On the Privacy of Peer-Assisted Distribution of Security Patches

When a host discovers that it has a software vulnerability that is susceptible to an attack, the host needs to obtain and install a patch. Because centralized distribution of patches may not scale well, peer-to-peer (P2P) approaches have recently been suggested. There is, however, a serious privacy problem with peer-assisted patch distribution: when a peer A requests a patch from another peer B, it announces to B its vulnerability, which B can exploit instead of providing the patch. Through analytical modeling and simulation, we show that a large majority of vulnerable hosts will typically become compromised with a basic design for peer-assisted patch distribution. We then study the effectiveness of two different approaches in countering this privacy problem. The first approach utilizes special-purpose peer nodes, referred to as honeypots, that discover and blacklist malicious peers listening for patch requests from susceptible hosts. In the second approach, the patches are requested through an anonymizing network, hiding the identities of susceptible hosts from malicious peers. Using analytical models and simulation, we show that, honeypots do not completely solve the privacy problem; in contrast, an anonymizing network turns out to be more suitable for security patch distribution. ?2010 IEEE.EI

The Use of Web-Based Support Groups Versus Usual Quit-Smoking Care for Men and Women Aged 21-59 Years: Protocol for a Randomized Controlled Trial (Preprint)

BACKGROUND Existing smoking cessation treatments are challenged by low engagement and high relapse rates, suggesting the need for more innovative, accessible, and interactive treatment strategies. Twitter is a Web-based platform that allows people to communicate with each other throughout the day using their phone. OBJECTIVE This study aims to leverage the social media platform of Twitter for fostering peer-to-peer support to decrease relapse with quitting smoking. Furthermore, the study will compare the effects of coed versus women-only groups on women’s success with quitting smoking. METHODS The study design is a Web-based, three-arm randomized controlled trial with two treatment arms (a coed or women-only Twitter support group) and a control arm. Participants are recruited online and are randomized to one of the conditions. All participants will receive 8 weeks of combination nicotine replacement therapy (patches plus their choice of gum or lozenges), serial emails with links to Smokefree.gov quit guides, and instructions to record their quit date online (and to quit smoking on that date) on a date falling within a week of initiation of the study. Participants randomized to a treatment arm are placed in a fully automated Twitter support group (coed or women-only), paired with a buddy (matched on age, gender, location, and education), and encouraged to communicate with the group and buddy via daily tweeted discussion topics and daily automated feedback texts (a positive tweet if they tweet and an encouraging tweet if they miss tweeting). Recruited online from across the continental United States, the sample consists of 215 male and 745 female current cigarette smokers wanting to quit, aged between 21 and 59 years. Self-assessed follow-up surveys are completed online at 1, 3, and 6 months after the date they selected to quit smoking, with salivary cotinine validation at 3 and 6 months. The primary outcome is sustained biochemically confirmed abstinence at the 6-month follow-up. RESULTS From November 2016 to September 2018, 960 participants in 36 groups were recruited for the randomized controlled trial, in addition to 20 participants in an initial pilot group. Data analysis will commence soon for the randomized controlled trial based on data from 896 of the 960 participants (93.3%), with 56 participants lost to follow-up and 8 dropouts. CONCLUSIONS This study combines the mobile platform of Twitter with a support group for quitting smoking. Findings will inform the efficacy of virtual peer-to-peer support groups for quitting smoking and potentially elucidate gender differences in quit rates found in prior research. CLINICALTRIAL ClinicalTrials.gov NCT02823028; https://clinicaltrials.gov/ct2/show/NCT0282302

Security of 5G-V2X: Technologies, Standardization and Research Directions

Cellular-Vehicle to Everything (C-V2X) aims at resolving issues pertaining to the traditional usability of Vehicle to Infrastructure (V2I) and Vehicle to Vehicle (V2V) networking. Specifically, C-V2X lowers the number of entities involved in vehicular communications and allows the inclusion of cellular-security solutions to be applied to V2X. For this, the evolvement of LTE-V2X is revolutionary, but it fails to handle the demands of high throughput, ultra-high reliability, and ultra-low latency alongside its security mechanisms. To counter this, 5G-V2X is considered as an integral solution, which not only resolves the issues related to LTE-V2X but also provides a function-based network setup. Several reports have been given for the security of 5G, but none of them primarily focuses on the security of 5G-V2X. This article provides a detailed overview of 5G-V2X with a security-based comparison to LTE-V2X. A novel Security Reflex Function (SRF)-based architecture is proposed and several research challenges are presented related to the security of 5G-V2X. Furthermore, the article lays out requirements of Ultra-Dense and Ultra-Secure (UD-US) transmissions necessary for 5G-V2X.Comment: 9 pages, 6 figures, Preprin

Joint one-sided synthetic unpaired image translation and segmentation for colorectal cancer prevention

Deep learning has shown excellent performance in analysing medical images. However, datasets are difficult to obtain due privacy issues, standardization problems, and lack of annotations. We address these problems by producing realistic synthetic images using a combination of 3D technologies and generative adversarial networks. We propose CUT-seg, a joint training where a segmentation model and a generative model are jointly trained to produce realistic images while learning to segment polyps. We take advantage of recent one-sided translation models because they use significantly less memory, allowing us to add a segmentation model in the training loop. CUT-seg performs better, is computationally less expensive, and requires less real images than other memory-intensive image translation approaches that require two stage training. Promising results are achieved on five real polyp segmentation datasets using only one real image and zero real annotations. As a part of this study we release Synth-Colon, an entirely synthetic dataset that includes 20000 realistic colon images and additional details about depth and 3D geometry: https://enric1994.github.io/synth-colonComment: arXiv admin note: substantial text overlap with arXiv:2202.0868

Encrypted federated learning for secure decentralized collaboration in cancer image analysis.

Artificial intelligence (AI) has a multitude of applications in cancer research and oncology. However, the training of AI systems is impeded by the limited availability of large datasets due to data protection requirements and other regulatory obstacles. Federated and swarm learning represent possible solutions to this problem by collaboratively training AI models while avoiding data transfer. However, in these decentralized methods, weight updates are still transferred to the aggregation server for merging the models. This leaves the possibility for a breach of data privacy, for example by model inversion or membership inference attacks by untrusted servers. Somewhat-homomorphically-encrypted federated learning (SHEFL) is a solution to this problem because only encrypted weights are transferred, and model updates are performed in the encrypted space. Here, we demonstrate the first successful implementation of SHEFL in a range of clinically relevant tasks in cancer image analysis on multicentric datasets in radiology and histopathology. We show that SHEFL enables the training of AI models which outperform locally trained models and perform on par with models which are centrally trained. In the future, SHEFL can enable multiple institutions to co-train AI models without forsaking data governance and without ever transmitting any decryptable data to untrusted servers