Information Systems Security: 14th

International Conference, ICISS 2018,

Bangalore, India, December 17-19,
2018, Proceedings Vinod Ganapathy
Visit to download the full and correct content document:
https://textbookfull.com/product/information-systems-security-14th-international-confe
rence-iciss-2018-bangalore-india-december-17-19-2018-proceedings-vinod-ganapath
y/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...

Information Systems Security: 14th International

Conference, ICISS 2018, Bangalore, India, December
17-19, 2018, Proceedings Vinod Ganapathy

https://textbookfull.com/product/information-systems-
security-14th-international-conference-iciss-2018-bangalore-
india-december-17-19-2018-proceedings-vinod-ganapathy/

Information Systems Security 15th International

Conference ICISS 2019 Hyderabad India December 16 20
2019 Proceedings Deepak Garg

https://textbookfull.com/product/information-systems-
security-15th-international-conference-iciss-2019-hyderabad-
india-december-16-20-2019-proceedings-deepak-garg/

Information Systems Security 16th International

Conference ICISS 2020 Jammu India December 16 20 2020
Proceedings Salil Kanhere

https://textbookfull.com/product/information-systems-
security-16th-international-conference-iciss-2020-jammu-india-
december-16-20-2020-proceedings-salil-kanhere/

Information Systems Security 12th International

Conference ICISS 2016 Jaipur India December 16 20 2016
Proceedings 1st Edition Indrajit Ray

https://textbookfull.com/product/information-systems-
security-12th-international-conference-iciss-2016-jaipur-india-
december-16-20-2016-proceedings-1st-edition-indrajit-ray/
Security Privacy and Applied Cryptography Engineering
8th International Conference SPACE 2018 Kanpur India
December 15 19 2018 Proceedings Anupam Chattopadhyay

https://textbookfull.com/product/security-privacy-and-applied-
cryptography-engineering-8th-international-conference-
space-2018-kanpur-india-december-15-19-2018-proceedings-anupam-
chattopadhyay/

Web and Internet Economics 14th International

Conference WINE 2018 Oxford UK December 15 17 2018
Proceedings George Christodoulou

https://textbookfull.com/product/web-and-internet-economics-14th-
international-conference-wine-2018-oxford-uk-
december-15-17-2018-proceedings-george-christodoulou/

Communication Systems and Networks: 10th International

Conference, COMSNETS 2018, Bangalore, India, January
3-7, 2018, Extended Selected Papers Subir Biswas

https://textbookfull.com/product/communication-systems-and-
networks-10th-international-conference-comsnets-2018-bangalore-
india-january-3-7-2018-extended-selected-papers-subir-biswas/

Advances in Data Science Third International Conference

on Intelligent Information Technologies ICIIT 2018
Chennai India December 11 14 2018 Proceedings Leman
Akoglu
https://textbookfull.com/product/advances-in-data-science-third-
international-conference-on-intelligent-information-technologies-
iciit-2018-chennai-india-december-11-14-2018-proceedings-leman-
akoglu/

Big Data Analytics 6th International Conference BDA

2018 Warangal India December 18 21 2018 Proceedings
Anirban Mondal

https://textbookfull.com/product/big-data-analytics-6th-
international-conference-bda-2018-warangal-india-
december-18-21-2018-proceedings-anirban-mondal/
 Vinod Ganapathy
Trent Jaeger
R. K. Shyamasundar (Eds.)
LNCS 11281

Information Systems
Security
14th International Conference, ICISS 2018
Bangalore, India, December 17–19, 2018
Proceedings

123
Lecture Notes in Computer Science 11281
Commenced Publication in 1973
Founding and Former Series Editors:
Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen

Editorial Board
David Hutchison
Lancaster University, Lancaster, UK
Takeo Kanade
Carnegie Mellon University, Pittsburgh, PA, USA
Josef Kittler
University of Surrey, Guildford, UK
Jon M. Kleinberg
Cornell University, Ithaca, NY, USA
Friedemann Mattern
ETH Zurich, Zurich, Switzerland
John C. Mitchell
Stanford University, Stanford, CA, USA
Moni Naor
Weizmann Institute of Science, Rehovot, Israel
C. Pandu Rangan
Indian Institute of Technology Madras, Chennai, India
Bernhard Steffen
TU Dortmund University, Dortmund, Germany
Demetri Terzopoulos
University of California, Los Angeles, CA, USA
Doug Tygar
University of California, Berkeley, CA, USA
Gerhard Weikum
Max Planck Institute for Informatics, Saarbrücken, Germany
More information about this series at http://www.springer.com/series/7410
Vinod Ganapathy Trent Jaeger
•

R. K. Shyamasundar (Eds.)

Information Systems
Security
14th International Conference, ICISS 2018
Bangalore, India, December 17–19, 2018
Proceedings

123
Editors
Vinod Ganapathy R. K. Shyamasundar
Indian Institute of Science Indian Institute of Technology Bombay
Bangalore, India Mumbai, India
Trent Jaeger
Pennsylvania State University
University Park, PA, USA

ISSN 0302-9743 ISSN 1611-3349 (electronic)

Lecture Notes in Computer Science
ISBN 978-3-030-05170-9 ISBN 978-3-030-05171-6 (eBook)
https://doi.org/10.1007/978-3-030-05171-6

Library of Congress Control Number: 2018962541

LNCS Sublibrary: SL4 – Security and Cryptology

© Springer Nature Switzerland AG 2018

This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the
material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,
broadcasting, reproduction on microfilms or in any other physical way, and transmission or information
storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now
known or hereafter developed.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication
does not imply, even in the absence of a specific statement, that such names are exempt from the relevant
protective laws and regulations and therefore free for general use.
The publisher, the authors and the editors are safe to assume that the advice and information in this book are
believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors
give a warranty, express or implied, with respect to the material contained herein or for any errors or
omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in
published maps and institutional affiliations.

This Springer imprint is published by the registered company Springer Nature Switzerland AG
The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland
 Preface

This volume contains the papers presented at the 14th International Conference on
Information Systems Security (ICISS 2018), held at the Indian Institute of Science,
Bengaluru, Karnataka, India, during December 17–19, 2018. In response to the call for
papers, 53 submissions were received. One submission was withdrawn by the authors
while a second one was desk-rejected, leaving a total of 51 papers to be evaluated by
the Program Committee. All submissions were evaluated on the basis of the novelty
and significance of their scientific content. The Program Committee, comprising 47
members, reviewed all submissions via a single-blind review process. Each paper was
reviewed by three or more reviewers and discussed. After discussions, the committee
selected a total of 23 papers for presentation at the conference. The papers covered a
wide range of topics as is reflected in the list of papers in this volume.
In addition to the peer-reviewer papers, we were also fortunate to have four eminent
speakers delivering keynote presentations at the conference: Venkatramanan Siva
Subrahmanian (Dartmouth University), Atul Prakash (University of Michigan–Ann
Arbor), Prateek Saxena (National University of Singapore), and Sriram Rajamani
(Microsoft Research India). The program also consisted of two tutorials: one by
Nishanth Chandran and Divya Gupta (Microsoft Research India), and a second one by
Somesh Jha (University of Wisconsin–Madison). We are really thankful to these
speakers for taking time off from their busy schedules and contributing to ICISS 2018.
Many individuals contributed to making ICISS 2018 a success, and it is a pleasure
to thank them. We are thankful to all members of the Program Committee and all
external reviewers for their efforts in reviewing the papers and participating in the
discussion and selection process. We thank the Steering Committee, our publicity chair
(Anu Mary Chacko of NIT Calicut), and the Web team (Rounak Agarwal, Aditya
Shukla and Kripa Shanker, of IISc Bangalore). We thank Kushael and Shankar from
the Department of Computer Science and Automation, IISc Bangalore, for providing
administrative support and taking care of many logistical details. Needless to say, we
are thankful to all the authors who submitted their work to ICISS 2018, and our
keynote speech and tutorial speakers who accepted our invitation to present at the
conference.
We were fortunate to receive financial support for the conference from Sonata
Software, IISc Bangalore, and Microsoft Research India. We are thankful to Ompra-
kash Subbarao (Sonata Software), Y. Narahari (IISc Bangalore), and the team of
Chiranjib Bhattacharyya (IISc Bangalore), Sriram Rajamani, Satish Sangameswaran,
and Christina Gould-Sandhu (Microsoft Research India) for providing financial
sponsorship. We also appreciate the support of Springer, in particular Alfred Hofmann
and Anna Kramer, in publishing the proceedings as well as the monetary support for
the conference. We would also like to acknowledge EasyChair for their conference
management system, which was freely used to manage the process of paper submis-
sions and reviews.
VI Preface

We hope that you find these proceedings interesting and useful in your own
research.

