$$\mathbf{L^2\cdot M = C^2}$$ Large Language Models are Covert Channels

TL;DR

This paper investigates the potential of open-source Large Language Models, specifically Llama-7B, to serve as covert channels for censorship-resistant communication, analyzing their security and capacity through empirical measurements.

Contribution

It provides the first empirical assessment of open-source LLMs as covert channels, demonstrating low detection probability despite limited practical bitrates.

Findings

Covert channels with open-source LLMs have low detection risk.

Practical bitrates for such channels are limited.

Results serve as a reference for security assessments of LLM-based covert communication.

Abstract

Large Language Models (LLMs) have gained significant popularity recently. LLMs are susceptible to various attacks but can also improve the security of diverse systems. However, besides enabling more secure systems, how well do open source LLMs behave as covertext distributions to, e.g., facilitate censorship-resistant communication? In this paper, we explore open-source LLM-based covert channels. We empirically measure the security vs. capacity of an open-source LLM model (Llama-7B) to assess its performance as a covert channel. Although our results indicate that such channels are not likely to achieve high practical bitrates, we also show that the chance for an adversary to detect covert communication is low. To ensure our results can be used with the least effort as a general reference, we employ a conceptually simple and concise scheme and only assume public models.