Advertisement

EVALUATION OF ADDITIVE AND SUBTRACTIVE MANUFACTURING FROM THE SECURITY PERSPECTIVE

  • Mark Yampolskiy
  • Wayne King
  • Gregory Pope
  • Sofia Belikovetsky
  • Yuval Elovici
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 512)

Abstract

Additive manufacturing involves a new class of cyber-physical systems that manufacture 3D objects incrementally by depositing and fusing together thin layers of source material. In 2015, the global additive manufacturing industry had $5.165 billion in revenue, with 32.5% of all manufactured objects used as functional parts. Because of their reliance on computerization, additive manufacturing devices (or 3D printers) are susceptible to a broad range of attacks. The rapid adoption of additive manufacturing in aerospace, automotive and other industries makes it an attractive attack target and a critical asset to be protected.

This chapter compares emerging additive manufacturing and traditional subtractive manufacturing from the security perspective. While the discussion compares the two manufacturing technologies, the emphasis is on additive manufacturing due to its expected dominance as the manufacturing technology of the future. The chapter outlines the additive and subtractive manufacturing workflows, proposes a framework for analyzing attacks on or using additive manufacturing systems and presents the major threat categories. In order to compare the two manufacturing paradigms from the security perspective, the differences between the two workflows are identified and the attack analysis framework is applied to demonstrate how the differences translate into threats. The analysis reveals that, while there is significant overlap with regard to security, fundamental differences in the two manufacturing paradigms require a separate investigation of additive manufacturing security.

