Abstract

Social Internet of Things (SIoT) is an emerging field that combines IoT and Internet, which can provide many novel and convenient application scenarios but still faces challenges in data privacy protection. In this paper, we propose a robust behavioral steganography method with high embedding capacity across social networks based on timestamp modulation. Firstly, the IoT devices on the sending end modulate the secret message to be embedded into a timestamp by using the common property on social networks. Secondly, the accounts of multiple social networks are used as the vertices, and the timestamp mapping relationship generated by the interaction behaviors between them is used as the edges to construct a directed secret message graph across social networks. Then, the frequency of interaction behaviors generated by users of mainstream social networks is analyzed; the corresponding timestamps and social networks are used to implement interaction behaviors based on the secret message graph and the frequency of interaction behaviors. Next, we analyze the frequency of interaction behaviors generated by users in mainstream social networks, implement the interaction behaviors according to the secret message graph and the frequency of interaction behaviors in the corresponding timestamps and social networks, and combine the redundant mapping control to complete the embedding of secret message. Finally, the receiver constructs the timestamp mapping relationship through the shared account, key, and other parameters to achieve the extraction of secret message. The algorithm is robust and does not have the problem that existing multimedia-based steganography methods are difficult to extract the embedded messages completely. Compared with existing graph theory-based social network steganography methods, using timestamps and behaviors frequencies to hide message in multiple social networks increases the cost of detecting covert communication and improves concealment of steganography. At the same time, the algorithm uses a directed secret message graph to increase the number of bits carried by each behavior and improves the embedding capacity. A large number of tests have been conducted on mainstream social networks such as Facebook, Twitter, and Weibo. The results show that the proposed method successfully distributes secret message to multiple social networks and achieves complete extraction of embedded message at the receiving end. The embedding capacity is increased by 1.98–4.89 times compared with the existing methods SSN, NGTASS, and SGSIR.

1. Introduction

With the widespread use of IoT devices and social networks, people have combined them to form the SIoT [1], which build many interesting scenarios. For example, it allows users to convert data about plants, pets, and so forth acquired by sensors in their homes into posts, which are then posted to social networks to share their lives in real time. In this era of connected everything, users’ privacy protection is always a hot topic being discussed. For edge devices involving personal safety, more covert means of communication are needed to transmit secret commands that prevent communication data from being monitored and tampered within the link to avoid significant loss of life and property. Steganography is a privacy protection method that uses redundant methods such as human vision and hearing to conceal the existence of secret communication [2] and has received wide attention from scholars in the field of information security. It allows SIoT to deliver critical data with higher security requirements in an imperceptible manner while delivering ordinary data. Therefore, it is of great importance and practical value to study the covert communication of social IoT.

This paper will focus on the way how edge devices of SIoT can implement steganography on social networks. The traditional steganography method based on multimedia has high embedding capacity and superior performance in resisting statistical detection [3]. However, the generated steganography object is vulnerable to channel attack when it is sent through a lossy channel, which will result in the inability to extract secret message correctly. Meanwhile, once the carrier is modified during the embedding of secret message [4], there is a risk of being identified as abnormal data [5]. Social network behavioral steganography (SNBS) is a method, which uses user's comments, forwardings, and other behaviors on social networks to realize covert communication. It combines the rich interaction behaviors of social networks [6] with steganography to make up for the shortcomings of traditional steganography methods in terms of robustness and detection resistance. On lossy channel, it does not cause the loss of behavioral data but ensures the robustness of steganography methods. In addition, secret message is hidden in behaviors, which effectively resists the analysis and detection technology for multimedia data; the sender and receiver do not directly establish communication to avoid causing special attention of the third party [7] and avoid the possibility of the sender’s exposure or betrayal to testify against the receiver. However, the embedding capacity of SNBS is very low. Although it avoids the detection of multimedia data, it also introduces behavioral abnormalities. This limits the practical use of such methods. How to improve the embedding capacity and correct the abnormal behaviors is an urgent problem to be solved in the practical application of SNBS technology. This paper will focus on the improvement of SNBS capacity and the correction of abnormal behaviors.

Recently, researchers have developed a series of studies in the field of SNBS. Existing social network steganography methods can be divided into two categories according to the difference of secret message carriers: social network multimedia steganography (SNMS) and social network behavioral steganography (SNBS).

SNMS refers to embedding secret message into multimedia such as posts and comments published by users. This kind of methods combines multimedia such as text [811], image [1215], and video containing secret message with a social network and uses posts, comments, and other ways to realize covert communication.