October 2018 Vinod Ganapathy

Trent Jaeger
R. K. Shyamasundar
 Organization

Program Committee
Vijay Atluri Rutgers University, USA
Gogul Balakrishnan Google, USA
Arati Baliga Persistent Systems, India
Mridul Sankar Barik Jadavpur University, India
Lorenzo Cavallaro Royal Holloway, London, UK
Sambuddho Chakravarty IIIT-Delhi, India
Frederic Cuppens IMT Atlantique, France
Ashok Kumar Das IIIT-Hyderabad, India
Lorenzo DeCarli Worcester Polytechnic Institute, USA
Rinku Dewri University of Denver, USA
Mohan Dhawan IBM Research India
Adam Doupe Arizona State University, USA
Earlence Fernandes University of Washington, USA
Vinod Ganapathy IISc Bangalore, India
Vijay Ganesh University of Waterloo, Canada
Siddharth Garg New York University, USA
Kanchi Gopinath IISc Bangalore, India
Trent Jaeger Pennsylvania State University, USA
Sushil Jajodia George Mason University, USA
Suman Jana Columbia University, USA
Aniket Kate Purdue University, USA
Ram Krishnan University of Texas-San Antonio, USA
Subhomoy Maitra ISI-Kolkata, India
Pratyusa Manadhata HP Labs, USA
Debdeep Mukhopadhyay IIT-Kharagpur, India
Divya Muthukumaran Imperial College London, UK
Adwait Nadkarni College of William and Mary, USA
Eiji Okamoto University of Tsukuba, Japan
Biswabandan Panda IIT-Kanpur, India
Arpita Patra IISc Bangalore, India
Goutam Paul ISI-Kolkata, India
Phu Phung University of Dayton, USA
Atul Prakash University of Michigan–Ann Arbor, USA
Indrakshi Ray Colorado State University, USA
Bimal Roy ISI-Kolkata, India
Diptikalyan Saha IBM-Research India
R. Sekar StonyBrook University, USA
Sandeep Shukla IIT-Kanpur, India
VIII Organization

Anoop Singhal National Institute of Standards and Technology, USA

Arunesh Sinha University of Michigan–Ann Arbor, USA
Pramod Subramanyan IIT-Kanpur, India
Laszlo Szekeres Google, USA
Mohit Tiwari University of Texas at Austin, USA
Mahesh Tripunitara University of Waterloo, Canada
Venkatakrishnan V. N. University of Illinois, Chicago, USA
Hayawardh Vijayakumar Samsung Research, USA
Stijn Volckaert University of California, Irvine, USA
Vinod Yegneswaran SRI International, USA

Additional Reviewers

Bruhadeshwar Bezawada
Ayantika Chatterjee
Warren Connell
Sabrina De Capitani di Vimercati
Akshar Kaul
Manish Kesarwani
Haining Wang
Keynote Abstracts
 Bots, Socks, and Vandals: An Overview
of Malicious Actors on the Web

V. S. Subrahmanian

Department of Computer Science and Institute for Security, Technology,

and Society, Dartmouth College, Hanover NH 03755, USA
vs@dartmouth.edu

Abstract. In this paper, we discuss four types of malicious actors on social

platforms and online markets: bots, sockpuppets, individuals committing review
fraud, and vandals.

Keywords: Social media
Bots
Sockpuppets
Wikipedia
Vandals

Online social networks and e-commerce platforms are increasingly targeted by mali-
cious actors with a wide variety of goals. Bots on Twitter may seek to illicitly influence
opinion. Sock-puppet accounts on online discussion forums (e.g. discussion threads on
online news articles) may help push certain points of view. Vandals on Wikipedia may
seek to inject false material into otherwise legitimate pages. Review fraud in online
forums may illicitly promote a product or destroy a competing product’s reputation.
The bulk of this talk will focus on identifying review fraud in online e-commerce
platforms such as Amazon, eBay and Flipkart. Because an increase of 1 star in a
product rating can, on average, lead to a 5–9% increase in revenues, vendors have
strong incentives to generate fake reviews. We will present both an unsupervised model
as well as a supervised model to identify users who generate fake reviews. We show
that our framework, called REV2 [3], produces high performance in real world
experiments. In addition, a report of 150 review fraud accounts on Flipkart was
independently evaluated by Flipkart’s anti-fraud team who reported that 127 of the
predictions were correct.
Sockpuppet accounts – multiple accounts operated by a single individual or cor-
porate “puppetmaster” – are also a popular mechanism used to inappropriately sway
opinion in online platforms. For instance, social “botnets” [4] commonly use multiple
“sock” accounts to implement coordinated bots. Sockpuppet accounts are also com-
monly used by trolls. I will report on recent work [2] on the characteristics and
properties of sockpuppet accounts through a study that involves data from the Disqus
platform. Disqus powers discussion threads and forums on a host of news and other
websites. Sockpuppets are often used in such contexts to artificially boost an opinion or
artificially generate controversy. I will also briefly discuss the use of bots in real world
influence campaigns along with methods to detect them [1, 4].
Third, I will discuss the problem of vandals on Wikipedia. Though research has
been done previously on automated methods to detect acts of vandalism on Wikipedia,
we describe VEWS, a Wikipedia Vandal Early Warning System that seeks to detect
vandals as early as possible and preferably before they commit any acts of vandalism.
XII V. S. Subrahmanian

We show that VEWS outperforms prior work – but that when combined with prior
work, it predicts vandals with very high accuracy.
The talk will conclude with a discussion of different types of malicious actors on
the web.

References
1. Dickerson, J.P., Kagan, V., Subrahmanian, V.: Using sentiment to detect bots on twitter: are
humans more opinionated than bots? In: Proceedings of the 2014 IEEE/ACM International
Conference on Advances in Social Networks Analysis and Mining, pp. 620–627. IEEE Press
(2014)
2. Kumar, S., Cheng, J., Leskovec, J., Subrahmanian, V.: An army of me: sockpuppets in online
discussion communities. In: Proceedings of the 26th International Conference on World Wide
Web, pp. 857–866. International World Wide Web Conferences Steering Committee (2017)
3. Kumar, S., Hooi, B., Makhija, D., Kumar, M., Faloutsos, C., Subrahmanian, V.: Rev2:
fraudulent user prediction in rating platforms. In: Proceedings of the Eleventh ACM Inter-
national Conference on Web Search and Data Mining, pp. 333–341. ACM (2018)
4. Subrahmanian, V.S., et al.: The darpa twitter bot challenge. Computer 49(6), 38–46 (2016).
https://doi.org/10.1109/MC.2016.183
 Robust Physical-World Attacks on Deep
Learning Visual Classifiers and Detectors
(Invited Talk)

Atul Prakash

Computer Science Division, University of Michigan,

Ann Arbor, MI 48109, USA
aprakash@umich.edu

Abstract. Recent studies show that the state-of-the-art deep neural networks
(DNNs) are vulnerable to adversarial examples, resulting from small-magnitude
perturbations added to the input [1, 5, 6, 8, 10, 12]. Given that that emerging
physical systems are using DNNs in safety-critical situations such as autono-
mous driving, adversarial examples could mislead these systems and cause
dangerous situations. It was however unclear if these attacks could be effective
in practice with real-world objects [7], with some researchers finding that the
attacks fail to translate to physical world in practice [9]. We report on some of
our findings [2, 3] for generating such adversarial examples that can be physi-
cally realized using techniques such as stickers placed on real-world traffic
signs. With a perturbation in the form of only black and white stickers, we
modified real stop signs, causing targeted misclassification in over 80% of video
frames obtained on a moving vehicle (field test) for state-of-the-art image
classifiers, LISA-CNN and GTSRB-CNN. Our recent results [4] suggest that
object detectors, such as YOLO [11], are also susceptible to physical pertur-
bation attacks. I discuss some of the implications of the work on the design of
robust classifiers and detectors for safety-critical applications.

