Therefore, in every photo Pi, u can add

or not a tag to one of the m users uj . This makes it possible

to construct a matrix where the element bj,i will be:

• 1, if in the photo Pi the user uj has been tagged;

• 0, if in the photo Pi the user uj has not been tagged.

Table IIIBINARY ENCODING OF THE TEST SECRET MESSAGE

t h i s01110100 01101000 01101001 01110011 01000000

m e s s a01101101 01100101 01110011 01110011 01100001

g e i s01100111 01100101 01000000 01101001 01110011

h i d d01000000 01101000 01101001 01100100 01100100

e n01100101 01101110

The sequence of m · t bits b1,1 b1,2 · · · bm,t will encode

the secret message.

Table IVSEQUENCE OF BITS bj,i IN MATRIX REPRESENTATION

Photos

P1 P2 P3 P4 P5 P6 P7 P8 P9 P10 P11

u1 0 1 1 1 0 1 0 0 0 1 1u2 0 1 0 0 0 0 1 1 0 1 0u3 0 1 0 1 1 1 0 0 1 1 0u4 1 0 0 0 0 0 0 0 1 1 0u5 1 1 0 1 0 1 1 0 0 1 0u6 1 0 1 1 1 0 0 1 1 0 1u7 1 1 0 0 1 1 0 1 1 0 0u8 0 0 1 0 1 1 0 0 1 1 1u9 0 1 1 0 0 1 0 1 0 1 0u10 0 0 0 0 0 0 1 1 0 1 0u11 0 1 0 1 1 1 0 0 1 1 0u12 1 0 0 0 0 0 0 0 1 1 0u13 1 0 0 0 0 1 1 0 1 0 0u14 1 0 1 1 0 0 1 0 0 0 1u15 1 0 0 1 0 0 0 1 1 0 0u16 1 0 1 0 1 1 0 1 1 1 0

Clearly, in order to increase the size of the secret message,

in addition to posting more photos, it is also possible to

increase the cardinality of U . To do this, u can create

fictitious users in the OSN/OPS, who will link to his profile,

inserting them into the sequence U . Using the “privacy”

settings, available on several OSN/OPS, it may be possible to

increase the degree of confidentiality of the message due to

the sharing of photos, albums and notification of tags being

limited to small groups of users and not visible to everyone.

The privacy settings should be configured in such a way as

to allow the receiver of the secret message to see all photos

in the sequence as well as the tags applied.

The described technique has two aspects for improvement

compared to the one discussed in Section III. The first is

the amount of hidden information that, on the basis of the

number of images available on the OSN/OPS, is higher due

to it using a system that exploits a number of tagged users

which is greater than the number of bits in the file name

that can be used to embed the stego-data. The second is

the time required to hide the message. With the technique

described in Section III, having to rename the images

367

published generally requires uploading them again. This can

be a rather time consuming process, depending on the size

of the files. While the time taken to hide information using

the technique discussed in this section is relatively quick due

to it adding the appropriate tags to images that have already

been published.

As an example, consider the case where the message “thismessage is hidden” is the one to be hidden. The text

consists of 22 characters, and since each character is ASCII

encoded with a byte, 176 bits are needed to represent the

message (see Table III).

Assuming one has 11 photos and 16 users to tag in each

photo, than the entire message of 176 = 11 · 16 bits can be

encoded. The sequence of bits bj,i, represented as a matrix,

is the one reported in Table IV. Therefore, in photo P1 users

u4, u5, u6, u7, u12, u13, u14, u15 and u16 have to be tagged,

in photo P2 users u1, u2, u3, u5, u7, u9 and u11 have to be

tagged and so on, up to photo P11 where users u1, u6, u8,

and u14 have to be tagged.

Clearly, in order to improve efficiency and security it

is advisable to compress and encrypt the stego-data before

embedding it.

V. SECURE COMMUNICATION ON OSN AND OPS

The solution introduced in this section aims to establish

secure communication paths among users of a OSN/OPS.

