Using Facebook for Image Steganography

Because Facebook is available on hundreds of millions of desktop and mobile computing platforms around the world and because it is available on many different kinds of platforms (from desktops and laptops running Windows, Unix, or OS X to hand held devices running iOS, Android, or Windows Phone), it would seem to be the perfect place to conduct steganography. On Facebook, information hidden in image files will be further obscured within the millions of pictures and other images posted and transmitted daily. Facebook is known to alter and compress uploaded images so they use minimum space and bandwidth when displayed on Facebook pages. The compression process generally disrupts attempts to use Facebook for image steganography. This paper explores a method to minimize the disruption so JPEG images can be used as steganography carriers on Facebook.Comment: 6 pages, 4 figures, 2 tables. Accepted to Fourth International Workshop on Cyber Crime (IWCC 2015), co-located with 10th International Conference on Availability, Reliability and Security (ARES 2015), Toulouse, France, 24-28 August 201

SocialStegDisc: Application of steganography in social networks to create a file system

The concept named SocialStegDisc was introduced as an application of the original idea of StegHash method. This new kind of mass-storage was characterized by unlimited space. The design also attempted to improve the operation of StegHash by trade-off between memory requirements and computation time. Applying the mechanism of linked list provided the set of operations on files: creation, reading, deletion and modification. Features, limitations and opportunities were discussed.Comment: 5 pages, 5 figure

Reversible Data Hiding over Facebook

Facebook, the most popular Online Social Network (OSN), could be used as a platform to share secret messages through JPEG images online. However, due to the various lossy operations conducted over Facebook, the data embedded into the JPEG images can be easily destroyed, making the data extraction infeasible. More importantly, all these operations are carried out without users’ interference. In this paper, we first perform an in-depth investigation of the various lossy operations that Facebook applies to uploaded images. Based upon such prior knowledge, we propose a DCT-domain data hiding scheme that can effectively embed a large amount of data and successfully extract them out from the downloaded images, defeating the uncontrolled lossy operations. Compared with the state-of-the-art techniques, the proposed method offers much higher embedding capacity, and can extract the data successfully with very high probability. Furthermore, the restored image upon data extraction is of high quality, and the file size expansion is negligible. Extensive experimental results are provided to validate our findings

Remorabook: Privacy-preserving Social Networking Based on Remora Computing

Recent scandals on online social networking have greatly raised privacy concerns on massive amount of personal information stored on social networking platforms. The privacy issues are rooted in the current design of online social networking. On one hand, users have to share their personal information with social networking service providers for networking. On the other hand, the sharing essentially allows the service providers to own the data, and the sharing may results in various privacy issues due to the business model of the service providers. In this thesis, we propose RemoraBook to solve the privacy issues in online social networking with Remora Computing, inspired by the remora fishes noted for traveling effortlessly by attaching themselves to large marine animals such as sharks. Remora Computing enables RemoraBook users to utilize facilities available from service providers to build social networks without sharing information to service providers. The networking function and messaging function of RemoraBook are implemented based on Facebook and Gmail facilities respectively. Our extensive experiments on RemoraBook show social networks can be reliably built in RemoraBook without significant degradation on usability

Are Social Networks Watermarking Us or Are We (Unawarely) Watermarking Ourself?

In the last decade, Social Networks (SNs) have deeply changed many aspects of society, and one of the most widespread behaviours is the sharing of pictures. However, malicious users often exploit shared pictures to create fake profiles leading to the growth of cybercrime. Thus, keeping in mind this scenario, authorship attribution and verification through image watermarking techniques are becoming more and more important. In this paper, firstly, we investigate how 13 most popular SNs treat the uploaded pictures, in order to identify a possible implementation of image watermarking techniques by respective SNs. Secondly, on these 13 SNs, we test the robustness of several image watermarking algorithms. Finally, we verify whether a method based on the Photo-Response Non-Uniformity (PRNU) technique can be successfully used as a watermarking approach for authorship attribution and verification of pictures on SNs. The proposed method is robust enough in spite of the fact that the pictures get downgraded during the uploading process by SNs. The results of our analysis on a real dataset of 8,400 pictures show that the proposed method is more effective than other watermarking techniques and can help to address serious questions about privacy and security on SNs.Comment: 43 pages, 6 figure

Are Social Networks Watermarking Us or Are We (Unawarely) Watermarking Ourself?

