The Human Attack in Linguistic Steganography

The Human Attack in Linguistic Steganography

C. Orhan Orgun (University of California, Davis, USA)
DOI: 10.4018/978-1-60566-132-2.ch023
OnDemand PDF Download:
$37.50

Abstract

This chapter develops a linguistically robust encryption system, LunabeL, which converts a message into syntactically and semantically innocuous text. Drawing upon linguistic criteria, LunabeL uses word replacement, with substitution classes based on traditional linguistic features (syntactic categories and subcategories), as well as features under-exploited in earlier works: semantic criteria, graphotactic structure, and inflectional class. The original message is further hidden through the use of cover texts—within these, LunabeL retains all function words and targets specific classes of content words for replacement, creating text which preserves the syntactic structure and semantic context of the original cover text. LunabeL takes advantage of cover text styles which are not expected to be necessarily comprehensible to the general public, making any semantic anomalies more opaque. This line of work has the promise of creating encrypted texts which are less detectable to human readers than earlier steganographic efforts.
Chapter Preview
Top

1. Introduction

We develop in this chapter Lunabel, a technique for text-based steganography. We refer to our approach more specifically as linguistic steganography, as we take into account certain linguistic criteria that past approaches to text-based steganography have not dealt with (Bergmair, 2007, and references therein). This allows us to more effectively hide information. In particular, our encrypted messages more closely resemble natural text than was possible in past approaches which lack the linguistic sophistication necessary to achieve satisfactory results.

Section 1 introduces the concept of steganography and discusses desiderata for a successful technique. In section 2, we develop Lunabel and discuss some specific choices that were made in its implementation. Section 3 discusses the details of some of the particularly important choices that were made in developing Lunabel, namely the choice of cover text in which to hide information and the compilation of word substitution classes. In section 4, we compare Lunabel to past approaches to lexical steganography. Section 5 concludes the paper.

1.1 What is Steganography?

“Steganography” means encryption by means of information hiding. It includes hiding information in any form of data, such as images, audio or video files. Our interest in this paper is text-based steganography. This refers to hiding a message in what looks like an ordinary piece of text.

1.2 Linguistic Steganography

Ways of hiding information in text have been used since antiquity. One simple method is the acrostic, in which the initial letters of successive lines of poetry spell a word or words. This method is used more for artistic purposes than for secret information exchange; nonetheless, it provides a useful illustration. Consider the following Edgar Allan Poe poem, in which the first letters of successive lines spell the word Elizabeth:

  • 1.

    Elizabeth it is in vain you say

    • “Love not” — thou sayest it in so sweet a way:

    • In vain those words from thee or L. E. L.

    • Zantippe’s talents had enforced so well:

    • Ah! if that language from thy heart arise,

    • Breathe it less gently forth — and veil thine eyes.

    • Endymion, recollect, when Luna tried

    • To cure his love—was cured of all beside—

    • His folly—pride—and passion—for he died.

While this form of steganography may be sufficient for poetic use, a practical system has additional requirements. We would want information hiding to be more effective—the hidden information should not be readily visible to an outside observer. Equally important, the system needs to be algorithmic rather than creative; it should be possible to hide any given message in any desired text. Finally, decryption too needs to be algorithmic: given a text containing a hidden message, the hidden message should be reliably recoverable by a recipient in possession of the required decryption information (the acrostic poem presented satisfies this last requirement, but none of the others).

Key Terms in this Chapter

Density of Encryption: The ratio of words that are replaced to those that are left intact in the course of information hiding.

Sparse Substitution: A system of word substitution that does not target every word of a cover text. Function words and highly ambiguous words will typically be left out; it is a matter of choice what other words may or may not be targeted for substitution.

Linguistic Steganography: A system of steganography that strives for linguistic robustness by paying attention to linguistic criteria.

Synonym-Based Word-Replacement Systems: Systems of text-based steganography in which substitution classes consist of (nearly) synonymous words.

Linguistic Robustness: The likelihood that a cover text altered so as to hide information in it will still appear syntactically and semantically natural to human observers.