SNBS uses user’s interaction to convey secret message and can be further divided into non-graph-theory-based steganography and graph-theory-based steganography. For non-graph-theory-based steganography, in order to prove whether social network behavioral data can provide instructions for botnets, Pantic and Husain [16] use the length of Twitter to realize the transmission of secret data. This method has certain concealment, but it is easy to be detected. Zhang [17] proposes a method to send secret message by marking “love.” The behavioral steganography method of marking “love” attempts to send message in the WeChat Moments, which is widely used in China, but there are insufficient embedding capacity and detection resistance. In view of the problem that the relationship between friends is not considered in [17], Hu et al. [18] use the behavioral correlation between sender and friend to calculate the reasonable probability of marking “love” on a social network, which improves the security, but the embedding capacity needs to be improved. Regarding the “prisoner model,” the security issue between sender and receiver is not considered; Yang et al. [7] give a constraint framework to ensure content security and behavioral security and provide a reference method for the behavioral security of social network steganography. Li et al. [19] propose a framework for reposting posts and other network activities to hide secret message. This framework hides secret message in interactive activities and provides a theoretical basis for social network steganography. For graph-theory-based steganography, methods of using a graph theory to describe steganography can be traced back to [20]. This paper describes the method of using a dynamic data structure in memory to store secret messages. Nechta [21] constructs an undirected graph of secret message on social networks to achieve covert communication. The method proposed by Wu et al. [22] conveys secret message through an undirected graph and enhances the security of communication through a directed graph; however, there are some redundancies in the nodes of this method. To address the problem that the secret data may be exposed due to the attacker’s mastery of the reconstruction graph process, Wu et al. [23] improve the secret data security by remapping the correspondence between the vertices of the graph structure with a key, but the embedding capacity of the method still needs to be improved.

In response to the above problems, this paper proposes a high-capacity and robust behavioral steganography method for cross-platform social networks based on timestamp modulation. This method uses accounts in multiple social networks to construct a directed secret message graph on the sender side and hides the secret message in the timestamps of the interaction behaviors generated by the secret message graph. At the receiving end, the receiver uses the shared account and key to extract the secret message through the public social networks. The main work of this paper is as follows:(1)This paper proposes a method to construct a directed secret message graph across multiple social networks and map the secret message into the timestamp generated by the edge set of the secret message graph. Compared with existing methods, this method has a very high embedding capacity, and the effective number of bits transferred and the embedding rate are improved.(2)This paper proposes a distribution modulation algorithm that hides secret messages into multiple social networks by timestamps and fits the frequency characteristics of ordinary user interactions. This algorithm increases the cost of attackers to analyze the covert communication, reduces the probability of anomalous behaviors, and improves the detection resistance.(3)This paper proposes an algorithm to overcome the problem of information extraction failure due to interaction delay by increasing the redundancy time. The algorithm increases the number of mappings between participant account indexes and timestamps to avoid the possibility of mismatch between them and solve the robustness problem.

The rest of this paper is organized as follows. Section 2 briefly introduces the work related to SNBS. Section 3 introduces the method proposed in this paper. After that, Section 4 gives the experimental results and evaluation. Finally, this paper is concluded by Section 5.

Steganography based on graph theory uses user’s accounts and interactions on social networks to construct secret message graphs to realize covert communication. Compared with SNMS, steganography based on graph theory has high robustness and there is no statistical anomaly for multimedia steganography, and it is effective against multimedia steganography analysis techniques. Therefore, this section will briefly introduce the previous research based on graph theory steganography, so as to explain the feasibility of designing steganography methods based on graph theory.

Nechta [21] used social network behaviors to construct undirected graphs for covert communication, abbreviated as SSN. It constructs a secret message undirected graph , where denotes the set of vertices in the graph, denotes the set of edges in the graph, and denotes the adjacency function. This function is shown in equation (1) and is used to define whether the edges between and exist in graph . denotes the number of vertices in set . Moreover, vertices are exhaustively enumerated, where . The number of bits that can be transmitted by this method is shown in equation (2).

To facilitate the comparison of the ability of existing methods to deliver the size of secret messages, we take the product of the number of interactive behaviors and the average number of bits carried by each behavior as the embedding capacity . Let the average number of bits carried by a single behavior be . In this paper, the numbers of bits sent in [2123] are denoted as , and the numbers of interaction behaviors are denoted as , and their embedding capacities are denoted as , respectively. The embedding capacity in [21] is shown by the following equation:

The paper in [21] proposed a novel method to enable covert communication on social network, which provides a good reference for steganographic methods to social networks.