In the last decade, Social Networks (SNs) have deeply changed many aspects of society, and one of the most widespread behaviours is the sharing of pictures. However, malicious users often exploit shared pictures to create fake profiles, leading to the growth of cybercrime. Thus, keeping in mind this scenario, authorship attribution and verification through image watermarking techniques are becoming more and more important. In this paper, we firstly investigate how thirteen of the most popular SNs treat uploaded pictures in order to identify a possible implementation of image watermarking techniques by respective SNs. Second, we test the robustness of several image watermarking algorithms on these thirteen SNs. Finally, we verify whether a method based on the Photo-Response Non-Uniformity (PRNU) technique, which is usually used in digital forensic or image forgery detection activities, can be successfully used as a watermarking approach for authorship attribution and verification of pictures on SNs. The proposed method is sufficiently robust, in spite of the fact that pictures are often downgraded during the process of uploading to the SNs. Moreover, in comparison to conventional watermarking methods the proposed method can successfully pass through different SNs, solving related problems such as profile linking and fake profile detection. The results of our analysis on a real dataset of 8400 pictures show that the proposed method is more effective than other watermarking techniques and can help to address serious questions about privacy and security on SNs. Moreover, the proposed method paves the way for the definition of multi-factor online authentication mechanisms based on robust digital features

Methods for Information Hiding in Open Social Networks

This paper summarizes research on methods for information hiding in Open Social Networks. The first contribution is the idea of StegHash, which is based on the use of hashtags in various open social networks to connect multimedia files (such as images, movies, songs) with embedded hidden data. The proof of concept was implemented and tested using a few social media services. The experiments confirmed the initial idea. Next, SocialStegDisc was designed as an application of the StegHash method by combining it with the theory of filesystems. SocialStegDisc provides the basic set of operations for files, such as creation, reading or deletion, by implementing the mechanism of a linked list. It establishes a new kind of mass-storage characterized by unlimited data space, but limited address space where the limitation is the number of the hashtags' unique permutations. The operations of the original StegHash method were optimized by trade-offs between the memory requirements and computation time. Features and limitations were identified and discussed. The proposed system broadens research on a completely new area of threats in social networks

Exploiting online services to enable anonymous and confidential messaging

Mestrado em Cibersegurança na Escola Superior de Tecnologia e Gestão do Instituto Politécnico de Viana do CasteloMessaging services are usually provided within social network platforms and allow these platforms to collect additional information about users, such as what time, for how long, with whom, and where a user communicates. This information enables user identification and is available to the messaging service provider even when communication is encrypted end-to-end. Thus, a gap still exists for alternative messaging services that enable anonymous and confidential communications and that are independent of a specific online service. Online services can still be used to support this messaging service, but in a way that enables users to communicate anonymously and without the knowledge and scrutiny of the online services. In this paper, we propose messaging using steganography and online services to support anonymous and confidential communication. In the proposed messaging service, only the sender and the receiver are aware of the existence of the exchanged data, even if the online services used or other third parties have access to the exchanged secret data containers. This work reviews the viability of using existing online services to support the proposed messaging service. Moreover, a prototype of the proposed message service is implemented and tested using two online services acting as proxies in the exchange of encrypted information disguised within images and links to those images. The obtained results confirm the viability of such a messaging service.Serviços de envio de mensagens instantâneos são normalmente fornecidos por plataformas de rede social e permitem que estas plataformas recolham informações adicionais sobre os utilizadores, como a que horas, por quanto tempo, com quem e onde um utilizador comunica. Esta informação permite a identificação do utilizador e está disponível para o prestador de serviços mesmo quando a comunicação é encriptada de ponta a ponta. Assim, existe ainda uma lacuna para serviços de mensagens alternativos que permitem comunicações anónimas e confidenciais e que são independentes de um serviço online específico. Os serviços online ainda podem ser utilizados para apoiar este serviço de mensagens, mas de uma forma que permite aos utilizadores comunicarem de forma anónima e sem o conhecimento e escrutínio dos serviços online. Neste artigo, propomos mensagens usando esteganografia e serviços online para apoiar comunicações anónimas e confidenciais. No serviço de mensagens proposto, apenas o remetente e o destinatário estão cientes da existência dos dados trocados, mesmo que os serviços online utilizados ou outros terceiros tenham acesso aos contentores de dados secretos trocados. Este trabalho revê a viabilidade de utilizar os serviços online existentes para apoiar o serviço de mensagens proposto. Além disso, um protótipo do serviço de mensagens proposto é implementado e testado usando dois serviços online agindo como proxies na troca de informações encriptadas escondidas dentro de imagens e links para essas imagens. Os resultados obtidos confirmam a viabilidade de tal solução