Keywords: Adversarial machine learning
Input perturbation

Physical attacks
Deep learning
Security
Robust classifiers
Robust detectors

References
1. Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: 2017
IEEE Symposium on Security and Privacy (SP), pp. 39–57. IEEE (2017)
2. Eykholt, K., et al.: Robust physical-world attacks on deep learning visual classification. In:
Proceedings of Computer Vision and Pattern Recognition Conference (CVPR 2018). IEEE,
June 2018. (Supersedes arXiv preprint arXiv:1707.08945, August 2017)
3. Eykholt, K., et al.: GitHub Repo on Robust Physical Perturbations Code. https://github.com/
evtimovi/robust_physical_perturbations
4. Eykholt, K., et al.: Attacking object detectors with adversarial stickers. In: Proceedings of
12th Usenix Workshop on Offensive Technologies (WOOT), Baltimore, MD, (arXiv:1807.
07769) (supersedes arXiv:1712.08062), August 2018
XIV A. Prakash

5. Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples.
arXiv preprint arXiv:1412.6572 (2014)
6. Kos, J., Fischer, I., Song, D.: Adversarial examples for generative models. arXiv preprint
arXiv:1702.06832 (2017)
7. Kurakin, A., Goodfellow, I., Bengio, S.: Adversarial examples in the physical world. arXiv
preprint arXiv:1607.02533 (2016)
8. Liu, Y., Chen, X., Liu, C., Song, D.: Delving into transferable adversarial examples and
black-box attacks. arXiv preprint arXiv:1611.02770 (2016)
9. Lu, J., Sibai, H., Fabry, E., Forsyth, D.: No need to worry about adversarial examples in
object detection in autonomous vehicles. arXiv preprint arXiv:1707.03501 (2017)
10. Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., Celik, Z.B., Swami, A.: The limitations
of deep learning in adversarial settings. In: 2016 IEEE European Symposium on Security
and Privacy (EuroS&P), pp. 372–387. IEEE (2016)
11. Redmon, J., Farhadi, A.: YOLO9000: better, faster, stronger. CoRR, abs/1612.08242 (2016)
12. Sabour, S., Cao, Y., Faghri, F., Fleet, D.J.: Adversarial manipulation of deep representations.
arXiv preprint arXiv:1511.05122 (2015)
 Specifying and Checking Data Use Policies

Sriram K. Rajamani

Microsoft Research, Bengaluru, India

sriram@microsoft.com

Cloud computing has changed the goals of security and privacy research. The primary
concerns have shifted to protecting data in terms of not only who gets to access data,
but also how they use it. While the former can be specified using access control logics,
the latter is relatively a new topic and relatively unexplored.
We describe a language called Legalese, which we designed to specify data use
policies in cloud services. Legalese [1] uses propositional logic together with type-state
to specify constraints on data use, retention and combination of data. Next, we describe
a notion called Information Release Confinement (IRC) [2], which can be used to
specify that data does not leave a region except through specific channels such as API
calls. IRC has been used to specify and verify confidentiality of cloud services that use
Intel SGX enclaves. Finally, we speculate on combining these two approaches to
specify and check stateful policies on data use in cloud services.

References
1. Sen, S., Guha, S., Datta, A., Rajamani, S.K., Tsai, J.Y., Wing, J.M.: Bootstrapping Privacy
Compliance in Big Data Systems. In: IEEE Symposium on Security and Privacy, pp. 327–34
(2014)
2. Sinha, R., et al.: A design and verification methodology for secure isolated regions. In: PLDI,
pp. 665–681 (2016)
 Contents

Ubiquitous Computing

A Characterization of the Mass Surveillance Potential of Road

Traffic Monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Kirk Boyer, Hao Chen, Jingwei Chen, Jian Qiu, and Rinku Dewri

SecSmartLock: An Architecture and Protocol for Designing

Secure Smart Locks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Bhagyesh Patil, Parjanya Vyas, and R. K. Shyamasundar

A Novel Multi-factor Authentication Protocol for Smart

Home Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
K. Nimmy, Sriram Sankaran, and Krishnashree Achuthan

Modeling and Analysis of Attacks

Modeling and Analyzing Multistage Attacks Using Recursive

Composition Algebra. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Ghanshyam S. Bopche, Gopal N. Rai, B. M. Mehtre,
and G. R. Gangadharan

RiskWriter: Predicting Cyber Risk of an Enterprise . . . . . . . . . . . . . . . . . . . 88

K. Aditya, Slawomir Grzonkowski, and Nhien-An Le-Khac

ProPatrol: Attack Investigation via Extracted High-Level Tasks . . . . . . . . . . 107

Sadegh M. Milajerdi, Birhanu Eshete, Rigel Gjomemo,
and Venkat N. Venkatakrishnan

Smartphone Security

SGP: A Safe Graphical Password System Resisting Shoulder-Surfing

Attack on Smartphones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Suryakanta Panda, Madhu Kumari, and Samrat Mondal

Towards Accuracy in Similarity Analysis of Android Applications . . . . . . . . 146

Sreesh Kishore, Renuka Kumar, and Sreeranga Rajan
XVIII Contents

Cryptography and Theory

Secret Sharing Schemes on Compartmental Access Structure

in Presence of Cheaters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Jyotirmoy Pramanik, Partha Sarathi Roy, Sabyasachi Dutta,
Avishek Adhikari, and Kouichi Sakurai

Privacy Preserving Multi-server k-means Computation over Horizontally

Partitioned Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Riddhi Ghosal and Sanjit Chatterjee

Secure Moderated Bargaining Game . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

Sumanta Chatterjee

Enterprise and Cloud Security

SONICS: A Segmentation Method for Integrated ICS

and Corporate System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Khaoula Es-Salhi, David Espes, and Nora Cuppens

Proxy Re-Encryption Scheme for Access Control Enforcement Delegation

on Outsourced Data in Public Cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Gaurav Pareek and B. R. Purushothama

From Cyber Security Activities to Collaborative Virtual Environments

Practices Through the 3D CyberCOP Platform . . . . . . . . . . . . . . . . . . . . . . 272
Alexandre Kabil, Thierry Duval, Nora Cuppens, Gérard Le Comte,
Yoran Halgand, and Christophe Ponchel

Machine Learning and Security

A Deep Learning Based Digital Forensic Solution to Blind Source

Identification of Facebook Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Venkata Udaya Sameer, Ishaan Dali, and Ruchira Naskar

A Digital Forensic Technique for Inter–Frame Video Forgery Detection

Based on 3D CNN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Jamimamul Bakas and Ruchira Naskar

Re–compression Based JPEG Tamper Detection and Localization Using

Deep Neural Network, Eliminating Compression Factor Dependency. . . . . . . 318
Jamimamul Bakas, Praneta Rawat, Kalyan Kokkalla,
and Ruchira Naskar
 Contents XIX

Privacy

SeDiCom: A Secure Distributed Privacy-Preserving

Communication Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
Alexander Marsalek, Bernd Prünster, Bojan Suzic, and Thomas Zefferer

Efficacy of GDPR’s Right-to-be-Forgotten on Facebook . . . . . . . . . . . . . . . 364

Vishwas T. Patil and R. K. Shyamasundar

Analysis of Newer Aadhaar Privacy Models . . . . . . . . . . . . . . . . . . . . . . . . 386

Ajinkya Rajput and K. Gopinath

Client Security and Authentication

drPass: A Dynamic and Reusable Password Generator Protocol . . . . . . . . . . 407

Suryakanta Panda and Samrat Mondal

MySecPol: A Client-Side Policy Language for Safe and Secure Browsing . . . 427
Amit Pathania, B. S. Radhika, and Rudrapatna Shyamasundar

Gaze-Based Graphical Password Using Webcam . . . . . . . . . . . . . . . . . . . . . 448

Abhishek Tiwari and Rajarshi Pal

Invited Keynote

(Invited Paper) on the Security of Blockchain Consensus Protocols . . . . . . . . 465

Sourav Das, Aashish Kolluri, Prateek Saxena, and Haifeng Yu

Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481

Ubiquitous Computing
 A Characterization of the Mass
Surveillance Potential of Road Traffic
Monitors

Kirk Boyer, Hao Chen, Jingwei Chen, Jian Qiu, and Rinku Dewri(B)

Department of Computer Science, University of Denver, Denver, CO, USA

rdewri@cs.du.edu

Abstract. Modern technology allows for the detection and identifica-

tion of a vehicle passing through specific locations on a road network.
The most prominent technology in use leverages cameras capable of high
speed image capture, back-end extraction of plate numbers, and real
time membership queries in multiple databases. Various parties have
a vested interest in making use of the kind of data produced by such
systems, in particular to deter risky driving, analyze traffic patterns,
enable unmanned toll collection, and aid law enforcement agencies. In
this paper, we proceed to assess the mass surveillance potential arising
from the type and frequency of data collected in these systems. We show
that even when restricted to information only about the structure of
a road network, one can begin to set up an effective network of traffic
monitoring devices to infer the travel destinations of individuals up to a
concerning level of precision. We develop a tracker placement algorithm
to corroborate this claim, and provide a quantitative evaluation of the
privacy risks generated by the network of trackers determined by this
algorithm.

