Message manipulation tricks text thieves

In This Story

People Mentioned in This Story
A shot of a woman's hands texting on a blue phone and she's wearing a yellow sweater
Photo courtesy of iStock images

When you send a text, you have a reasonable expectation that your transmission is secure. But what if it was intercepted by a malicious actor? Perhaps a holiday recipe gets pilfered or an unflattering picture is in rogue hands. In scarier scenarios, you may have valuable personal information stolen.  

It is this sort of worst-case scenario that concerns officials when they consider the security of texts between entities like the police, military, and intelligence agents. If mission-critical information gets stolen or blocked, the consequences can be considerable.   

Researchers at George Mason University’s College of Engineering and Computing are partnering with Ericsson, AT&T, Michigan State University, and Morgan State University on what they’re calling Windtexter, after the famous Navajo code talkers (also called “windtalkers”) who aided the United States’ war effort in World War II. Windtexter’s covertness trick is making important texts look like mundane messages, hiding amidst throngs of others. The project is co-funded by the National Science Foundation’s Convergence Accelerator and the Department of Defense, Office of the Under Secretary of Defense for Research and Engineering.  

One thing Mason’s researchers are looking at is using natural language processing to confuse an interceptor by sending some messages that serve as red herrings, allowing the critical, relevant messages to hide in plain sight. Brian Mark, a professor in the Electrical and Computer Engineering department and a researcher on the project, notes, “Hiding information in text is not that simple – the so-called cover text has to be, for example, grammatically correct, such that an eavesdropper wouldn’t be able to tell it came from some automated device.” The critical texts will also hide among countless consumer messages flying around cyberspace.  

What the project is doing goes beyond encryption, Mark continues. “Encryption makes it hard for the eavesdropper to find out what the message is, but covertness means the eavesdropper wouldn’t even know you’re sending anything of importance.”  

In addition, the researchers are looking at ways to avoid bad actors altogether. Kai Zeng, an associate professor in Mason’s Electrical and Computer Engineering Department, says that the military, for example, may use something called a VPN tunnel – an encrypted link between a computer or mobile device and an outside network – for securing messages. But a savvy attacker can sit in the middle of that “tunnel” and according to Zeng, “Even if they can’t decode the message, they can block the transmission, causing a denial of service.”  

Using a device from Ericsson that supports multiple SIM cards and connecting to various carrier networks, the data traffic can be distributed among numerous paths; even if one path is jammed by a malicious actor, other paths can provide a clear route for the communication and the critical message can still be recovered.  

In addition to the technical work, the team will conduct interviews with at least 12 stakeholders, getting input to guide their research and development. On the list are a Washington, DC police officer, an FBI agent, and someone from the National Security Agency, among others.  

NSF and DoD are funding this project in part to take advantage of augmentations to 5G infrastructure so that military, government, and critical infrastructure operators can operate through public 5G networks whenever possible, but only if they can do so securely. 

Part of the project involves a socio-economic impact analysis of the proposed techniques, overseen by Ed Oughton, assistant professor in the Mason College of Science. Following the initial goal of technical improvements to help government and service providers prioritize which techniques should receive enhanced resources, the project encourages vendors, operators, and standards bodies to adopt and distribute new security features based on benefit-cost merits. 

The team is in Phase 1 of the project, along with 15 other teams. A the end of phase 1, the team will submit a phase 2 proposal and participate in a formal pitch. A small number of those teams will advance to Phase 2, which includes an award of up to $5 million for two years. The Mason team will find out if they are chosen to advance in August 2023.

For more information about WindTexter, visit this site.