The security of NTP's datagram protocol

For decades, the Network Time Protocol (NTP) has been used to synchronize computer clocks over untrusted network paths. This work takes a new look at the security of NTP’s datagram protocol. We argue that NTP’s datagram protocol in RFC5905 is both underspecified and flawed. The NTP specifications do not sufficiently respect (1) the conflicting security requirements of different NTP modes, and (2) the mechanism NTP uses to prevent off-path attacks. A further problem is that (3) NTP’s control-query interface reveals sensitive information that can be exploited in off-path attacks. We exploit these problems in several attacks that remote attackers can use to maliciously alter a target’s time. We use network scans to find millions of IPs that are vulnerable to our attacks. Finally, we move beyond identifying attacks by developing a cryptographic model and using it to prove the security of a new backwards-compatible client/server protocol for NTP.https://eprint.iacr.org/2016/1006.pdfhttps://eprint.iacr.org/2016/1006.pdfPublished versio

DO IT Trial: vitamin D Outcomes and Interventions in Toddlers - a TARGet Kids! randomized controlled trial.

BackgroundVitamin D levels are alarmingly low (<75 nmol/L) in 65-70% of North American children older than 1 year. An increased risk of viral upper respiratory tract infections (URTI), asthma-related hospitalizations and use of anti-inflammatory medication have all been linked with low vitamin D. No study has determined whether wintertime vitamin D supplementation can reduce the risk of URTI and asthma exacerbations, two of the most common and costly illnesses of early childhood. The objectives of this study are: 1) to compare the effect of 'high dose' (2000 IU/day) vs. 'standard dose' (400 IU/day) vitamin D supplementation in achieving reductions in laboratory confirmed URTI and asthma exacerbations during the winter in preschool-aged Canadian children; and 2) to assess the effect of 'high dose' vitamin D supplementation on vitamin D serum levels and specific viruses that cause URTI.Methods/designThis study is a pragmatic randomized controlled trial. Over 4 successive winters we will recruit 750 healthy children 1-5 years of age. Participating physicians are part of a primary healthcare research network called TARGet Kids!. Children will be randomized to the 'standard dose' or 'high dose' oral supplemental vitamin D for a minimum of 4 months (200 children per group). Parents will obtain a nasal swab from their child with each URTI, report the number of asthma exacerbations and complete symptom checklists. Unscheduled physician visits for URTIs and asthma exacerbations will be recorded. By May, a blood sample will be drawn to determine vitamin D serum levels. The primary analysis will be a comparison of URTI rate between study groups using a Poisson regression model. Secondary analyses will compare vitamin D serum levels, asthma exacerbations and the frequency of specific viral agents between groups.DiscussionIdentifying whether vitamin D supplementation of preschoolers can reduce wintertime viral URTIs and asthma exacerbations and what dose is optimal may reduce population wide morbidity and associated health care and societal costs. This information will assist in determining practice and health policy recommendations related to vitamin D supplementation in healthy Canadian preschoolers

Evaluating the Effectiveness of IP Hopping via an Address Routing Gateway

This thesis explores the viability of using Internet Protocol (IP) address hopping in front of a network as a defensive measure. This research presents a custom gateway-based IP hopping solution called Address Routing Gateway (ARG) that acts as a transparent IP address hopping gateway. This thesis tests the overall stability of ARG, the accuracy of its classifications, the maximum throughput it can support, and the maximum rate at which it can change IPs and still communicate reliably. This research is accomplished on a physical test network with nodes representing the types of hosts found on a typical, corporate-style network. Direct measurement is used to obtain all results for each factor level. Tests demonstrate ARG classifies traffic correctly, with no false negatives and less than a 0.15% false positive rate on average. The test environment conservatively shows this to be true as long as the IP address change interval exceeds two times the network\u27s round-trip latency; real-world deployments may allow for more frequent hopping. Results show ARG capably handles traffic of at least four megabits per second with no impact on packet loss. Fuzz testing validates the stability of ARG itself, although additional packet loss of around 23% appears when under attack

Protocol for a Randomized Multiple Center Trial of Conservative Versus Liberal Oxygenation Targets in Critically Ill Children (Oxy-PICU): Oxygen in Paediatric Intensive Care