Wu et al. [22] used undirected graphs to hide secret message and directed graphs to hide topology and enhanced the security of the proposed method, abbreviated as NGTASS. For a graph , where and , each bit of the secret message binary string is embedded as an edge of the undirected graph and then the message graph is embedded into the directed graph The edges in the directed graph correspond to the edges in the undirected graph , and the direction is from the high index vertex to the low index vertex. If we ignore the direction pointing, is a subgraph of actually. The premise of this method is that the steganography and extracting processes share a set containing all vertices in . The interaction information of the social network is public, and the receiver can observe the interaction of the sender. When a receiver obtains and , the secret message will be extracted. It is worth noting that the method uses accounts to achieve covert communication, and one of the vertices is used to hide the topological information; in fact, vertices are used to encode the secret message. is shown in equation (4) and is shown in equation (5).

This method uses undirected graphs to encode secret message and uses additional vertices to hide the topology, which reduces the embedding capacity.

Wu et al. [23] based their work on [22] to remap the correspondence between the vertices of the graph structure by a key, abbreviated as SGSIR. This method controls vertices, which are indexed from to , and the vertex set consisting of to is denoted by . The edges whose starting and ending points belong to the vertex set are denoted as the edge set . The edge set has edges, where is an integer power of 2. For the embedding process, the method selects edges in based on a random seed and assigns an index. Then, the secret message is converted into a binary sequence, and every group is converted into a decimal sequence and is allocated build operations. Finally, four types of build operations are performed to send the secret message to the social network. For the extracting process, a receiver reconstructs the graph structure and extracts the secret message by using , , and public social network. The method controls vertices to achieve covert communication, but vertices and are used to denote 0 and 1, respectively, so the method uses vertices to encode the secret message. is shown in equation (6) and is shown in equation (7).

This method uses an undirected graph to construct a secret message graph and uses interactive remapping to improve security. Even if the attacker successfully reconstructs the graph structure, he cannot obtain the embedded data. At the same time, each behavior can carry more secret messages. However, it consumes a certain amount of vertices to hide information such as key and topology and uses undirected graphs to realize covert communication, which reduces the embedding capacity of the method.

We draw the basic framework of this type of method, as shown in Figure 1. The main steps can be briefly described as follows:(i)Encrypting secret message: encrypt the secret message to be transmitted(ii)Converting secret message to binary: convert ciphertext information into binary which is easy to send(iii)Building a secret message graph: the secret data is modulated into a secret message graph(iv)Releasing the secret message graph to the social networks: the edges in the secret message graph will be interactively generated on the social networks in turn(v)Extracting secret message: the extracting process of these methods is the reverse process of the embedding process


Figure 1 
Basic framework of behavioral steganography based on graph theory.

Based on the principles of existing methods, it is clear that behavioral steganography methods based on graph theory using undirected graphs to hide secret message have shortcomings. They convey less secret message and have lower embedding capacity. Moreover, they use a single social network to achieve steganographic communication, which requires frequent operations on the social networks. Timestamp is one of the public properties of social networks, and if the secret message is transformed into timestamps distributed over multiple social networks and used to construct directed graphs, it can effectively reduce the number of interactions generated in a single social network and improve the detection resistance and embedding capacity. Therefore, in this paper, we focus on a high-capacity, anomaly-detection-resistant behavioral steganography method using social networks timestamps.

The main notations in this paper are shown in Table 1. The notations without subscripts have a general description, and the subscripts and denote belonging to the sender and receiver, respectively.

Table 1 
Notation table.

3. Proposed Method

Timestamp is a time representation, also called Unix timestamp, which is defined as the total number of seconds from 00:00:00 GMT on January 01, 1970, to a certain point in time. The proposed method modulates the secret message as timestamps, constructs a directed secret message graph, and releases the edges of the directed secret message graph to social networks in the form of interactive timestamps. In this section, we describe our proposed method through a framework diagram of the method, several key steps, and an example.

The basic idea of this method is as follows: firstly, the sender-controlled accounts are used as the set of vertices of the graph, the possible edges between the vertices are traversed, and index numbers are assigned to construct the secret message graph. Then, the edges in the graph are used to construct the interaction index matrix, donated by , whose elements are called interaction indexes, and the secret message is converted into interaction indexes, and the mapping relationship between interaction indexes and timestamps are constructed. Finally, the secret message is modulated into timestamps by using interaction indexes as an intermediate form, which enables the embedding process of covert communication. The framework of the proposed method is shown in Figure 2; Steps 15 belong to the embedding process, and Steps 69 belong to the extracting process.


Figure 2 
Framework of the proposed method.

Step 1. Data preprocessing: using the key, the plaintext is encrypted into ciphertext, and the ciphertext is converted into decimal data suitable for subsequent steps.