Keywords: Location privacy · Mass surveillance · ALPR

1 Introduction
A recurring theme in privacy is that the development of technologies that provide
new useful forms of data often inadvertently provide access, even if indirectly,
to information that is much more personal than originally intended or hoped.
One such technology is automatic vehicle detection and identification, which can
be used for traffic control and enforcement, monitoring accidents, toll collection,
criminal pursuits, and gathering intelligence, among others. The technology is
undoubtedly powerful and is beneficial for local administration and public safety
services. It has seen different levels of adoption, ranging from local municipalities
to large scale nationwide deployments.
As real-time image recognition technology evolves and becomes cost-effective,
the installation of monitoring devices in road networks is only expected to
increase. There is already a circulating argument from privacy groups that the
c Springer Nature Switzerland AG 2018
V. Ganapathy et al. (Eds.): ICISS 2018, LNCS 11281, pp. 3–23, 2018.
https://doi.org/10.1007/978-3-030-05171-6_1
4 K. Boyer et al.

deployment of more and more vehicle tracking devices in disparate localities

could finally amalgamate into a large scale mass surveillance network. While
some networks are large enough that real time tracking is surmised to be possi-
ble (e.g. the UK’s National ANPR Data Center [15]), other road networks across
much of the developed world are slowly being converted to smart infrastructures
aided with traffic cameras and back-end vehicle identification systems [19]. In
the midst of continuous deployments, it is often difficult to comprehend when
the state of traffic monitoring technology crosses the thin line between public
good and personal privacy.
In this paper, we present the first known study to quantitatively assess the
mass tracking potential of traffic monitoring devices. We explore how the number
and geographic locations of vehicle identification cameras (or trackers in general)
impact the real time tracking of a moving vehicle on a road network. Since road-
ways are hierarchically designed, placing trackers in specific high usage junctions
can add more value from a surveillance standpoint than others. In addition, we
seek to obtain a quantitative characterization of the privacy implications of such
tracking, primarily as related to the locations visited by an individual.
We first develop a tracker placement algorithm that favors nodes that are
central to the fastest paths joining locations on a road network graph. In this
context, there are the competing interests of placing trackers at frequently passed
locations, and preventing the clustering of trackers in a small region. Second, we
propose four metrics to evaluate the surveillance coverage of a specific set of
trackers, their effectiveness in being able to continuously track a vehicle, and
consequently how much location uncertainty remains about the destinations of
a travel path. An empirical evaluation of the placement algorithm with respect
to these metrics in a 100 square mile area of the Denver metropolitan area of
Colorado, USA suggests that, with as few as 100 trackers, one can achieve an
80% coverage, and location uncertainties close to a mile. The location privacy
risks are worrisome if the number of trackers crosses into the thousands—using
1000 trackers, 97.6% of tested paths could be tracked, with most destination
nodes being traceable to within 2000 ft.
The remainder of the paper is organized as follows. We present background on
the tracking methodology, and insights into the design of our tracker placement
algorithm in Sects. 2 and 3. Section 4 presents the four evaluation metrics. We
present the experimental setup in Sect. 5, followed by empirical results in Sect. 6.
Section 7 discusses some related work in the domain. Finally, we conclude the
paper in Sect. 8 with a discussion on potential refinements.

2 Road Traffic Monitoring

A road network is modeled as a directed graph G = V, E consisting of a vertex
(node) set V and an edge set E. A node is present for each road intersection.
However, nodes are typically present between two intersections as well when the
path connecting them is not a straight line. This helps maintain the shape of
roadways when visualized as a planar graph, and also enables accurate compu-
tation of the distance between two intersection nodes. An edge represents a road
 Mass Surveillance Using Road Traffic Monitors 5

segment between two adjacent nodes. Nodes can be annotated with positioning
data, and edges can be annotated with length and speed limit. Figure 1 depicts
a road network graph plotted based on the latitude and longitude positions of
corresponding nodes.

Fig. 1. An example road network graph.

Travel on a road network is often dictated by shortest time and fewer turns,
instead of shortest length [8]. As such, a typical path between two nodes shows
a hierarchy of road types, starting at local streets, joining on to higher capacity,
but fewer, collector and arterial roadways, and finally to a limited number of
expressways for long distance travel [1]. This pattern results in certain road
segments being utilized with much higher frequency than others.

2.1 Traffic Monitoring

Several types of traffic cameras supplement a modern road transportation infras-
tructure. The most common of these is a traffic detection camera, deployed at
intersections to detect the presence of traffic and accordingly activate traffic
lights. Such cameras are monitored in real time by the local administration, who
also decides whether the footage is recorded. The availability of cost-effective
high-resolution cameras opens the possibility of performing other recognition
tasks on the captured images, such as passenger face detection and vehicle iden-
tification (number plate). Another category of cameras that is deployed enforces
different traffic regulations such as red lights, speed limits, restricted vehicle
lanes, occupancy limits, and tollways. These cameras could be supplemented
6 K. Boyer et al.

with additional hardware, such as a flash light or a radio transceiver, depending

on the task for which they are set up. Since a penalty is often levied on violators,
the ability to perform vehicle identification is rudimentary in such deployments.
An Automated License Plate Recognition (ALPR) system can perform such a
task by automatically extracting a vehicle’s plate number from a captured image,
comparing it to one or more databases, and reporting or recording the results
[7]. ALPR systems are known to be in use to look for stolen vehicles, or vehicles
registered to persons of interest, gather intelligence on criminals, and track fleets
of commercial vehicles, among others. They exist as locally managed small-scale
systems, and also as nationwide deployments (e.g. UK’s National ANPR Data
Center). Not all ALPR camera locations are public domain knowledge due to the
nature of their intended use cases. ALPR systems also have the potential to act
as mass surveillance systems, although it is difficult to assess their effectiveness
without knowing the camera locations.

2.2 Trackers and Tracker Activations

A primary objective of this work is to gather a preliminary assessment on the

mass surveillance potential of traffic monitoring cameras. We abstract out the
type of camera in use, and use the term tracker to mean any monitoring device
that is capable of identifying a vehicle during transit. Formally, a tracker is a
special node in the road network graph. A vehicle passing through a tracker node
is then analogous to making an entry into a database with the vehicle’s identity,
the tracker’s location (or identifier), and a timestamp. We refer to such an event
as a tracker activation. Multiple activations can originate from a tracker at the
same time instance, meaning that a tracker is fast enough to identify multi-
ple high-speed vehicles passing through the node at the same time. We assume
that trackers are omni-directional (works irrespective of the direction of app-
roach towards the node). A vehicle traveling through a road network generates
tracker activations as it passes through tracker nodes, effectively generating a
timestamped trace of its locations on the road network.

2.3 Path Reconstruction

Given a road network G = V, E, let the ordered set P = {v1 , v2 , ..., vl } represent
a path of length l, where vi ∈ V , for i = 1...l, and vi → vi+1 ∈ E, for i =
1...(l − 1). Here, v1 is the source (start) and vl is the destination (end) node
of the path, also referred to as the boundary nodes of the path. Let T ⊆ V
designate a set of tracker nodes. Then, P ∩ T represents the trackers that are
activated by path P . The ordering of elements in this intersection is done as
per their ordering in P . Let P̃ = P ∩ T = {vt1 , vt2 , ..., vts } be the ordered set of
activated trackers. vt1 and vts are the corresponding boundary nodes of this set.
An entity monitoring tracker activations will observe a time series of tracker
activations for each vehicle. This series can be split into multiple subsequences
by observing the time difference between two successive activations – if the
 Mass Surveillance Using Road Traffic Monitors 7

time difference is much larger than the time required to travel between the two
trackers, then it is reasonable to split the series at this point.
Given a set of activated trackers P̃ obtained after splitting as above, a moni-
toring entity can attempt to reconstruct P based on standard notions of optimal
travel time. Let op(v, v  ) denote the optimal path from source v to destination
v  . The optimal path between two nodes is often the fastest path, unless it is
exceedingly longer than the shortest path. For the purpose of this study, we will
mean the fastest path in all our uses of the op function. One way to reconstruct
P from P̃ is to concatenate the optimal paths between successive trackers in P̃ .
The reconstructed path, denoted as P  , is given as

P  = op(vt1 , vt2 ) ∪ ... ∪ op(vts−1 , vts ),

where the union operations are order-preserving. Observe that if tracker acti-
vations are generated by vehicles following the fastest path from a source to a
destination, then the reconstruction is simply P  = op(vt1 , vts ). The quality of
a reconstruction is then dependent on the proximity of a vehicle’s tracker acti-
vations to the source and destination nodes, which in turn is dependent on the
placement of trackers in the road network.

