EVALUATION OF ADDITIVE AND SUBTRACTIVE MANUFACTURING FROM THE SECURITY PERSPECTIVE
Additive manufacturing involves a new class of cyber-physical systems that manufacture 3D objects incrementally by depositing and fusing together thin layers of source material. In 2015, the global additive manufacturing industry had $5.165 billion in revenue, with 32.5% of all manufactured objects used as functional parts. Because of their reliance on computerization, additive manufacturing devices (or 3D printers) are susceptible to a broad range of attacks. The rapid adoption of additive manufacturing in aerospace, automotive and other industries makes it an attractive attack target and a critical asset to be protected.
This chapter compares emerging additive manufacturing and traditional subtractive manufacturing from the security perspective. While the discussion compares the two manufacturing technologies, the emphasis is on additive manufacturing due to its expected dominance as the manufacturing technology of the future. The chapter outlines the additive and subtractive manufacturing workflows, proposes a framework for analyzing attacks on or using additive manufacturing systems and presents the major threat categories. In order to compare the two manufacturing paradigms from the security perspective, the differences between the two workflows are identified and the attack analysis framework is applied to demonstrate how the differences translate into threats. The analysis reveals that, while there is significant overlap with regard to security, fundamental differences in the two manufacturing paradigms require a separate investigation of additive manufacturing security.
KeywordsAdditive manufacturing subtractive manufacturing attack framework
Unable to display preview. Download preview PDF.
- 1.3MF Consortium, 3D Manufacturing Format, Core Specification and Reference Guide, Version 1.1, Wakefield, Massachusetts (3mf.io/wp-content/uploads/2016/03/3MFcoreSpec_1.1.pdf), 2015.
- 2.M. Al Faruque, S. Chhetri, A. Canedo and J. Wan, Acoustic side-channel attacks on additive manufacturing systems, Proceedings of the Seventh International Conference on Cyber-Physical Systems, article 19, 2016.Google Scholar
- 3.M. Al Faruque, S. Chhetri, S. Faezi and A. Canedo, Forensics of Thermal Side-Channels in Additive Manufacturing Systems, CECS Technical Report #16–01, Center for Embedded and Cyber-Physical Systems, University of California, Irvine, Irvine, California, 2016.Google Scholar
- 4.American Society for Testing and Materials, ISO/ASTM52915-16: Standard Specification for Additive Manufacturing File Format (AMF), Version 1.2, West Conshohocken, Pennsylvania, 2016.Google Scholar
- 5.H. Atkinson and S. Davies, Fundamental aspects of hot isostatic pressing: An overview, Metallurgical and Materials Transactions A, vol. 31(12), pp. 2981–3000, 2000.Google Scholar
- 6.S. Belikovetsky, M. Yampolskiy, J. Toh, J. Gatlin and Y. Elovici, dr0wned – Cyber-physical attack with additive manufacturing, Proceedings of the Eleventh USENIX Workshop on Offensive Technologies, 2017.Google Scholar
- 7.N. Bilton, The rise of 3-D printed guns, The New York Times, August 13, 2014.Google Scholar
- 8.J. Blackman, The 1st Amendment, 2nd Amendment and 3D printed guns, Tennessee Law Review, vol. 81(3), pp. 479–538, 2014.Google Scholar
- 9.A. Brown, M. Yampolskiy, J. Gatlin and T. Andel, Legal aspects of protecting intellectual property in additive manufacturing, in Critical Infrastructure Protection X, M. Rice and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 63–79, 2016.Google Scholar
- 10.A. Cardenas, S. Amin and S. Sastry, Secure control: Towards survivable cyber-physical systems, Proceedings of the Twenty–Eighth International Conference on Distributed Computing Systems Workshops, pp. 495–500, 2008.Google Scholar
- 11.K. Chan, M. Koike, R. Mason and T. Okabe, Fatigue life of titanium alloys fabricated by additive layer manufacturing techniques for dental implants, Metallurgical and Materials Transactions A, vol. 44(2), pp. 1010–1022, 2013.Google Scholar
- 12.S. Chhetri, A. Canedo and M. Al Faruque, KCAD: Kinetic cyber-attack detection method for cyber-physical additive manufacturing systems, Proceedings of the IEEE/ACM International Conference on Computer-Aided Design, 2016.Google Scholar
- 13.Q. Do, B. Martini and K. Choo, A data exfiltration and remote exploitation attack on consumer 3D printers, IEEE Transactions on Information Forensics and Security, vol. 11(10), pp. 2174–2186, 2016.Google Scholar