Step 2. Generating interaction index matrix: the accounts controlled by the sender are used as the set of vertices of graph, and the possible edges between vertices are traversed. Hash the key, take some of the values as random seed to assign index numbers to the edges in the graph, and build a matrix called interaction index matrix.

Step 3. Generating cross-platform interaction sequence and construct the cross-platform directed interaction graph: the preprocessed data is used to generate a sequence for interaction through an interaction index matrix, which can construct an interaction graph among multiple social networks.

Step 4. Generating cross-platform robust timestamp sequence: this step firstly obtains data about the user’s behaviors on the corresponding social networks, which is used to analyze the interaction patterns. Secondly, the behavior generated by a user at one moment may be recorded at the next moment, which will cause a delay in the timestamp of the behavior, resulting in the receiver not being able to extract the message correctly. This problem can be solved by using a time redundancy control mechanism, for which it is necessary to obtain the maximum time delay over a while. Finally, the mapping relationship between vertices and timestamps is constructed by random seed, and the timestamp sequence of behaviors is generated by combining the interaction sequence, interaction delay, and interaction patterns.

Step 5. Releasing secret message graph: combine directed interaction graphs and timestamp sequence to construct secret message graph and release it to social networks.

Step 6. Regenerating the interaction index matrix: the receiver uses the account set and key to generate the interaction index matrix. The process of generation is the same as Step 2.

Step 7. Extracting timestamp sequence: the receiver uses the accounts to obtain user data from the corresponding social networks. The receiver parses the user interaction data in turn to obtain a sequence of timestamps, the elements of which are of the form <sender index,  timestamp>.

Step 8. Reconstructing directed secret message graph: the receiver senses and obtains the maximum interaction delay of these networks over a while and tries to reconstruct the index of interaction participants by the maximum interaction delay and timestamp. Then, parse the <sender index,  timestamp> element into a <sender index,  interaction index> element, and construct a directed secret message graph.

Step 9. Extracting secret message: decimal secret data can be extracted by interaction indexes. Then, the secret message can be obtained through a share key.
In this paper, we use graph theory to describe the interaction behaviors between accounts. For a directed graph , , and . , , which represents an interaction between accounts and . is the account that generates the behaviors, and is the account that interacts with . For a directed graph , with vertices in and edges in , vertices can generate at most different interaction behaviors. We use to denote the number of binary bits carried by each behavior. For coding purposes, will be an integer power of 2, and will be an integer. In fact, the following relationship will exist between , , and in this method (note: “” means rounding down):From equation (8), when is determined, and are obtained. For example, when , and . The main steps of the method are described in detail in the following subsections.

3.1. Generating Interaction Index Matrix

An -order matrix is initialized, whose elements are all , and, after the hash key, take part of the value as the random seed, and generate different pseudorandom indexes in , where . At this time, the elements of are still . The pseudocode to generate matrix is shown in Algorithm 1.

Input:
Output: I
(1)Generate a random sequence of length m from
(2) //The len function represents the length of the acquired sequence
(3)Initialize an -order matrix , whose elements are all −1
(4)for = 0 to  − 1 do
(5)
(6)
(7)
(8)
(9)end for
(10)return
Algorithm 1 
Interaction index matrix generation algorithm.
3.2. Generating Cross-Platform Interaction Sequence and Construct Cross-Platform Directed Interaction Graph

The binary data obtained by encrypting the plaintext is divided into groups of 8 bits; each group is an element of . Then, is divided into groups and converted to decimal, denoted as . If the number of binaries in the remaining is less than , it needs to append 0 until its length is . , are the row index and column index of matrix element , respectively. By matching the positions of the elements in set in matrix , the row and column indexes of the elements are obtained, denoted as , and append them to . The generation process of is shown in Algorithm 2, which is used to implement the cross-platform interactive sequence assignment. A cross-platform directed interaction graph can be constructed based on and .

Input:
Output:
(1)len()
(2)for to do
(3)
(4) Get the row and column of temp in matrix , and assign them to and respectively
(5).append ()
(6)end for
(7)return
Algorithm 2 
Cross-platform interaction sequence allocation algorithm.

Accounts on different social networks cannot interact with each other directly; for example, an account on Twitter cannot comment on a Facebook post. To enable the relationship between accounts on social networks, we assign timestamp indexes to accounts, denoted as  =  = . A timestamp-timestamp index mapping is constructed. For a given timestamp , there is a unique timestamp index corresponding to it. For example, for accounts , , and , and are two accounts on Facebook and is an account on Twitter; commented on a post of at timestamp . If the mapping value of is , it means that when timestamp is , established a relationship with , which is called logical interaction. interacted with for real, which is called actual interaction. The logical and actual interactions are referred to as interactions. The graph formed by the logical interaction and its vertices is called the logical interaction graph. The graph formed by the actual interaction and its vertices is called the actual interaction graph, which is shown in Figure 2.