3 Tracker Placement
A trivial method to ensure that a reconstructed path exactly matches the under-
lying true path is to convert every node in the network to a tracker. Thereafter,
the tracker activations will indicate the exact path (P  = P̃ = P ), and no
reconstruction is necessary. Another alternative would be to only convert the
intersection nodes to trackers, and then calculate the optimal path between two
trackers as the path containing no intermediate intersections. Clearly, both solu-
tions are cost-prohibitive.
We explore the problem of placing trackers under the situation when the
number of trackers, nT , is pre-decided. Thereafter, given a road network graph
G and a positive integer nT , determine nT nodes to be converted to trackers such
that the accuracy of path reconstructions is maximized. Specific algorithms can
be tailored to maximize specific accuracy metrics; however, our approach in this
initial study is to develop a generic method free from any specific metric, and
then evaluate its performance with respect to different metrics. The design of
specific algorithms targeting specific objective functions is left for a future study.

3.1 Frequency Based Placement

One generic approach to place the trackers is to choose nodes in the decreasing
order of their frequency of use in paths. The approach is promising due to the
hierarchical nature of roadways, and the conformance of driving patterns to this
hierarchy in terms of path selection [18]. The node frequencies can be obtained
from structural properties of the road network, or through a sampling of traf-
fic flow using temporary devices such as pneumatic road tubes. We consider
8 K. Boyer et al.

the betweenness centrality measure of connected graphs for the former [3]. The
betweenness value of a node v captures the inclusion of v in the optimal paths
between any pair of nodes. If P(va , vb ) represents all optimal paths from node
va to vb , then the betweenness value of a node v is given as
 |{P |P ∈ P(va , vb ) and v ∈ P }|
β(v) = . (1)
|P(va , vb )|
v=va =vb

It can be reasonably assumed that a road network will be a connected graph.

Hence, |P(va , vb )| > 0, for all va , vb in the above formulation; otherwise, we
ignore such pairs of nodes in the computation. Recall that we use the fastest
path(s) as the optimal ones.
Node frequencies can also be obtained from available traffic count data. While
betweenness accounts for paths between all pairs of nodes, and treats all such
paths equally, frequency information derived from traffic counts can capture
travel patterns specific to localities (e.g. a local store), central commercial loca-
tions (e.g. a business district in the city), and temporal variations throughout
the day. In the following discussion, we will use the term node frequency to mean
either betweenness or traffic count depending on the context.

3.2 Minimal Separation Between Trackers

Given the set of nodes ordered by their frequencies, the first nT nodes can be
converted to trackers so that tracker activations are triggered for a large number
of paths. However, neighboring road network nodes tend to cluster together when
sorted based on their frequencies. A high frequency node often has adjoining
frequently used road segments. Figure 2 illustrates the issue with a toy example.
Consider the four paths originating in S and terminating in A, B, C and D.
Assume that each hop (moving along an edge) takes constant time. Based on
the four paths, if the two highest frequency nodes are converted to trackers
(leftmost figure), then node A would be 1 hop away from a tracker activation,
node B would be 2 hops away, and nodes C and D will be 3 hops away. However,
the average hop count can be reduced by forcing the trackers to have some
minimal separation, instead of being adjacent to each other. The center and
right figures show the hop counts when using a separation of 2 hops between
trackers. Motivated by this observation, we choose nodes in decreasing order of
their frequencies, but skip a node if a tracker already exists within some pre-
defined distance of the node.

3.3 Waves
Minimal separating distances help disperse trackers throughout a road network.
However, if the specified distance is too large, there is a possibility that the entire
set of nodes is exhausted before nT nodes are chosen as trackers. To alleviate
this issue, we can restart the selection process on the remaining nodes using a
smaller separating distance than in the previous iteration. Hence, our approach
 Mass Surveillance Using Road Traffic Monitors 9

Fig. 2. Introducing separation between trackers (solid circles) can help improve recon-
struction effectiveness.

Fig. 3. Tracker placement using minimal separating distances and waves. Frequencies
are from (a) betweenness values, and (b) traffic counts highlighting local visits.

runs the selection process in waves (iterations) until nT nodes have been chosen.
The steps for the entire approach can be summarized as follows.
1. Let Vsorted be an ordered set of vertices sorted in decreasing order of their
frequencies, T = φ, d = (d1 , d2 , ..., dw = 0) be a sequence of decreasing values
to be used as separating distances, and dist be a distance function between
nodes. Let wave = 1 and Vrejected = φ.
2. Remove the first node v ∈ Vsorted . Add v to T if for all v  ∈ T , dist(v, v  ) >
dwave ; otherwise add v to Vrejeted (tail end).
3. If Vsorted = φ, increment wave by 1, set Vsorted = Vrejected and then
Vrejected = φ.
4. If |T | < nT , repeat from step 2.
Figure 3 illustrates the result of placing 100 trackers on a road network graph
of the Denver metropolitan area in Colorado, USA. In both plots, frequently
used roadways are depicted using a darker shade. For Fig. 3a, the fastest paths
between all pairs of nodes have been considered. As a result, all highways and
10 K. Boyer et al.

arterial roadways have become prominently visible. For Fig. 3b, travel paths are
to a nearby local business. Therefore, specific local and collector roads have
gained prominence. The dispersion of trackers provided by the minimal separa-
tion method is clearly visible in both instances.

4 Evaluation Metrics

We evaluate the effectiveness of our approach by computing various metrics on

the reconstructed paths corresponding to a set Ptest of test paths. Given a set
of tracker nodes T , we compute the reconstructed path Pi for each test path
Pi ∈ Ptest as detailed in Sect. 2.3.

4.1 Reconstruction Coverage

An ill-placed set of trackers will fail to overlap with most paths. As a result,
no activations will be triggered, thereby leading to no reconstruction. For mass
surveillance, the more reconstructions that a set of trackers can effectuate, the
better is the underlying placement. Reconstruction coverage captures this aspect
as the fraction of test paths for which a reconstruction is possible.

|{P |P ∈ Ptest and P ∩ T = φ}|

Coverage = . (2)
|Ptest |

Coverage does not consider the quality of a reconstruction. Even a single tracker
activation is considered a successful tracking event under this metric, although
no path reconstruction is possible with a single tracker activation.

4.2 Path Coverage

The path coverage metric measures the fraction of the total distance in a path
Pi ∈ Ptest that has been accurately covered by the corresponding reconstructed
  
path Pi . If Pi = {vi1, vi2 , ..., vil } and Pi = {vi1, vi2 , ..., vil }, then
l −1  
k=1 dist(vik , vi(k+1) )
P ath Coverage(Pi ) = l−1 . (3)
k=1 dist(vik , vi(k+1) )

This metric is appropriate when the test path Pi is also an optimal path as per
the op function used during the path reconstruction. When using fastest paths,

we clearly have Pi ⊆ Pi and the metric signifies the fraction of travel distance
for which the vehicle’s location can be accurately tracked in real time.
 Mass Surveillance Using Road Traffic Monitors 11

4.3 Boundary Activation Distance

We often associate a higher privacy value to the locations and neighborhoods
that we visit, instead of the path we take to arrive at such destinations. While
high frequency nodes operating as trackers can provide good reconstruction
and path coverage, the associated privacy risks can be minimal if a path’s
source and destination are difficult to infer from a reconstruction. As such the
boundary activation distance metric quantifies the average distance between the
two corresponding boundary nodes in the real and the reconstructed paths. If
  
Pi = {vi1, vi2 , ..., vil } and Pi = {vi1, vi2 , ..., vil }, then

1 

Boundary Activation(Pi ) = dist(vi1 , vi1 ) + dist(vil , vil  ) . (4)
2
Tracker activations happening closer to the source and destination nodes of a
path will result in a smaller boundary activation distance, thereby providing
smaller areas of uncertainties on the source and destination of a path.