- 14.Electronic Industries Association, ANSI/EIA RS-274-D-1980: Interchangeable Variable Block Data Format for Positioning, Contouring and Contouring/Positioning Numerically Controlled Machines, Washington, DC, 1980.Google Scholar
- 15.N. Falliere, L. O’Murchu and E. Chien, W32.Stuxnet Dossier, Version 1.4, Symantec, Mountain View, California, 2011.Google Scholar
- 16.W. Frazier, Metal additive manufacturing: A review, Journal of Materials Engineering and Performance, vol. 23(6), pp. 1917–1928, 2014.Google Scholar
- 17.D. Helbing, Globally networked risks and how to respond, Nature, vol. 497(7447), pp. 51–59, 2013.Google Scholar
- 18.J. Hiller and H. Lipson, STL 2.0: A proposal for a universal multi-material additive manufacturing file format, Proceedings of the Solid Freeform Fabrication Symposium, pp. 266–278, 2009.Google Scholar
- 19.A. Hojjati, A. Adhikari, K. Struckmann, E. Chou, T. Nguyen, K. Madan, M. Winslett, C. Gunter and W. King, Leave your phone at the door: Side channels that reveal factory floor secrets, Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 883–894, 2016.Google Scholar
- 20.T. Holbrook and L. Osborn, Digital patent infringement in an era of 3D printing, University of California Davis Law Review, vol. 48(4), pp. 1319–1385, 2015.Google Scholar
- 21.Inside Metal Additive Manufacturing, The Role of (Super) Powders in SLM (www.insidemetaladditivemanufacturing.com/blog/the-role-of-super-powders-in-slm), April 10, 2014.
- 22.J. Johnson, Print, lock and load: 3-D printers, creation of guns and the potential threat to Fourth Amendment rights, Journal of Law, Technology and Policy, vol. 2013(2), pp. 337–361, 2013.Google Scholar
- 23.M. Krotofil, A. Cardenas, J. Larsen and D. Gollmann, Vulnerabilities of cyber-physical systems to stale data – Determining the optimal time to launch attacks, International Journal of Critical Infrastructure Protection, vol. 7(4), pp. 213–232, 2014.Google Scholar
- 24.E. Lee, Cyber physical systems: Design challenges, Proceedings of the Eleventh IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, pp. 363–369, 2008.Google Scholar
- 25.H. Lipson, AMF tutorial: The basics (Part 1), 3D Printing and Additive Manufacturing, vol. 1(2), pp. 85–87, 2014.Google Scholar
- 26.B. Macq, P. Alface and M. Montanola, Applicability of watermarking for intellectual property rights protection in a 3D printing scenario, Proceedings of the Twentieth International Conference on 3D Web Technology, pp. 89–95, 2015.Google Scholar
- 27.K. McMullen, Worlds collide when 3D printers reach the public: Modeling a digital gun control law after the Digital Millennium Copyright Act, Michigan State Law Review, vol. 2044(1), pp. 187–225, 2014.Google Scholar
- 28.S. Moore, P. Armstrong, T. McDonald and M. Yampolskiy, Vulnerability analysis of desktop 3D printer software, Proceedings of the 2016 Resilience Week, pp. 46–51, 2016.Google Scholar
- 29.S. Moore, W. Glisson and M. Yampolskiy, Implications of malicious 3D printer firmware, Proceedings of the Fiftieth Hawaii International Conference on System Sciences, pp. 6089–6098, 2017.Google Scholar
- 30.A. Muller and S. Karevska, How Will 3D Printing Make Your Company the Strongest Link in the Value Chain? EY’s Global 3D Printing Report 2016, Ernst & Young, Mannheim, Germany, 2016.Google Scholar
- 31.G. Pope, STPA for additive manufacturing, presented at the Systems Theoretic Accident Model and Processes Workshop, 2016.Google Scholar
- 32.S. Rinaldi, J. Peerenboom and T. Kelly, Identifying, understanding and analyzing critical infrastructure interdependencies, IEEE Control Systems, vol. 21(6), pp. 11–25, 2001.Google Scholar
- 33.C. Song, F. Lin, Z. Ba, K. Ren, C. Zhou and W. Xu, My smartphone knows what you print: Exploring smartphone-based side-channel attacks against 3D printers, Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 895–907, 2016.Google Scholar
- 34.A. Sternstein, Things can go kaboom when a defense contractor’s 3-D printer gets hacked, Nextgov, September 11, 2014.Google Scholar
- 35.L. Sturm, C. Williams, J. Camelio, J. White and R. Parker, Cyber-physical vulnerabilities in additive manufacturing systems, Proceedings of the Twenty-Fifth International Solid Freeform Fabrication Symposium, pp. 951–963, 2014.Google Scholar
- 36.M. Swearingen, S. Brunasso, J. Weiss and D. Huber, What you need to know (and don’t) about the Aurora vulnerability, POWER Magazine, September 1, 2013.Google Scholar
- 37.D. Tirone and J. Gilley, 3D printing: A new threat to gun control and security policy? The Conversation (theconversation.com/3d-printing-a-new-threat-to-gun-control-and-security-policy-61416), July 19, 2016.