3.3. Generating Cross-Platform Robust Timestamp Sequence

User behavior data can be obtained from the corresponding social networks by accounts, and the time interval of the interaction behaviors of the regular user is extracted. The frequency of the interaction interval within is statistically distributed in minutes, and the time interval sequence to be interacted is obtained by . is a two-dimensional array, the dimension represents the corresponding social networks, and the second dimension stores the timestamps of specific social network interaction behaviors. Before sending a secret message, the interaction delay of the currently used social network is constantly sensed and the maximum interaction delay corresponds to the number of redundancies in the redundancy mapping over time.

Get the current time and convert it to the timestamp form . The mapping between and timestamp can be constructed by to obtain the timestamp index. The timestamp of the interaction behavior is used to specify the time when the behavior was generated, and its sequence is denoted by . is generated by Algorithm 3, which has an initial value of .

Input:
Output:
(1)
(2)
(3)for to do
(4)for to do
(5)  
(6)  ] //Get the receiving account of the interaction sequence
(7)  
(8)  repeat
(9)   
(10)   if and then
(11)    Ts.append()
(12)   if else { and }
(13)    append()
(14)   else
(15)    
(16)   end if
(17)until
(18) append //The append function means append the current element to the sequence
(19)end for
(20)end for
(21)return
Algorithm 3 
Cross-platform robust timestamp sequence generation algorithm.

Algorithm 3 uses the method of adding redundant mapping to increase the robustness of this method. , the algorithm executes the preset interactive behavior at ; then the secret timestamp can be posted to the social networks. Combined with the generated timestamp sequence and the posts crawled in Step 4, release the secret message graph to the social network at the corresponding timestamp.

3.4. Reconstruction of the Directed Secret Message Graph

Initialize an empty interaction sequence, and, from the timestamps that have been arranged in ascending order in Step 9, the timestamp index can be calculated according to the following equation:

For any interaction element , is the index of the behavioral initiator in , and is the index of in . Get the interaction element from , and append it to . Similarly, the elements in are executed in sequence to obtain the interaction sequence , which reconstructs the secret message graph. Combining the subscripts of the sending and receiving account numbers of the elements of , the decimal information carried by this sequence can be determined from in Step 6. For any interaction element , the decimal data value transmitted can be determined from the following equation:

Using equation (10), the elements of sequence are executed sequentially, and the obtained values are appended to the initially empty sequence in turn. Then, is converted into binary and spliced into . Finally, the secret message transmitted can be extracted.

3.5. Example

To make the proposed method easier to understand, this section gives an example to briefly describe the process of sending, using plaintext to deliver the secret message. The secret message sent is “hello”; ; the key is “secret”; ; . Thus, we can get ; then , , and . When sending a secret message, the secret message is firstly converted to binary, divided into a group of every bits, and then converted to decimal, and the conversion process is shown in Table 2. Then, generate a random sequence of length , assuming that at this time  = [17, 9, 20, 33, 29, 24, 2, 21, 23, 31, 27, 3, 22, 32, 12, 28, 7, 26, 8, 35, 0, 14, 30, 5, 18, 34, 16, 19, 25, 10, 4, 1], through the parameters of Algorithm 1, using Algorithm 1 to obtain , as shown in equation (11). For example, the value of index 0, element 17 in , calculated by Algorithm 1, is and , so the element in row 2 and column 5 of is 0.

Table 2 
Process of converting plaintext to decimal.

Then, through equation (11) and Algorithm 2, the interaction sequence is generated. For example, the element with index 0 in sequence is 13, and its and in equation (11). Therefore, can be generated, which is shown in Table 3, and the constructed directed interaction diagram is shown in Figure 3(a).

Table 3 
Interaction diagram and timestamp sequence generation process.
(a)
(a)
(b)
(b)
Figure 3 
Logical interaction graph. (a) Logical interaction graph without timestamps. (b) Logical interaction graph with timestamps.

Next, the timestamp sequence is generated by Algorithm 3. Here, take as an example, and briefly describe its generation process. means that needs to interact with , and the subscript value 2 of is obtained by equation (9). The index of the timestamp corresponding to 1614704190 is 2. Therefore, performs a certain interaction behavior at timestamp 1614704190, which means that has a virtual interaction. The rest of the elements are calculated in the same way as shown in Table 3. The secret message graph is constructed based on and , as shown in Figure 3(b). Finally, by combining and the post message, the secret message graph is released to multiple social networks at the corresponding timestamps.