Using the proposed solution, it is possible to transmit

information in a secure way and hide it with respect to a

limited number of users in a selective manner. The idea is to

apply the techniques described in Section III and IV to hide

data, as well as implement a notification mechanism which

notifies when a secret message has been read and by who.

The notification system proposed in this section uses the tags

on the photos present on OSN/OPS. Even in this case, one

can perform the tag operation even to other kind of images

besides photos.

After having concealed the message, the sender applies the

tag related to the “receivers” of the message to one photo

stored in the albums which has to be different from the photos

used in the above-mentioned steganographic technique of

Section IV. Then, the OSN/OPS will notify to the users who

have been tagged in that photo. Thus, they will “discover”

that a hidden piece of information directed to them has

been published. After reading the message, the users will

remove the tag inserted by the sender. In this way, the sender,

monitoring who has removed the tag from the photo, will

known who has received and read the secret message.

How the proposed notification system works will now

be described in further detail. To post a hidden message, a

generic user u will use the techniques described in Section III

and IV. Having published the message, u should notify its

publication to a set of users U ′, the recipients of the secret

message. In order to do this, the sender simply tags in the

photo P , all the users of U ′. The OSN/OPS will notify the

users of U ′ that they have been tagged in the photo P of

u: this will be interpreted as the release of a secret message

from the user u. In turn, the users of U ′, having decoded

the hidden data, removed the tag from P , thus notifying uthat the secret message has been read. Then, new message

can be sent. In this way it is established a synchronous

communication channel.

In order to make it more difficult to intercept secure

communications, as well as increase the amount of

information transmitted, the system may be distributed

across multiple sites. Using the “privacy” settings, available

on several OSN/OPS, it may be possible to increase the

degree of confidentiality of the message due to the sharing of

photos, albums and notification of tags being limited to small

groups of users and not necessarily everyone.

VI. CONCLUSIONS

New techniques to create a secure communication on the

Internet have been presented in this paper. The most important

elements in implementing these techniques are the availability

of photos, published and shared on the Web, as well as

the ability to create tags on the other users. The amount

of information that can be hidden depends on the number

of photos published, the numbers of users to involve, the

name assigned to them as well as how they are distributed in

various albums. A notification system which uses tags has been

proposed to implement a secure synchronous communication

channel.

Since most of the OSN/OPS change the published photos,

it is not possible to use classic steganographic techniques

directly on these images. Thus, the proposed steganographic

technique may be very useful to create a covert channel even

on OSN/OPS that notoriously modify the multimedia files

before publication.

REFERENCES

[1] J. Barnes, “Human relations,” Class and Committees in a NorwegianIsland Parish, vol. 7, pp. 39–58, 1954.

[2] S. Grabner-Krauter, “Web 2.0 social networks: The role of trust,” Journalof Business Ethics, vol. 90, pp. 505–522, December 2009.

[3] D. M. Boyd and N. B. Ellison, “Social network sites: Definition, history,and scholarship,” Journal of Computer-Mediated Communication, vol. 13,no. 1, pp. 210–230, 2007.

[4] Wikipedia, “List of photo sharing websites,” http://en.wikipedia.org/wiki/List_of_photo_sharing_websites, visited June 2011.

[5] A. Castiglione, G. Cattaneo, and A. De Santis, “A forensic analysis ofimages on online social networks,” Submitted, June 2011.

[6] B. W. Lampson, “A note on the confinement problem,” Commun. ACM,vol. 16, pp. 613–615, October 1973.

[7] F. L. Bauer, Decrypted secrets - methods and maxims of cryptology (4.ed.). Springer, 2007.

[8] P. Deutsch, “Deflate compressed data format specification version 1.3,”http://www.ietf.org/rfc/rfc1951.txt, May 1996.

[9] Camera & Imaging Products Association, Standardization Committee,“Exchangeable image file format for digital still cameras: Exif Version2.3,” http://www.cipa.jp/english/hyoujunka/kikaku/pdf/DC-008-2010_E.pdf, 26 April 2010.

368