Substitution Classes: Sets of words whose members may be replaced by one another within a given genre of cover text with a high probability that the replacement will not adversely affect the syntactic and semantic plausibility of the cover text.

Cover Text: A piece of text that is altered in subtle ways to hide a message in it.

Minimum Length of Cover Text: The length of cover text required in order to hide a message of a given size. This depends on the size of substitution classes and the density of encryption.

Text-Based Steganography: A system of hiding information in a text file (as opposed to, for example, an image file).

Sentence Frames: Sequences of syntactic categories (part of speech tags) extracted from a corpus and used in some text-based stegosystems as templates for generating encrypted messages.

Complete Chapter List

Search this Book:
Reset
Editorial Advisory Board
Table of Contents
Foreword
John Walp
Preface
Manish Gupta, Raj Sharman
Chapter 1
C. Warren Axelrod
This chapter examines the impact of catastrophes on information security and suggests who might have responsibility for maintaining an appropriate... Sample PDF
Responsibilities and Liabilities with Respect to Catastrophes
$37.50
Chapter 2
David Porter
This chapter discusses the latest developments in the shifting threat landscape and their impact on the world of information security. It describes... Sample PDF
The Complex New World of Information Security
$37.50
Chapter 3
Ahmed Awad E. Ahmed
In recent years, many studies have highlighted the unprecedented growth in security threats from multiple and varied sources faced by corporate, as... Sample PDF
Employee Surveillance Based on Free Text Detection of Keystroke Dynamics
$37.50
Chapter 4
Arunabha Mukhopadhyay, Samir Chatterjee, Debashis Saha, Ambuj Mahanti, Samir K. Sadhukhan
An online business organization spends millions of dollars on firewalls, anti-virus, intrusion detection systems, digital signature, and encryption... Sample PDF
E-Risk Insurance Product Design: A Copula Based Bayesian Belief Network Model
$37.50
Chapter 5
Guoling Lao
E-commerce mode aggravates information asymmetry so that honesty-credit problems become more serious. This chapter discusses the honesty-credit... Sample PDF
E-Commerce Security and Honesty-Credit
$37.50
Chapter 6
Zhixiong Zhang, Xinwen Zhang, Ravi Sandhu
This chapter addresses the problem that traditional role-base access control (RBAC) models do not scale up well for modeling security policies... Sample PDF
Towards a Scalable Role and Organization Based Access Control Model with Decentralized Security Administration
$37.50
Chapter 7
Chandan Mazumdar
There has been an unprecedented thrust in employing Computers and Communication technologies in all walks of life. The systems enabled by... Sample PDF
Enterprise Information System Security: A Life-Cycle Approach
$37.50
Chapter 8
Peter O. Orondo
Most companies would agree that securing their information assets is worth some investment. It is thus plausible to assume that low levels of IT... Sample PDF
An Alternative Model of Information Security Investment
$37.50
Chapter 9
George O.M. Yee
The growth of the Internet is increasing the deployment of e-services in such areas as e-commerce, e-learning, and e-health. In parallel, the... Sample PDF
Avoiding Pitfalls in Policy-Based Privacy Management
$37.50
Chapter 10
Supriya Singh
Enabling customers to influence the way they are represented in the bank’s databases, is one of the major personalization, responsiveness, and... Sample PDF
Privacy and Banking in Australia
$37.50
Chapter 11
Madhusudhanan Chandrasekaran, Shambhu Upadhyaya
Phishing scams pose a serious threat to end-users and commercial institutions alike. E-mail continues to be the favorite vehicle to perpetrate such... Sample PDF
A Multistage Framework to Defend Against Phishing Attacks
$37.50
Chapter 12
Ghita Kouadri Mostefaoui, Patrick Brézillon
In recent years, the security research community has been very active in proposing different techniques and algorithms to face the proliferating... Sample PDF
A New Approach to Reducing Social Engineering Impact
$37.50
Chapter 13
Yang Wang
Privacy-enhancing technologies (PETs), which constitute a wide array of technical means for protecting users’ privacy, have gained considerable... Sample PDF