The actual interaction graph generated by sending “hello” is shown in Figure 4. The red timestamp in the figure indicates that the interactive behavior is delayed, the green timestamp indicates normal sending, and the orange social network icon indicates that it is not under the control of the sender account. According to Figure 4, we can extract the timestamp and other messages. The extracting process is the inverse of the embedding process and will not be repeated here.

(a)
(a)
(b)
(b)
Figure 4 
Actual interaction graph. (a) Mixed graph of logical and actual interactions. (b) Actual interactions graph.

4. Experiments and Evaluation

To evaluate the performance of the proposed method, we implemented the methods in [2123] and implemented the method proposed in this paper using Python.

4.1. Experimental Settings

The experiment uses Gone with the Wind as the secret message, “world” as the key, and 6 accounts on 3 platforms as the sending account. Therefore, , and then and . To determine the maximum interaction delay, we measured the time delay of Facebook, Twitter, and Weibo within 2 hours before the experiment. The specific method is as follows: use an automated tool to automatically perform a certain behavior at the expected timestamp. Then the time data that have been extracted on social networks can be converted to a timestamp form. The corresponding results are shown in Figure 5. Through observation, we have conducted more than 200 interactions within 2 hours, and the maximum interaction delay is . In addition, Figure 6(a) shown by the interaction patterns of regular users on social networks can determine .


Figure 5 
Interaction delay over a period of time.
(a)
(a)
(b)
(b)
Figure 6 
Interaction patterns. (a) Interaction patterns of ordinary users. (b) Interaction patterns of the proposed method.
4.2. Comparative Experiments and Evaluation Related to Embedding Capacity

There are 4 groups of experiments in this subsection. The first group of experiments provided data support for the three following groups of experiments.

4.2.1. Comparative Experiments and Evaluation on the Average Number of Bits Carried by a Single Behavior

When and the secret message are determined, the length of secret message required in [2123] is determined. Starting from the first character of Gone with the Wind, we select the character length of the secret message required for the 4 methods. The number of bits carried by a single behavior obtained by delivering a secret message once has large randomness. To ensure that the average number of bits carried by a single behavior is representative, the average number of bits carried by a single behavior is calculated by sending the secret message 500 and 1000 times, respectively, and is denoted as . According to the definition of embedding capacity in Section 2, represents the embedding capacity of a single behavior. If the difference in the number of sendings is large and there is no significant difference in , it means that has stabilized and is representative.

Figures 7(a) and 7(b) show calculated when and the secret message is sent 500 times. It shows that of our method is higher in comparison to other methods. Besides, is stable when sending 500 and 1000 secret messages, respectively. Therefore, is representative when sending 1000 secret messages. The following experiments will be based on this data.

(a)
(a)
(b)
(b)
(c)
(c)
(d)
(d)
Figure 7 
Comparison experiment of the average number of bits carried by a single behavior. (a) The average number of bits carried by a single behavior when and 500 messages are sent. (b) The average number of bits carried by a single behavior when and 1000 messages are sent. (c) The average number of bits carried by a single behavior when and 500 messages are sent. (d) The average number of bits carried by a single behavior when and 1000 messages are sent.

To observe the trend of under larger , we did a group of experiments at , which are shown in Figures 7(c) and 7(d). Figures 7(c) and 7(d) show that our method is still higher than other compared methods in the larger range. As increases, the superiority of the proposed method becomes more prominent.

4.2.2. Comparative Experiments and Evaluation on Embedding Capacity

Figure 8(a) shows the embedding capacity under different when the number of behaviors is 10, and Figure 8(b) shows the embedding capacity trend of in a larger range. Although they have the same trend as Figure 7, they have different meanings. For example, when , the embedding capacity of our method is 100 bits.

(a)
(a)
(b)
(b)
Figure 8 
The embedded capacity in 10 interaction behaviors. (a) The embedding capacity of . (b) The embedding capacity of .

Table 4 shows the embedding capacity of the four methods when the number of behaviors is 10, and is 10, 15, 20, 25, 30, 35, 40, 45, and 50, respectively. Compared with other methods, our method improves the embedding capacity. Table 4 shows that when is 10, 15, 20, 25, 30, 35, 40, 45, and 50, as increases, the embedding capacity shows an upward trend. When is 20, the rate of the embedding capacity between our method and the compared method has a minimum of 1.98. When is 50, the rate of embedding capacity between this method and the compared method has a maximum of 4.89. When is the else value, the rate of the embedding capacity between our method and the compared method is between 1.98 and 4.89. Therefore, the experimental results show that the embedding capacity in our paper is significantly higher in comparison to the other methods. When and the step size is 5, it increases by 1.98 to 4.89 times.