4.4 Tracker Period

The real time tracking potential of a set of trackers can be characterized in a man-
ner similar to that in the boundary activation distance metric. Instead of con-
sidering the location uncertainty only at the boundary nodes, the tracker period
metric considers the uncertainty along the entire path as the average distance
traveled between two successive tracker activations. If Pi ∩T = {vit1 , vit2 , ..., vits }
are the activated tracker nodes, then

1 
s−1
T racker P eriod(Pi ) = oplen (vitk , vitk+1 ), (5)
s−1
k=1

where oplen (va , vb ) is the length (travel distance) of the optimal path from node
va to vb . A well dispersed set of trackers will generate a consistent tracker period
for a majority of the test paths.
Average values for path coverage, boundary activation distance and tracker
period can be computed over the test paths in Ptest . In addition, summary
statistics such as median and quartiles are useful in observing the variation in
the metrics’ values over different paths.

5 Experimental Setup
We perform the empirical evaluation of our approach on a road network graph
spanning an approximately 100 square mile area of Denver, Colorado, USA
(Fig. 1). The graph spans between latitudes 39.654518◦ N and 39.790931◦ N, and
longitudes 105.053195◦ W and 104.867402◦ W. It consists of 40,253 vertices and
83,599 directed edges. Each node is labeled with its latitude and longitude coor-
dinates. Each edge is labeled with the geodesic distance between the two nodes,
12 K. Boyer et al.

Fig. 4. Source and destination nodes of 10,000 test paths in four different generation
models—(a) local (b) central (c) mix (d) free. See text for model descriptions.

a road segment type value, and the speed limit on the road segment. We com-
pute the time required to travel a road segment (edge) by dividing the distance
by the speed limit. Distances between nodes (the dist function) are computed
using the Vincenty inverse formula for ellipsoid, which is available as the gdist
function in the lmap R package. The implementation is done as a single threaded
R application, running on a laptop with a 3.1 GHz Intel Core i7 processor, 16 GB
memory, and OSX 10.10.5. Graph operations, such as finding fastest paths and
betweenness centrality values, are performed using the igraph 1.2.1 R package.
We consider four probabilistic node selection models, and generate 10,000 test
paths from each. For test path generation, we divide the graph area into a 10×10
grid of cells, and assign a probability of selection to each cell. Nodes are chosen
by first choosing a cell as per the assigned probabilities, and then randomly
picking a node within the chosen cell. In the free model, equal probabilities
are assigned to each cell, and source/destination pairs are chosen accordingly.
For the central model, specific cells in the Denver business district are assigned
Another random document with
no related content on Scribd:
guide a tool. The slide-rest, while it had been invented, had not been
put into practical form or come into general use. There were a few
rude drilling and boring machines, but no planing machines, either
for metal or wood. The tool equipment of the machinist, or
“millwright,” as he was called, consisted chiefly of a hammer, chisel
and file. The only measuring devices were calipers and a wooden
rule, with occasional reference perhaps to “the thickness of an old
shilling,” as above. Hand forging was probably as good as or better
than that of today. Foundry work had come up to at least the needs
of the time. But the appliances for cutting metal were little better than
those of the Middle Ages.
Such was the mechanical equipment in 1775; practically what it
had been for generations. By 1850 it was substantially that of today.
In fact, most of this change came in one generation, from about 1800
to 1840. Since that time there have been many improvements and
refinements, but the general principles remain little changed. With so
wonderful a transformation in so short a time, several questions arise
almost inevitably: Where did this development take place, who
brought it about, and why was it so rapid?
The first question is fairly simple. England and America produced
the modern machine tool. In the period mentioned, England
developed most of the general machine tools of the present day; the
boring machine, engine lathe, planer, shaper, the steam hammer and
standard taps and dies. Somewhat later, but partially coincident with
this, America developed the special machine tool, the drop hammer,
automatic lathes, the widespread commercial use of limit gauges,
and the interchangeable system of manufacture.
In a generalization such as this, the broad lines of influence must
be given the chief consideration. Some of the most valuable general
tools, such as the universal miller and the grinder, and parts of the
standard tools, as the apron in the lathe, are of American origin. But,
with all allowances, most of the general machine tools were
developed in England and spread from there throughout the world
either by utilization of their design or by actual sale. On the other
hand, the interchangeable system of manufacture, in a well-
developed form, was in operation in England in the manufacture of
ships’ blocks at Portsmouth shortly after 1800; and yet this block-
making machinery had been running for two generations with little or
no influence on the general manufacturing of the country, when
England, in 1855, imported from America the Enfield gun machinery
and adopted what they themselves styled the “American”
interchangeable system of gun making.[7]
[7] See page 139.

The second question as to who brought this change about is not

so simple. It is not easy to assign the credit of an invention. Mere
priority of suggestion or even of experiment seems hardly sufficient.
Nearly every great improvement has been invented independently by
a number of men, sometimes almost simultaneously, but often in
widely separated times and places. Of these, the man who made it a
success is usually found to have united to the element of invention a
superior mechanical skill. He is the one who first embodied the
invention in such proportions and mechanical design as to make it
commercially available, and from him its permanent influence
spreads. The chief credit is due to him because he impressed it on
the world. Some examples may illustrate this point.
Leonardo da Vinci in the fifteenth century anticipated many of the
modern tools.[8] His sketches are fascinating and show a wonderful
and fertile ingenuity, but, while we wonder, we smile at their
proportions. Had not a later generation of mechanics arisen to re-
invent and re-design these tools, mechanical engineering would still
be as unknown as when he died.
[8] American Machinist, Vol. 32, Part 2, pp. 821 and 868.

Take the slide-rest. It is clearly shown in the French encyclopedia

of 1772, see Fig. 3, and even in an edition of 1717. Bramah,
Bentham and Brunel, in England, and Sylvanus Brown,[9] in America,
are all said to have invented it. David Wilkinson, of Pawtucket, R. I.,
was granted a patent for it in 1798.[10] But the invention has been,
and will always be, credited to Henry Maudslay, of London. It is right
that it should be, for he first designed and built it properly, developed
its possibilities, and made it generally useful. The modern slide-rest
is a lineal descendant from his.
[9] Goodrich: “History of Pawtucket,” pp. 47-48. Pawtucket, 1876.
 [10] Ibid., p. 51.

Blanchard was by no means the first to turn irregular forms on a

lathe. The old French rose engine lathe, shown in Fig. 4, embodied
the idea, but Blanchard accomplished it in a way more mechanical,
of a far wider range of usefulness, and his machine is in general use
to this day.
Figure 3. French Slide-Rest, 1772
 Figure 4. French Lathe for Turning Ovals, 1772

The spindle swings sidewise under the influence of the two cams which bear
against the upright stops
 JOSEPH BRAMAH Sir SAMUEL Sir MARC I.
1748-1814 BENTHAM BRUNEL
Invented Lock, Hydraulic 1757-1831 1769-1849
press, 4-way cock, and 44 NEW MACHINES.
wood working machinery. BLOCK M’CHRY-1800-08
HENRY MAUDSLAY
1771-1831
 Slide rest for metal work, Block machinery, Flour,
Sawmill and Mint mach’ry, Punches, Mill and Marine
Steam Engines, Fine screw cutting. Laid basis for
Lathe, Planer and Slotter
JOSEPH CLEMENT
1779-1844
Slide Lathe, Planer 1820 and 1824
Manufactured Taps and Dies Standard
Screw Threads
MATT. JAMES RICH’D. JOSEPH JAMES
MURRAY FOX ROBERTS WHITWORTH NASMYTH
1803-87 1808-90
Engines D- Index Versatile Std. Screw Index
Valve Cutting of Inventor, Threads Milling
Planer Gears Planer Foremost tool Shaper
Lathes, builder of the Steam
Planer 19th Century Hammer
Am. Machinist

