Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Leveraging Generative Models for Covert Messaging: Challenges and Tradeoffs for "Dead-Drop" Deployments

Luke A. Bauer, James K. Howes, Sam A. Markelon, Vincent Bindschaedler, Thomas Shrimpton

TL;DR

This work analyzes the practical challenges of using generative language models for covert messaging on large public platforms, specifically in dead-drop deployments. It formalizes MBFTE (model-based format-transforming encryption) to study encoding/decoding with a model-driven distribution and content-embedded cryptographic records, while addressing reliability, parsing ambiguity, and platform idiosyncrasies. A key contribution is the emphasis on security beyond imperceptibility, introducing plausibility as a critical criterion and proposing mechanisms (covert/overt signaling, cross-device alignment, and checkpoint-based decoding) to mitigate decoding attacks and platform-based detection. The results demonstrate tradeoffs among capacity, reliability, and security, quantify performance under GPT-2-like models, and provide practical guidance for deployment, including handling fragmentation, token restrictions, and observation-based attacks. Overall, the paper offers a structured framework and empirical insights to move model-based covert messaging toward more robust, deployable systems, while highlighting significant security and ethical considerations.

Abstract

State of the art generative models of human-produced content are the focus of many recent papers that explore their use for steganographic communication. In particular, generative models of natural language text. Loosely, these works (invertibly) encode message-carrying bits into a sequence of samples from the model, ultimately yielding a plausible natural language covertext. By focusing on this narrow steganographic piece, prior work has largely ignored the significant algorithmic challenges, and performance-security tradeoffs, that arise when one actually tries to build a messaging pipeline around it. We make these challenges concrete, by considering the natural application of such a pipeline: namely, "dead-drop" covert messaging over large, public internet platforms (e.g. social media sites). We explicate the challenges and describe approaches to overcome them, surfacing in the process important performance and security tradeoffs that must be carefully tuned. We implement a system around this model-based format-transforming encryption pipeline, and give an empirical analysis of its performance and (heuristic) security.

Leveraging Generative Models for Covert Messaging: Challenges and Tradeoffs for "Dead-Drop" Deployments

TL;DR

This work analyzes the practical challenges of using generative language models for covert messaging on large public platforms, specifically in dead-drop deployments. It formalizes MBFTE (model-based format-transforming encryption) to study encoding/decoding with a model-driven distribution and content-embedded cryptographic records, while addressing reliability, parsing ambiguity, and platform idiosyncrasies. A key contribution is the emphasis on security beyond imperceptibility, introducing plausibility as a critical criterion and proposing mechanisms (covert/overt signaling, cross-device alignment, and checkpoint-based decoding) to mitigate decoding attacks and platform-based detection. The results demonstrate tradeoffs among capacity, reliability, and security, quantify performance under GPT-2-like models, and provide practical guidance for deployment, including handling fragmentation, token restrictions, and observation-based attacks. Overall, the paper offers a structured framework and empirical insights to move model-based covert messaging toward more robust, deployable systems, while highlighting significant security and ethical considerations.

Abstract

State of the art generative models of human-produced content are the focus of many recent papers that explore their use for steganographic communication. In particular, generative models of natural language text. Loosely, these works (invertibly) encode message-carrying bits into a sequence of samples from the model, ultimately yielding a plausible natural language covertext. By focusing on this narrow steganographic piece, prior work has largely ignored the significant algorithmic challenges, and performance-security tradeoffs, that arise when one actually tries to build a messaging pipeline around it. We make these challenges concrete, by considering the natural application of such a pipeline: namely, "dead-drop" covert messaging over large, public internet platforms (e.g. social media sites). We explicate the challenges and describe approaches to overcome them, surfacing in the process important performance and security tradeoffs that must be carefully tuned. We implement a system around this model-based format-transforming encryption pipeline, and give an empirical analysis of its performance and (heuristic) security.

Paper Structure

This paper contains 43 sections, 2 figures, 6 tables.

Table of Contents

  1. Introduction
  2. Background and Overview
  3. Model-Based Covert Messaging
  4. Language models and sampling.
  5. Encoding and decoding.
  6. Cryptographic processing.
  7. Record construction.
  8. Rendezvous.
  9. A note about key exchange.
  10. MBFTE
  11. Notational preliminaries.
  12. Model-based formats and FTE schemes.
  13. Sampling as source decoding.
  14. MBFTE using arithmetic coding.
  15. Threat Model & Security
  16. ...and 28 more sections

Figures (2)

  • Figure 1: Out of 100k posts scraped from Mastodon.social on December 26th, 2023, we show the 25 most used tags. For each tag, we show average post length against number of posts containing it.
  • Figure 2: ROC curves for base 124M GPT-2 generated posts, finetuned GPT-2 generated posts, MBFTE covertexts generated with finetuned GPT-2, and finetuned posts where the adversary is unaware of the finetuning being used.