Table 4 
Comparison data of embedding capacity (bit).
4.2.3. Comparative Experiments and Evaluation on the Number of Behaviors

Suppose that the sender intends to send binary bits, and the steganography method can send binary bits each time. If <, the binary sent is called the valid sent bits, and the remaining binary bits are invalid sent bits.

For the methods proposed in [2123] and our method, when bits are sent and is not an integer multiple of , bits. The number of bits sent by the sender may not be equal to . In these four methods, 7 social accounts are controlled and 8-bit information needs to be sent. Our method [2123] needs to be appended with 2, 7, 13, and 17 invalid bits, respectively, to convey the secret message. From this, the effective bit rate can be calculated as 0.8, 0.53, 0.38, and 0.33 for sending effective bits, respectively.

Figure 9 shows the number of behaviors generated by sending the same effective number of bits when is 7. It shows that our method sends the same effective number of bits, and the number of behaviors generated is significantly lower compared to the other three methods. When using a suitable time interval to perform interactive behaviors, our method will consume less time. Figure 9(b) shows that as the number of effective bits sent increases, the number of behaviors of our method is still gradually increasing, which is smaller than the compared method. Compared with the other three methods, our method generates fewer behaviors when sending the same effective number of bits, and the effective bit rate is higher. At the same time, Figure 9 shows that our method is more flexible in sending message.

(a)
(a)
(b)
(b)
Figure 9 
The number of behaviors generated under transmission of different effective bits. (a) The number of behaviors generated by the number of effective bits of [5, 16] when  = 7. (b) The number of behaviors generated by the number of effective bits of [5, 50] when  = 7.
4.2.4. Comparative Experiments and Evaluation on Embedding Rate

The embedding rate in this paper refers to the number of bits that each account can carry; that is, embedding . The embedding capacity in this subsection is calculated when the number of behaviors is 10, and the embedding rate is shown in Figure 10. In Figure 10(a), the number of ranges from 7 to 16. The embedding rate of our method is much higher compared to the other methods. In Figure 10(b), as increases, the embedding rate generally shows a downward trend, but the embedding rate of our method is higher compared to the other methods.

(a)
(a)
(b)
(b)
Figure 10 
Embedding rate when the number of behaviors is 10. (a) Embedding rate when the number of behaviors is 10, . (b) Embedding rate when the number of behaviors is 10, .

This subsection conducts a comparative experiment of the average number of bits carried by a single behavior and conducts an experiment of embedding capacity on the basis of the average number of bits carried by a single behavior. The experimental results show that our method carries out an average number of bits and a large number of bits carried by a single behavior. The embedding capacity of each behavior has better performance. In addition, this subsection also conducts a comparative experiment on the number of behaviors and the embedding rate generated by the transmission of the effective number of bits. The experimental results show that when sending a certain length of effective bit, this method will generate fewer behaviors. Meanwhile, this method has a higher embedding rate for each account that sends secret message; that is, each account can carry more information.

4.3. Experiments and Evaluation on Detection Resistance

References [7, 16, 18] collect and fit the user’s behavior frequency to avoid anomalies caused by the sender’s behaviors. For this reason, we take the same method to ensure resistance to detection. Firstly, we crawled more than 160,000 posts from 94 bloggers in the “entertainment” section of public social networks and calculated the time interval between two adjacent posts or retweeted by the same blogger. Then, we merged the time interval data of all bloggers and sorted them and removed the top 10% and bottom 10% data to plot Figure 6(a). The time interval between retweets or posts on social networks is consistent with the frequency of interactions, and anomalous behavior can be avoided if the time interval between interactions on social networks is consistent with this pattern.

This experiment selects the first paragraph of text from Gone with the Wind as a secret message to send. Figure 6(a) shows the patterns of the interaction behaviors of ordinary users on social networks, and Figure 6(b) shows the patterns of the interactive behavior generated by our method. Based on Figure 5 of Section 4.1, is the interaction time delay. As shown in Figure 6(b), the difference of the timestamps of the interaction behaviors during the secret message transmission is plotted as a frequency, and the time interval for generating the interaction behaviors is . The trend in Figure 6(b) is generally consistent with Figure 6(a) and the interval is also consistent, which indicates that the interaction behaviors generated by our method are consistent with the interaction behaviors of social network users. Therefore, our method can resist the analysis and detection of attackers in terms of behavioral anomalies.