Figure 5. Genealogy of the Early English Tool Builders

To the third question as to why this development when once begun

should have been so rapid, there are probably two answers. First, an
entirely new demand for accurate tools arose during these years,
springing from the inventions of Arkwright, Whitney, Watt, Fulton,
Stephenson and others. The textile industries, the steam engine,
railways, and the scores of industries they called into being, all called
for better and stronger means of production. While the rapidity of the
development was due partly to the pressure of this demand, a
second element, that of cumulative experience, was present, and
can be clearly traced. Wilkinson was somewhat of an exception, as
he was primarily an iron master and not a tool builder, so his
relationship to other tool builders is not so direct or clear. But the
connection between Bramah, Maudslay, Clement, Whitworth and
Nasmyth, is shown in the “genealogical” table in Fig. 5.
Bramah had a shop in London where, for many years, he
manufactured locks and built hydraulic machinery and woodworking
tools. Maudslay, probably the finest mechanician of his day, went to
work for Bramah when only eighteen years old and became his
foreman in less than a year. He left after a few years and started in
for himself, later taking Field into partnership, and Maudslay &
Field’s became one of the most famous shops in the world.
Sir Samuel Bentham, who was inspector general of the British
navy, began the design of a set of machines for manufacturing pulley
blocks at the Portsmouth navy yard. He soon met Marc Isambard
Brunel, a brilliant young Royalist officer, who had been driven out of
France during the Revolution, and had started working on block
machinery through a conversation held at Alexander Hamilton’s
dinner table while in America a few years before. Bentham saw the
superiority of Brunel’s plans, substituted them for his own, and
commissioned him to go ahead.
In his search for someone to build the machinery, Brunel was
referred to Maudslay, then just starting in for himself. Maudslay built
the machines, forty-four in all, and they were a brilliant success.
There has been considerable controversy as to whether Bentham or
Brunel designed them. While Maudslay’s skill appears in the
practical details, the general scheme was undoubtedly Brunel’s. In a
few of the machines Bentham’s designs seem to have been used,
but he was able enough and generous enough to set aside most of
his own designs for the better ones of Brunel.
Of the earlier tool builders, Maudslay was the greatest. He, more
than any other, developed the slide-rest and he laid the basis for the
lathe, planer and slotter. His powerful personality is brought out in
Nasmyth’s autobiography written many years later. Nasmyth was a
young boy, eager, with rare mechanical skill and one ambition, to go
to London and work for the great Mr. Maudslay. He tells of their
meeting, of the interest aroused in the older man, and of his being
taken into Maudslay’s personal office to work beside him. It is a
pleasing picture, the young man and the older one, two of the best
mechanics in all England, working side by side, equally proud of
each other.
Joseph Clement came to London and worked for Bramah as chief
draftsman and as superintendent of his works. After Bramah’s death
he went to Maudslay’s and later went into business for himself. He
was an exquisite draftsman, a fertile inventor, and had a very
important part in the development of the screw-cutting lathe and
planer. Joseph Whitworth, the most influential tool builder of the
nineteenth century, worked for Maudslay and for Clement and took
up their work at the point where they left off. Under his influence
machine tools were given a strength and precision which they had
never had before. Richard Roberts was another pupil of Maudslay’s
whose influence, though important, was not so great as that of the
others.
We have an excellent example of what this succession meant.
Nasmyth tells of the beautiful set of taps and dies which Maudslay
made for his own use, and that he standardized the screw-thread
practice of his own shop. Clement carried this further. He established
a definite number of threads per inch for each size, extended the
standardization of threads, and began the regular manufacture of
dies and taps. He fluted the taps by means of milling cutters and
made them with small shanks, so that they might drop through the
tapped hole. Whitworth, taking up Clement’s work, standardized the
screw threads for all England and brought order out of chaos.
Some account of the growth of machine tools in the hands of
these men will be given later. Enough has been said here to show
the cumulative effect of their experience, and its part in the industrial
advance of the first half of the nineteenth century. Similar
successions of American mechanics will be shown later.
Writing from the standpoint of fifty years ago, Smiles quotes Sir
William Fairbairn: “‘The mechanical operations of the present day
could not have been accomplished at any cost thirty years ago; and
what was then considered impossible is now performed with an
exactitude that never fails to accomplish the end in view.’ For this we
are mainly indebted to the almost creative power of modern machine
tools, and the facilities which they present for the production and
reproduction of other machines.”[11]
[11] Smiles: “Industrial Biography,” p. 399.
 CHAPTER II
WILKINSON AND BRAMAH
In the previous chapter it was stated that John Wilkinson, of
Bersham, made the steam engine commercially possible by first
boring Watt’s cylinders with the degree of accuracy necessary, and
that his boring machine was probably the first metal-cutting tool
capable of doing large work with anything like modern accuracy.
Although Wilkinson was not primarily a tool builder but an iron
master, this achievement alone is sufficient to make him interesting
to the tool builders of today.
He was born in 1728. His father made his financial start by
manufacturing a crimping iron for ironing the fancy ruffles of the day.
John Wilkinson first started a blast furnace at Belston and later
joined his father in an iron works the latter had built at Bersham, near
Chester. By developing a method of smelting and puddling iron with
coal instead of wood-charcoal, he obtained an immense commercial
advantage over his rivals and soon became a powerful factor in the
iron industry. Later, he built other works, notably one at Broseley,
near Coalbrookdale on the Severn.
One of the important branches of his work was the casting and
finishing of cannon. It was in connection with this that he invented
the boring machine referred to. He bored the first cylinder for Boulton
& Watt in 1775. Farey, in his “History of the Steam Engine,” says:
In the old method, the borer for cutting the metal was not guided in its
progress,[12] and therefore followed the incorrect form given to the cylinder in
casting it; it was scarcely insured that every part of the cylinder should be circular;
and there was no certainty that the cylinder would be straight. This method was
thought sufficient for old engines; but Mr. Watt’s engines required greater
precision.
[12] See Fig. 1.
 Mr. Wilkinson’s machine, which is now the common boring-machine, has a
straight central bar of great strength, which occupies the central axis of the
cylinder, during the operation of boring; and the borer, or cutting instrument, is
accurately fitted to slide along this bar, which, being made perfectly straight,
serves as a sort of ruler, to give a rectilinear direction to the borer in its progress,
so as to produce a cylinder equally straight in the length, and circular in the
circumference. This method insures all the accuracy the subject is capable of; for if
the cylinder is cast ever so crooked, the machine will bore it straight and true,
provided there is metal enough to form the required cylinder by cutting away the
superfluities.[13]
[13] Farey: “Treatise on the Steam Engine,” p. 326. 1827.

Wilkinson’s relations with Boulton & Watt became very intimate.

He showed his confidence in the new engine by ordering the first
one built at Soho to blow the bellows of his iron works at Broseley.
Great interest was felt in the success of this engine. Other iron
manufacturers suspended their building operations to see what the
engine could do and Watt himself superintended every detail of its
construction and erection. Before it was finished Boulton wrote to
Watt:
Pray tell Mr. Wilkinson to get a dozen cylinders cast and bored from 12 to 50
inches in diameter, and as many condensers of suitable sizes; the latter must be
sent here, as we will keep them ready fitted up, and then an engine can be turned
out of hand in two or three weeks. I have fixed my mind upon making from 12 to 15
reciprocating, and 50 rotative engines per annum.[14]
[14] Smiles: “Boulton & Watt,” p. 185. London, 1904.

This letter is interesting as showing Boulton’s clear grasp of the

principles of manufacturing. Later, when Boulton & Watt were hard
pressed financially, Wilkinson took a considerable share in their
business and when the rotative engine was developed he ordered
the first one. He consequently has the honor of being the purchaser
of the first reciprocating and the first rotary engine turned out by
Watt. Later, when Watt was educating his son to take up his work, he
sent him for a year to Wilkinson’s iron works at Bersham, to learn
their methods.
Fig. 7, taken from an old encyclopedia of manufacturing and
engineering, shows the boring machine used for boring Watt’s steam
cylinders.
 On two oaken stringers SS, frames FF were mounted which
carried a hollow boring bar A driven from the end. The cylinder to be
bored was clamped to saddles, as shown. The cutters were carried
on a head which rotated with the bar and was fed along it by means
of an internal feed-rod and rack. In the machine shown the feeding
was done by a weight and lever which actuated a pinion gearing with
the rack R, but later a positive feed, through a train of gears
operated by the main boring-bar, was used. Two roughing cuts and a
finishing cut were used, and the average feed is given as ¹⁄₁₆ inch
per revolution. While this machine may seem crude, a comparison
with Smeaton’s boring machine, Fig. 1, will show how great an
advance it was over the best which preceded it.
Wilkinson was a pioneer in many lines. He built and launched the
first iron vessel and in a letter dated July 14, 1787, says:
Yesterday week my iron boat was launched. It answers all my expectations, and
has convinced the unbelievers who were 999 in a thousand. It will be only a nine
days wonder, and then be like Columbus’s egg.[15]
[15] “Beiträge zur Geschichte der Technik und Industrie,” 3. Band. S.
227. Berlin, 1911.