- 38.J. Tran, The law and 3D printing, John Marshall Journal of Information Technology and Privacy Law, vol. 31(4), pp. 505–520, 2015.Google Scholar
- 39.H. Turner, J. White, J. Camelio, C. Williams, B. Amos and R. Parker, Bad parts: Are our manufacturing systems at risk of silent cyberattacks? IEEE Security and Privacy, vol. 13(3), pp. 40–47, 2015.Google Scholar
- 40.U.S. Department of Homeland Security, Critical Infrastructure Sectors, Washington, DC (www.dhs.gov/critical-infrastructure-sectors), 2017.
- 41.Wohlers Associates, Wohlers Report 2016, Fort Collins, Colorado, 2016.Google Scholar
- 42.C. Xiao, Security attack on 3D printing, presented at the xFocus Information Security Conference, 2013.Google Scholar
- 43.Z. Xu and Q. Zhu, Cross-layer secure cyber-physical control system design for networked 3D printers, Proceedings of the American Control Conference, pp. 1191–1196, 2016.Google Scholar
- 44.M. Yampolskiy, T. Andel, J. McDonald, W. Glisson and A. Yasinsac, Intellectual property protection in additive layer manufacturing: Requirements for secure outsourcing, Proceedings of the Fourth Program Protection and Reverse Engineering Workshop, article 7, 2014.Google Scholar
- 45.M. Yampolskiy, T. Andel, J. McDonald, W. Glisson and A. Yasinsac, Towards security of additive layer manufacturing, presented at the Thirtieth Annual Computer Security Applications Conference, 2014.Google Scholar
- 46.M. Yampolskiy, P. Horvath, X. Koutsoukos, Y. Xue and J. Sztipanovits, Taxonomy for descriptions of cross-domain attacks on CPSs, Proceedings of the Second ACM International Conference on High Confidence Networked Systems, pp. 135–142, 2013.Google Scholar
- 47.M. Yampolskiy, P. Horvath, X. Koutsoukos, Y. Xue and J. Sztipanovits, A language for describing attacks on cyber-physical systems, International Journal of Critical Infrastructure Protection, vol. 8, pp. 40–52, 2015.Google Scholar
- 48.M. Yampolskiy, L. Schutzle, U. Vaidya and A. Yasinsac, Security challenges of additive manufacturing with metals and alloys, in Critical Infrastructure Protection IX, M. Rice and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 169–183, 2015.Google Scholar
- 49.M. Yampolskiy, A. Skjellum, M. Kretzschmar, R. Overfelt, K. Sloan and A. Yasinsac, Using 3D printers as weapons, International Journal of Critical Infrastructure Protection, vol. 14, pp. 58–71, 2016.Google Scholar
- 50.S. Zeltmann, N. Gupta, N. Tsoutsos, M. Maniatakos, J. Rajendran and R. Karri, Manufacturing and security challenges in 3D printing, Journal of the Minerals, Metals and Materials Society, vol. 68(7), pp. 1872–1881, 2016.Google Scholar