4.4. Experiments and Evaluation on Robustness

Robustness is a measure of the stability of a method. When the carrier data passes through a lossy channel, the channel or the attacker may destroy the carrier data. The execution time of the behavior may be influenced by various factors, for which we need to verify the robustness of the method. In this paper, we ensure the robustness of the proposed method by sensing the interaction delay and using redundancy control mechanism. This method allows the receiver to extract the secret message correctly even if there is an interaction delay when the sender delivers the secret message. To verify the robustness of our method, we have done the following experiments.

From Gone with the Wind, part of the data is selected and sent 100 times as secret messages, and the maximum interaction delay can be seen from Figure 5 in Section 4.1. A total of 24,800 behaviors are generated during the sending process, and the interaction delays of the first 2,000 behaviors are selected and plotted in Figure 11(a). Figure 11(b) shows the relationship between the cumulative number of secret messages sent and the cumulative number of successful extractions.

(a)
(a)
(b)
(b)
Figure 11 
Robustness performance of the proposed method. (a) Interaction delay of the proposed method. (b) Extraction effect of the proposed method.

Figure 11(a) shows that the interaction delay during the sending process does not exceed 4 seconds. From Figure 11(a), it can be observed that when , the secret message sent is always extracted correctly. This implies that the interaction delay is less than 4 seconds during the period when the secret message is sent. Otherwise, it is difficult for all secret messages to be extracted correctly. It also indicates that the redundancy number of redundant mappings can resist the effect of interaction delay on the correct extraction of secret messages. Figures 11(a) and 11(b) show that our method can resist the effect of interaction delay, which shows our method is robust.

4.5. Experiments and Evaluation on Time Consumption

To avoid behavioral anomalies, the behavioral frequency of some users needs to be fitted when sending secret messages, which requires a certain time sacrifice. In addition, the interaction delay can also have an impact on the consumed time. To examine the impact of different interaction delays on time consumption when sending secret messages of a certain length, we designed a set of experiments. The experiments consider the effect of interaction delay and the number of accounts on the time consumed. Firstly, 100 sentences from Gone with the Wind were selected as secret messages and the time consumed was counted. Then, it was divided into 3 groups and the average time was calculated. Finally, the consumed time is converted uniformly to the time consumed when sending 100 bits, and the statistics are shown in Table 5.

Table 5 
Average time consumed to send 100 bits of data with different behavioral delay(s).

When and , it consumed 547.08 seconds on average after the first group of messages. When and , it consumed 323.15 seconds on average after the first group of messages. When and , it consumed 554.20 seconds on average after the first group of messages. Table 5 shows that the time consumed increases as the delay increases and decreases as the number of accounts increases. The reason for the above situation is that as the delay increases, the number of redundant mappings goes up and takes up more time. When the number of accounts increases, the number of simultaneously generated behaviors also increases, which will consume less time.

5. Conclusion

To enhance the communication security of edge IoT devices, this paper proposes a behavioral steganography method based on timestamp modulation. It utilizes timestamps under social networks to achieve cross-platform covert communication and uses directed graphs to encode secret messages to improve the embedding capacity. At the same time, the method reduces the number of behaviors generated on a single platform by spreading the secret message across multiple social networks, which reduces the probability of an attacker discovering the covert communication. The experimental results show that the proposed method is highly robust and resistant to detection, and the embedding capacity, the number of effective bits transmitted, and the embedding rate are better than those of the compared methods. However, there is still a gap in embedding capacity between social network-based behavioral steganography and traditional methods. In future research, we will continue to focus on and follow up the privacy protection in SIoT and further improve the embedding capacity of behavioral steganography.

Data Availability

Some or all data, models, or codes that support the findings of this study are available from the corresponding author upon reasonable request.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Authors’ Contributions

Mingliang Zhang mainly proposed the research ideas, completed the coding of the experiments, visualized the results of the experiments, and completed the original manuscript. Xiangyang Luo mainly developed the proposed method, directed the experiments, reviewed and corrected the manuscript, and funded this work. Pei Zhang mainly directed the color matching of the graphs, collected the experimental data, and reviewed and corrected the manuscript. Hao Li mainly provided the data needed for the experiments, investigated the progress of research in related works, and reviewed and corrected the manuscript. Yi Zhang mainly verified the experimental results, investigated the research progress of related directions, and reviewed and corrected the manuscript. Lingling Li mainly directed the experiments, corrected the constant form in the algorithm to the variable form to ensure the correctness of the algorithm, and reviewed and corrected the manuscript.

Acknowledgments

This work was supported by the National Natural Science Foundation of China (Grant nos. U1804263, 62172435 and 62002387) and the Zhongyuan Science and Technology Innovation Leading Talent Project of China (Grant no. 214200510019).