Keywords

Additive manufacturing subtractive manufacturing attack framework 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    3MF Consortium, 3D Manufacturing Format, Core Specification and Reference Guide, Version 1.1, Wakefield, Massachusetts (3mf.io/wp-content/uploads/2016/03/3MFcoreSpec_1.1.pdf), 2015.
  2. 2.
    M. Al Faruque, S. Chhetri, A. Canedo and J. Wan, Acoustic side-channel attacks on additive manufacturing systems, Proceedings of the Seventh International Conference on Cyber-Physical Systems, article 19, 2016.Google Scholar
  3. 3.
    M. Al Faruque, S. Chhetri, S. Faezi and A. Canedo, Forensics of Thermal Side-Channels in Additive Manufacturing Systems, CECS Technical Report #16–01, Center for Embedded and Cyber-Physical Systems, University of California, Irvine, Irvine, California, 2016.Google Scholar
  4. 4.
    American Society for Testing and Materials, ISO/ASTM52915-16: Standard Specification for Additive Manufacturing File Format (AMF), Version 1.2, West Conshohocken, Pennsylvania, 2016.Google Scholar
  5. 5.
    H. Atkinson and S. Davies, Fundamental aspects of hot isostatic pressing: An overview, Metallurgical and Materials Transactions A, vol. 31(12), pp. 2981–3000, 2000.Google Scholar
  6. 6.
    S. Belikovetsky, M. Yampolskiy, J. Toh, J. Gatlin and Y. Elovici, dr0wned – Cyber-physical attack with additive manufacturing, Proceedings of the Eleventh USENIX Workshop on Offensive Technologies, 2017.Google Scholar
  7. 7.
    N. Bilton, The rise of 3-D printed guns, The New York Times, August 13, 2014.Google Scholar
  8. 8.
    J. Blackman, The 1st Amendment, 2nd Amendment and 3D printed guns, Tennessee Law Review, vol. 81(3), pp. 479–538, 2014.Google Scholar
  9. 9.
    A. Brown, M. Yampolskiy, J. Gatlin and T. Andel, Legal aspects of protecting intellectual property in additive manufacturing, in Critical Infrastructure Protection X, M. Rice and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 63–79, 2016.Google Scholar
  10. 10.
    A. Cardenas, S. Amin and S. Sastry, Secure control: Towards survivable cyber-physical systems, Proceedings of the Twenty–Eighth International Conference on Distributed Computing Systems Workshops, pp. 495–500, 2008.Google Scholar
  11. 11.
    K. Chan, M. Koike, R. Mason and T. Okabe, Fatigue life of titanium alloys fabricated by additive layer manufacturing techniques for dental implants, Metallurgical and Materials Transactions A, vol. 44(2), pp. 1010–1022, 2013.Google Scholar
  12. 12.
    S. Chhetri, A. Canedo and M. Al Faruque, KCAD: Kinetic cyber-attack detection method for cyber-physical additive manufacturing systems, Proceedings of the IEEE/ACM International Conference on Computer-Aided Design, 2016.Google Scholar
  13. 13.
    Q. Do, B. Martini and K. Choo, A data exfiltration and remote exploitation attack on consumer 3D printers, IEEE Transactions on Information Forensics and Security, vol. 11(10), pp. 2174–2186, 2016.Google Scholar
  14. 14.
    Electronic Industries Association, ANSI/EIA RS-274-D-1980: Interchangeable Variable Block Data Format for Positioning, Contouring and Contouring/Positioning Numerically Controlled Machines, Washington, DC, 1980.Google Scholar
  15. 15.
    N. Falliere, L. O’Murchu and E. Chien, W32.Stuxnet Dossier, Version 1.4, Symantec, Mountain View, California, 2011.Google Scholar
  16. 16.
    W. Frazier, Metal additive manufacturing: A review, Journal of Materials Engineering and Performance, vol. 23(6), pp. 1917–1928, 2014.Google Scholar
  17. 17.
    D. Helbing, Globally networked risks and how to respond, Nature, vol. 497(7447), pp. 51–59, 2013.Google Scholar
  18. 18.
    J. Hiller and H. Lipson, STL 2.0: A proposal for a universal multi-material additive manufacturing file format, Proceedings of the Solid Freeform Fabrication Symposium, pp. 266–278, 2009.Google Scholar
  19. 19.
    A. Hojjati, A. Adhikari, K. Struckmann, E. Chou, T. Nguyen, K. Madan, M. Winslett, C. Gunter and W. King, Leave your phone at the door: Side channels that reveal factory floor secrets, Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 883–894, 2016.Google Scholar
  20. 20.
    T. Holbrook and L. Osborn, Digital patent infringement in an era of 3D printing, University of California Davis Law Review, vol. 48(4), pp. 1319–1385, 2015.Google Scholar
  21. 21.
    Inside Metal Additive Manufacturing, The Role of (Super) Powders in SLM (www.insidemetaladditivemanufacturing.com/blog/the-role-of-super-powders-in-slm), April 10, 2014.
  22. 22.
    J. Johnson, Print, lock and load: 3-D printers, creation of guns and the potential threat to Fourth Amendment rights, Journal of Law, Technology and Policy, vol. 2013(2), pp. 337–361, 2013.Google Scholar
  23. 23.
    M. Krotofil, A. Cardenas, J. Larsen and D. Gollmann, Vulnerabilities of cyber-physical systems to stale data – Determining the optimal time to launch attacks, International Journal of Critical Infrastructure Protection, vol. 7(4), pp. 213–232, 2014.Google Scholar
  24. 24.
    E. Lee, Cyber physical systems: Design challenges, Proceedings of the Eleventh IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, pp. 363–369, 2008.Google Scholar
  25. 25.
    H. Lipson, AMF tutorial: The basics (Part 1), 3D Printing and Additive Manufacturing, vol. 1(2), pp. 85–87, 2014.Google Scholar
  26. 26.