OBJECTIVES: Oxygen administration is a fundamental part of pediatric critical care, with supplemental oxygen offered to nearly every acutely unwell child. However, optimal targets for systemic oxygenation are unknown. Oxy-PICU aims to evaluate the clinical effectiveness and cost-effectiveness of a conservative peripheral oxygen saturation (Spo2) target of 88-92% compared with a liberal target of more than 94%. DESIGN: Pragmatic, open, multiple-center, parallel group randomized control trial with integrated economic evaluation. SETTING: Fifteen PICUs across England, Wales, and Scotland. PATIENTS: Infants and children age more than 38 week-corrected gestational age to 16 years who are accepted to a participating PICU as an unplanned admission and receiving invasive mechanical ventilation with supplemental oxygen for abnormal gas exchange. INTERVENTION: Adjustment of ventilation and inspired oxygen settings to achieve an Spo2 target of 88-92% during invasive mechanical ventilation. MEASUREMENTS AND MAIN RESULTS: Randomization is 1:1 to a liberal Spo2 target of more than 94% or a conservative Spo2 target of 88-92% (inclusive), using minimization with a random component. Minimization will be performed on: age, site, primary reason for admission, and severity of abnormality of gas exchange. Due to the emergency nature of the treatment, approaching patients for written informed consent will be deferred to after randomization. The primary clinical outcome is a composite of death and days of organ support at 30 days. Baseline demographics and clinical status will be recorded as well as daily measures of oxygenation and organ support, and discharge outcomes. This trial received Health Research Authority approval on December 23, 2019 (reference: 272768), including a favorable ethical opinion from the East of England-Cambridge South Research Ethics Committee (reference number: 19/EE/0362). Trial findings will be disseminated in national and international conferences and peer-reviewed journals

Inhaled nitric oxide as an adjunct to neonatal resuscitation in premature infants: a pilot, double blind, randomized controlled trial.

BackgroundNitric oxide (NO) plays an important role in normal postnatal transition. Our aims were to determine whether adding inhaled NO (iNO) decreases supplemental oxygen exposure in preterm infants requiring positive pressure ventilation (PPV) during resuscitation and to study iNO effects on heart rate (HR), oxygen saturation (SpO2), and need for intubation during the first 20 min of life.MethodsThis was a pilot, double-blind, randomized, placebo-controlled trial. Infants 25 0/7-31 6/7 weeks' gestational age requiring PPV with supplemental oxygen during resuscitation were enrolled. PPV was initiated with either oxygen (FiO2-0.30) + iNO at 20 ppm (iNO group) or oxygen (FiO2-0.30) + nitrogen (placebo group). Oxygen was titrated targeting defined SpO2 per current guidelines. After 10 min, iNO/nitrogen was weaned stepwise per protocol and terminated at 17 min.ResultsTwenty-eight infants were studied (14 per group). The mean gestational age in both groups was similar. Cumulative FiO2 and rate of exposure to high FiO2 (>0.60) were significantly lower in the iNO group. There were no differences in HR, SpO2, and need for intubation.ConclusionsAdministration of iNO as an adjunct during neonatal resuscitation is feasible without side effects. It diminishes exposure to high levels of supplemental oxygen

Low-resource eclipse attacks on Ethereum’s peer-to-peer network

We present eclipse attacks on Ethereum nodes that exploit the peer-to-peer network used for neighbor discovery. Our attacks can be launched using only two hosts, each with a single IP address. Our eclipse attacker monopolizes all of the victim’s incoming and outgoing connections, thus isolating the victim from the rest of its peers in the network. The attacker can then filter the victim’s view of the blockchain, or co-opt the victim’s computing power as part of more sophisticated attacks. We argue that these eclipse-attack vulnerabilities result from Ethereum’s adoption of the Kademlia peer-to-peer protocol, and present countermeasures that both harden the network against eclipse attacks and cause it to behave differently from the traditional Kademlia protocol. Several of our countermeasures have been incorporated in the Ethereum geth 1.8 client released on February 14, 2018.First author draf