Privacy-Enhancing Technologies
$37.50
Chapter 14
Douglas P. Twitchell
This chapter introduces and defines social engineering, a recognized threat to the security of information systems. It also introduces a taxonomy... Sample PDF
Social Engineering and its Countermeasures
$37.50
Chapter 15
Tom S. Chan
Social networking has become one of the most popular applications on the Internet since the burst of the dot-com bubble. Apart from being a haven... Sample PDF
Social Networking Site: Opportunities and Security Challenges
$37.50
Chapter 16
James W. Ragucci, Stefan A. Robila
Fraudulent e-mails, known as phishing attacks, have brought chaos across the digital world causing billions of dollars of damage. These attacks are... Sample PDF
Designing Antiphishing Education
$37.50
Chapter 17
Serkan Ada
This chapter discusses the recent theories used in information security research studies. The chapter initially introduces the importance of the... Sample PDF
Theories Used in Information Security Research: Survey and Agenda
$37.50
Chapter 18
Samuel Liles
Information assurance education is an interdisciplinary endeavor that only when taken as a holistic and inclusive educational activity can be... Sample PDF
Information Assurance and Security Curriculum Meeting the SIGITE Guidelines
$37.50
Chapter 19
Gary Hinson
This chapter highlights the broad range of factors that are relevant to the design of information security awareness programs, primarily by... Sample PDF
Information Security Awareness
$37.50
Chapter 20
Nick Pullman, Kevin Streff
Security training and awareness is often overlooked or not given sufficient focus in many organizations despite being a critical component of a... Sample PDF
Creating a Security Education, Training, and Awareness Program
$37.50
Chapter 21
E. Kritzinger, S.H von Solms
This chapter introduces information security within the educational environments that utilize electronic resources. The education environment... Sample PDF
Information Security Within an E-Learning Environment
$37.50
Chapter 22
Donald Murphy, Manish Gupta, H.R. Rao
We present five emerging areas in information security that are poised to bring the radical benefits to the information security practice and... Sample PDF
Research Notes on Emerging Areas of Conflict in Security
$37.50
Chapter 23
C. Orhan Orgun
This chapter develops a linguistically robust encryption system, LunabeL, which converts a message into syntactically and semantically innocuous... Sample PDF
The Human Attack in Linguistic Steganography
$37.50
Chapter 24
Sérgio Tenreiro de Magalhães, Kenneth Revett, Henrique M.D. Santos, Leonel Duarte dos Santos, André Oliveira, César Ariza
The traditional approach to security has been the use of passwords. They provide the system with a barrier to access what was quite safe in the... Sample PDF
Using Technology to Overcome the Password's Contradiction
$37.50
Chapter 25
Antonio Cerone
Reducing the likelihood of human error in the use of interactive systems is increasingly important. Human errors could not only hinder the correct... Sample PDF
Formal Analysis of Security in Interactive Systems
$37.50
Chapter 26
Tejaswini Herath
It is estimated that over 1 billion people now have access to the Internet. This unprecedented access and use of Internet by individuals around the... Sample PDF
Internet Crime: How Vulnerable Are You? Do Gender, Social Influence and Education play a Role in Vulnerability?
$37.50
Chapter 27
Jarrod Trevathan
Shill bidding is where spurious bids are introduced into an auction to drive up the final price for the seller, thereby defrauding legitimate... Sample PDF
Detecting Shill Bidding in Online English Auctions
$37.50
Chapter 28
Carsten Röcker, Carsten Magerkurth, Steve Hinske
In this chapter we present a novel concept for personalized privacy support on large public displays. In the first step, two formative evaluations... Sample PDF
Information Security at Large Public Displays
$37.50
Chapter 29
Yuko Murayama, Carl Hauser, Natsuko Hikage, Basabi Chakraborty
The sense of security, identified with the Japanese term, Anshin, is identified as an important contributor to emotional trust. This viewpoint... Sample PDF
The Sense of Security and Trust
$37.50
About the Contributors