The deployment and usage of biometric systems is increasing at a rapid rate as the technology becomes more mature and gains user acceptance. Large-scale civilian applications like Registered Traveler program and US-VISIT program rely heavily on biometric systems as part of its authentication process. Biometric systems are also deployed in commercial applications like Automated Teller Machines (ATM) to replace or complement ATM cards. Securing the user’s biometric information is just as important as securing the biometric system. Improving security of biometric systems does have a positive impact on securing biometric information, but securing the system does not imply that the information is also secure. The technology ecosystem needs to be analyzed taking into account its principle constituents: the biometric system, the biometric process and the biometric information lifecycle. The concept of information lifecycle management has been under development for some time now, but it has not been applied to biometric information. Biometric Information Lifecycle Management refers to a sustainable strategy of maintaining confidentiality, integrity and availability of biometric information and developing policies or its use. The Biometric Information Lifecycle comprises of the following phases: creation, transformation, storage, usage, and disposition. This research is a work in progress which will define the biometric information lifecycle phases, create a taxonomy of attacks on biometric information lifecycle phases, and improve the security and management of biometric information.

Do individuals view, download, and share various types of Internet pornography and are different personality characteristics related to a person’s pornography preference? This research project gathered data from online respondents regarding their use of adult, animal, and child pornography as well as various personality characteristics. Data has been collected and is currently being analyzed.

Using the COPINE (Combating Paedophile Information Networks in Europe) classification model, which categorizes the severity of victimization in child pornography, United States law enforcement officers will be asked to classify Internet child pornography images they have seized as evidence for a 6 month period, using an anonymous online questionnaire. This project is currently in the data collection phase.

In this paper, we discuss security problems, with a focus on collaborative attacks, in the Worldwide Interoperability for Microwave Access (WiMAX) scenario. The WiMAX protocol suite, which includes but is not limited to DOCSIS, DES, and AES, consists of a large number of protocols. We present briefly the WiMAX standard and its vulnerabilities. We pinpoint the problems with individual protocols in the WiMAX protocol suite, and discuss collaborative attacks on WiMAX systems. We present several typical WiMAX attack scenarios, including: bringing a large number of attackers to increase their computation power and break WiMAX protocols; assembling a sufficient number of attackers to influence the decision-making of core machines, which includes routing attacks and Sybil attacks; and exploiting implementations that do not conform to the WiMAX specification completely, causing interoperability problems among various protocols, including the ones in typical WiMAX/WiFi/LAN deployment scenarios. We present theoretical models and practical solutions to profile, model, and analyze collaborative attacks in WiMAX. We employ attack graphs to do vulnerability analysis. Experimental results verify our models and validate our analysis.