[BrieFing]
DARPA enlists
Virtual beacons guide VA patients BY GCN STAFF
The Department of Veterans Affairs is installing an indoor navigation system for patients at the Orlando, Fla., Medical Center’s Lake Nona Campus and Community Living Center.
Designed to help patients use their smartphones to find their
way around the facility, the virtual Bluetooth Low Energy (BLE) system uses a blue dot to show users
where they are on a floor plan and help them find their destinations.
It is expected to reduce missed appointments and improve the customer experience.
Unlike traditional Bluetooth beacons that rely on their own power source and can be difficult
to accurately site, virtual beacon technology uses steerable BLE antennas called beacon access points that are powered by Ethernet. The beacon points, which have IP addresses, can be placed on the ceilings and managed by IT teams.
A cloud-based app lets IT managers set up virtual beacons for wayfinding or for broadcasting location- appropriate messages.
Beacons can easily be added or moved, and the signals adapt to different mobile device types.
The app sends data from its sensors to the cloud, where location estimates are calculated and returned to the user’s device, which conserves the device’s battery. •
bots to fight social
engineering attacks
BY MATT LEONARD
The Defense Advanced Research Proj- ects Agency is looking for a better way to automatically sniff out social engi- neering attacks. Such attacks — a grow- ing problem across all sectors — trick people into inadvertently downloading malware onto their devices, from which the malicious code can make its way onto an agency’s network.
Current best practices for avoid-
ing those kinds of attacks depend on employees verifying links in email messages, a skill that most users lack. And because so many government users have access to privileged information, agencies present a target-rich environ- ment for attackers.
DARPA’s proposed Active Social Engi- neering Defense program seeks to take the onus for detecting social engineer- ing schemes off employees by using bots to detect and identify the sources of such campaigns.
According to a broad agency an- nouncement, ASED will use bots to mediate communications between attackers and potential victims to better identify attacks and coordinate investi-
gations. The bots will intervene when a victim appears to be under attack, validate the identity of the potential at- tacker and share information about the attack among themselves.
Once an attack is detected, auto- mated “virtual alter-ego” bots will work together to trace the attacker’s identity.
Each user will be assigned a set of alter-ego bots for purpose-based com- munication channels — similar to the way that people use different phone numbers, email addresses and social media accounts for different communi- cation purposes.
Monitoring multiple channels across many users offers two main benefits:
It creates multiple vantage points for detecting broad phishing attacks, and in order to spoof the identity of someone the victim trusts, an attacker must se- lect the exact channel for that identity.
For example, an attacker who wants to get login information from a bank customer must know which email ad- dress the victim uses to communicate with the bank. If the attacker tries to lure multiple victims with a single mes- sage, each virtual alter ego will receive the same message, thereby creating a detectable signature.
DARPA envisions each bot managing a set of resources — sandboxed virtual machines or disposable accounts — that it can trade to gain identifying informa- tion about an attacker. The agency is also looking for technologies that help victims edit, author, mediate or curate responses or distractions. •
6 GCN OCTOBER/NOVEMBER 2017 • GCN.COM
B STUDIO/SHUTTERSTOCK