    B. Macq, P. Alface and M. Montanola, Applicability of watermarking for intellectual property rights protection in a 3D printing scenario, Proceedings of the Twentieth International Conference on 3D Web Technology, pp. 89–95, 2015.Google Scholar
  27. 27.
    K. McMullen, Worlds collide when 3D printers reach the public: Modeling a digital gun control law after the Digital Millennium Copyright Act, Michigan State Law Review, vol. 2044(1), pp. 187–225, 2014.Google Scholar
  28. 28.
    S. Moore, P. Armstrong, T. McDonald and M. Yampolskiy, Vulnerability analysis of desktop 3D printer software, Proceedings of the 2016 Resilience Week, pp. 46–51, 2016.Google Scholar
  29. 29.
    S. Moore, W. Glisson and M. Yampolskiy, Implications of malicious 3D printer firmware, Proceedings of the Fiftieth Hawaii International Conference on System Sciences, pp. 6089–6098, 2017.Google Scholar
  30. 30.
    A. Muller and S. Karevska, How Will 3D Printing Make Your Company the Strongest Link in the Value Chain? EY’s Global 3D Printing Report 2016, Ernst & Young, Mannheim, Germany, 2016.Google Scholar
  31. 31.
    G. Pope, STPA for additive manufacturing, presented at the Systems Theoretic Accident Model and Processes Workshop, 2016.Google Scholar
  32. 32.
    S. Rinaldi, J. Peerenboom and T. Kelly, Identifying, understanding and analyzing critical infrastructure interdependencies, IEEE Control Systems, vol. 21(6), pp. 11–25, 2001.Google Scholar
  33. 33.
    C. Song, F. Lin, Z. Ba, K. Ren, C. Zhou and W. Xu, My smartphone knows what you print: Exploring smartphone-based side-channel attacks against 3D printers, Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 895–907, 2016.Google Scholar
  34. 34.
    A. Sternstein, Things can go kaboom when a defense contractor’s 3-D printer gets hacked, Nextgov, September 11, 2014.Google Scholar
  35. 35.
    L. Sturm, C. Williams, J. Camelio, J. White and R. Parker, Cyber-physical vulnerabilities in additive manufacturing systems, Proceedings of the Twenty-Fifth International Solid Freeform Fabrication Symposium, pp. 951–963, 2014.Google Scholar
  36. 36.
    M. Swearingen, S. Brunasso, J. Weiss and D. Huber, What you need to know (and don’t) about the Aurora vulnerability, POWER Magazine, September 1, 2013.Google Scholar
  37. 37.
    D. Tirone and J. Gilley, 3D printing: A new threat to gun control and security policy? The Conversation (theconversation.com/3d-printing-a-new-threat-to-gun-control-and-security-policy-61416), July 19, 2016.
  38. 38.
    J. Tran, The law and 3D printing, John Marshall Journal of Information Technology and Privacy Law, vol. 31(4), pp. 505–520, 2015.Google Scholar
  39. 39.
    H. Turner, J. White, J. Camelio, C. Williams, B. Amos and R. Parker, Bad parts: Are our manufacturing systems at risk of silent cyberattacks? IEEE Security and Privacy, vol. 13(3), pp. 40–47, 2015.Google Scholar
  40. 40.
    U.S. Department of Homeland Security, Critical Infrastructure Sectors, Washington, DC (www.dhs.gov/critical-infrastructure-sectors), 2017.
  41. 41.
    Wohlers Associates, Wohlers Report 2016, Fort Collins, Colorado, 2016.Google Scholar
  42. 42.
    C. Xiao, Security attack on 3D printing, presented at the xFocus Information Security Conference, 2013.Google Scholar
  43. 43.
    Z. Xu and Q. Zhu, Cross-layer secure cyber-physical control system design for networked 3D printers, Proceedings of the American Control Conference, pp. 1191–1196, 2016.Google Scholar
  44. 44.
    M. Yampolskiy, T. Andel, J. McDonald, W. Glisson and A. Yasinsac, Intellectual property protection in additive layer manufacturing: Requirements for secure outsourcing, Proceedings of the Fourth Program Protection and Reverse Engineering Workshop, article 7, 2014.Google Scholar
  45. 45.
    M. Yampolskiy, T. Andel, J. McDonald, W. Glisson and A. Yasinsac, Towards security of additive layer manufacturing, presented at the Thirtieth Annual Computer Security Applications Conference, 2014.Google Scholar
  46. 46.
    M. Yampolskiy, P. Horvath, X. Koutsoukos, Y. Xue and J. Sztipanovits, Taxonomy for descriptions of cross-domain attacks on CPSs, Proceedings of the Second ACM International Conference on High Confidence Networked Systems, pp. 135–142, 2013.Google Scholar
  47. 47.
    M. Yampolskiy, P. Horvath, X. Koutsoukos, Y. Xue and J. Sztipanovits, A language for describing attacks on cyber-physical systems, International Journal of Critical Infrastructure Protection, vol. 8, pp. 40–52, 2015.Google Scholar
  48. 48.
    M. Yampolskiy, L. Schutzle, U. Vaidya and A. Yasinsac, Security challenges of additive manufacturing with metals and alloys, in Critical Infrastructure Protection IX, M. Rice and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 169–183, 2015.Google Scholar
  49. 49.
    M. Yampolskiy, A. Skjellum, M. Kretzschmar, R. Overfelt, K. Sloan and A. Yasinsac, Using 3D printers as weapons, International Journal of Critical Infrastructure Protection, vol. 14, pp. 58–71, 2016.Google Scholar
  50. 50.
    S. Zeltmann, N. Gupta, N. Tsoutsos, M. Maniatakos, J. Rajendran and R. Karri, Manufacturing and security challenges in 3D printing, Journal of the Minerals, Metals and Materials Society, vol. 68(7), pp. 1872–1881, 2016.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2017

Authors and Affiliations

  • Mark Yampolskiy
    • 1
  • Wayne King
    • 1
  • Gregory Pope
    • 1
  • Sofia Belikovetsky
    • 1
  • Yuval Elovici
    • 1
  1. 1.University of South AlabamaMobileUSA

Personalised recommendations