In another letter written a little over a year later, he says:

There have been launched two Iron Vessels in my service since Sept. 1st: one is
a canal boat for this [i.e., Birmingham] navigation, the other a barge of 40 tons for
the River Severn. The last was floated on Monday and is, I expect, at Stourport
with a loading of bar iron. My clerk at Broseley advises me that she swims
remarkably light and exceeds my expectations.[16]
[16] Ibid., 3. Band. S. 227.

In 1788 William Symington built and ran a steam-operated boat on

Dalswinton Loch in Scotland, which was a small, light craft with two
hulls, made of tinned sheet-iron plates.[17] It has been erroneously
claimed that this was the first iron boat. It was at best the second.
Although of no commercial importance, it is of very great historical
interest as it antedated Fulton’s “Clermont” by many years.
[17] Autobiography of James Nasmyth, p. 30. London, 1883.
 Twenty-three years later, in 1810, Onions & Son of Broseley built
the next iron boats, also for use upon the Severn. Five years later
Mr. Jervons of Liverpool built a small iron boat for use on the Mersey.
In 1821 an iron vessel was built at the Horsley works in
Staffordshire, which sailed from London to Havre and went up the
Seine to Paris.[18] Iron vessels were built from time to time after that,
but it was fully twenty-five years before they came into general use.
[18] Smiles: “Men of Invention and Industry,” pp. 51-52. New York, 1885.
Figure 6. John Wilkinson
 Figure 7. Wilkinson’s Boring Machine

Used for Machining the Cylinders of Watt Engines

With Abraham Darby, 3d, Wilkinson has the honor of having built,
in 1779, the first iron bridge, which spanned the Severn at Broseley.
This bridge had a span of 100 feet 6 inches, and a clear height of 48
feet, and is standing today as good as ever.[19] He invented also the
method of making continuous lead pipe.
[19] Smiles: “Industrial Biography,” p. 119. Boston, 1864. Also, Beiträge,
etc., 3. Band. S. 226.

He was a man of great ability, strong and masterful. Boulton wrote

of him to Watt:
I can’t say but that I admire John Wilkinson for his decisive, clear, and distinct
character, which is, I think, a first-rate one of its kind.[20]
[20] Smiles: “Boulton & Watt,” p. 438. London, 1904.

There is a note of qualification in the last clause. With all his

admirable qualities Wilkinson was not always amiable and he was in
constant feud with the other members of his family. He became very
wealthy, but his large estate was dissipated in a famous lawsuit
between his heirs.
Forceful and able as Wilkinson was, another man, Joseph
Bramah, living in London about the same time, had a much more
direct influence on tool building. Bramah was a Yorkshire farmer’s
boy, born in 1748, and lame.[21] As he could not work on the farm he
learned the cabinet maker’s trade, went to London, and, in the
course of his work which took him into the well-to-do houses about
town, he made his first successful invention—the modern water-
closet. He patented it in 1778 and 1783, and it continues to this day
in substantially the same form. In 1784 he patented a lock, which
was an improvement on Barron’s, invented ten years before, and
was one of the most successful ever invented. For many years it had
the reputation of being absolutely unpickable. Confident of this,
Bramah placed a large padlock on a board in his shop window in
Piccadilly and posted beneath it the following notice:
“The artist who can make an instrument that will pick or open this lock shall
receive two hundred guineas the moment it is produced.”
[21] The best account of Bramah is given in Smiles’ “Industrial
Biography,” pp. 228-244. Boston, 1864.

Many tried to open it. In one attempt made in 1817, a clever

mechanic named Russell spent a week on it and gave it up in
despair. In 1851 Alfred C. Hobbs, an American, mastered it and won
the money. He was allowed a month in which to work and the
Committee of Referees in their report stated that he spent sixteen
days, and an actual working time of fifty-one hours, in doing it. This
gave Hobbs a great reputation, which he enhanced by picking every
other lock well known in England at that time, and then showing how
it was done.
This started up the liveliest kind of a controversy and gave
everyone a chance to write to the Times. They all began first picking,
then tearing each other’s locks. Headlines of “Love (Hobbs?) Laughs
at Locksmiths,” “Equivocator” and other like terms appeared.[22]
[22] Price: “Fire and Thief-proof Depositories, and Locks and Keys.”

It was finally recognized that any lock could be picked by a skillful

mechanic with a knowledge of locks, if he were given time enough.
The old Bramah lock, made, by the way, by Henry Maudslay himself,
did not fare so badly. Hobbs had unmolested access to it for days
with any tools he could bring or devise; and though he finally opened
it, a lock probably sixty years old which could stand such an assault
for fifty hours was secure for all ordinary purposes.[23]
[23] Anyone who is interested can find an account of the affair in Price’s
“Fire and Thief-proof Depositories, and Locks and Keys,” published in 1856,
and Mr. Hobbs has given his own personal account of it, explaining how the
work was done, in the Trans. of the A. S. M. E., Vol. VI, pp. 248-253.

When Bramah began manufacturing the locks he found almost

immediately that they called for a better quality of workmanship than
was available, with even the best manual skill about him. A series of
machine tools had to be devised if they were to be made in the
quantities and of the quality desired. He turned first to an old
German in Moodie’s shop who had the reputation of being the most
ingenious workman in London; but while he, with Bramah, saw the
need, he could not meet it. One of his shopmates, however,
suggested a young man at the Woolwich Arsenal named Henry
Maudslay, then only eighteen years old.
Bramah sent for him and Maudslay soon became his right-hand
man, and was made superintendent of the works at nineteen. The
work of these two men in developing the tools needed laid the
foundation for the standard metal-cutting tools of today. The most
important improvement was the slide-rest. Nasmyth later said that he
had seen the first one, made by Maudslay, running in Bramah’s shop
and that “in it were all those arrangements which are to be found in
the most modern slide-rest of our own day” (i.e., fifty years later).
Other parts of the metal-cutting lathe also began to take shape; it
has been said that parts of the lock were milled on a lathe with rotary
cutters, and that the beginnings of the planer were made. How much
of this work was Bramah’s and how much Maudslay’s it would be
hard to say. Bramah was a fertile, clever inventor; but Maudslay was
the better general mechanic, had a surer judgment and a greater
influence on subsequent tool design.
About this time Bramah invented the hydraulic press. As he first
built it, the ram was packed with a stuffing-box and gland. This
gripped the ram, retarded the return stroke, and gave him a lot of
trouble until Maudslay substituted the self-tightening cup-leather
packing for the stuffing-box, an improvement which made the device
a success.
 Bramah’s restless ingenuity was continually at work. He invented a
very successful beer-pump in 1797, the four-way cock, a quill
sharpener which was in general use until quills were superseded by
steel pens, and he dabbled with the steam engine. He was a bitter
opponent of Watt and testified against him in the famous suit of
Boulton & Watt against Hornblower. He maintained the superiority of
the old Newcomen engines and said that the principle of the
separate condenser was fallacious, that Watt had added nothing
new which was not worthless, and that his so-called improvements
were “monstrous stupidity.”
In 1802 Bramah obtained a patent for woodworking machinery
second only in importance to that granted Bentham in 1791. Like
Bentham, he aimed to replace manual labor “for producing straight,
smooth, and parallel surfaces on wood and other materials requiring
truth, in a manner much more expeditious and perfect than can be
performed by the use of axes, saws, planes, and other cutting
instruments used by hand in the ordinary way.” His tools were
carried in fixed frames and driven by machinery. In his planing
machine, one of which was running in the Woolwich Arsenal for fifty
years, the cutter-head, which carried twenty-eight tools, was
mounted on a vertical shaft and swept across the work in a
horizontal plane. He used this same method in planing the metal
parts for his locks, which corresponds, of course, to our modern
face-milling. He provided for cutting spherical and concave surfaces
and used his device for making wooden bowls.
In 1806 he devised an automatic machine which the Bank of
England used many years in numbering their banknotes, eliminating
error and saving the labor of many clerks.
Maudslay was in his employ from 1789 to 1797. He was getting as
superintendent 30s. ($7.50) a week. A growing family and “the high
cost of living” rendered this insufficient and he applied for more. He
was refused so curtly that he gave up his position and started in for
himself in a small workshop on Oxford Street in London. Later he
took Field in as partner under the firm name of Maudslay & Field.
In 1813 Bramah engaged another man who later had a great
influence, Joseph Clement. Clement soon became his chief
draftsman and superintendent. Salaries had gone up somewhat by