Cyber-physical vulnerabilities in additive manufacturing systems: A case study attack on the .STL file with human subjects
Introduction
Cyber-physical systems (CPS) are systems that integrate physical hardware with software systems, often with the use of a network. With the growth of the Internet of Things (IoT) the number of CPS systems on networks continues to increase [1]. Concurrently, cyber-attacks have become more prevalent in recent years, increasing in maliciousness and decreasing in visibility [1], [2], [3]. This poses a significant issue, as cyber-attacks on cyber-physical systems could result in damage to the machines themselves or the humans who interact with them.
A prominent example of a cyber-physical attack was the Stuxnet worm that targeted Iranian centrifuges used for refining uranium. In this attack the worm was able to infect the software system and affect the physical hardware, causing damage to the centrifuges. By sending false data back to the operators, Stuxnet was able to make it appear as though the centrifuges were operating correctly, while it caused them to damage themselves. The ability of Stuxnet both to cause damage to physical systems and to hide itself illustrates the ability of a cyber-physical attack to disrupt manufacturing systems and the need for physical methods of detection [4].
Another example of a cyber-physical attack is the hijacking of insulin pumps. In this case a hacker is able to connect to a Bluetooth enabled insulin pump to control the dose of insulin given to the wearer. By increasing or decreasing the dosage of insulin, it is possible to cause serious injury or even death in the user. The currently security system for these pumps is insufficient to prevent a cyber-physical attack that could have potentially lethal consequences [5].
The previously mentioned examples demonstrate the ability for cyber-attacks to cross over into the physical world. Attacks on CPS are even more alarming when considering the ever-increasing amount of networked devices that are being connected to machines in the manufacturing world. A cyber-attack on these machines could cause injury to plant workers and damage to the machine itself. This has already been demonstrated at a German foundry wherein a cyberattack on a blast furnace’s control systems prevented a safe shut down and resulted in “massive damage” [6], [7]. Perhaps even more insidiously, an attack could be designed to cause a process to produce faulty parts that might find their way into end-user products[8]. For example, an attack could be designed to affect the production of a jet turbine part such that it would pass inspection but fail during operation and cause significant damage.
With the rise in both the number of CPS connected to networks and in malicious cyber-attacks, there is a clear need for research to understand the vulnerabilities of cyber-physical systems. Recent work on the current status of cyber-physical systems has identified security as a major issue [9]. Additionally, there is a need to identify the skills that are necessary to effectively operate a cyber-physical manufacturing environment [10], which the authors believe includes skills pertaining to the identification and prevention of attacks on manufacturing systems.
As such, the authors have investigated cyber-physical vulnerabilities in manufacturing systems. The authors have demonstrated such attacks on subtractive manufacturing, and have found that they can have a demonstrable effect on the part being produced [11], [12]. In the previous work the authors demonstrated a toolpath attack by manually modifying and replacing machining toolpath (e.g., GCODE). This work was limited to modifying the external geometry of a part in a way that affected the part strength, but was detectable using common inspection techniques.
In this paper, the authors scope their research solely on Additive Manufacturing (AM, commonly referred to as “3D Printing”) systems. The process chain of these networked machines has unique vulnerabilities that warrant a detailed investigation. Specifically, due to (i) their layer-wise fabrication approach and (ii) the processes’ impact on parts’ final material properties due to process-induced transformation of raw material to finished good (as opposed to subtractive machining, where the material properties are defined by the feed stock), there are several cyber-physical vulnerabilities that are unique to AM. For example, voids can be placed inside of a part and the material properties of internal layers can be changed without affecting the exterior layers, which makes detection with traditional part inspection techniques difficult (as discussed in Section 3). Because of the potential damage from a cyber-physical attack, there is a need to investigate AM systems to determine what vulnerabilities exist and how to prevent and mitigate the threat of cyber-attacks. Recently, there has been increasing interest in evaluating these threats to AM systems, with the effects of toolpath modifications and embedded defects being simulated and evaluated through physical testing [13]. The key differences between additive and subtractive manufacturing are the features that make AM unique: (i) its layerwise approach to fabrication, which provides opportunity to place defects internally, and (ii) its transformation of raw material in the process, which allows for altering material properties of the final product by changing the print parameters.
An overview of the cyber-physical attack vulnerabilities of the AM process chain is presented in Section 2. A case study of an AM cyber-physical attack, in which the .STL file structure is altered, is presented in Section 3. The resulting effectiveness of this attack is reported in Section 4 via part testing and experimentation with human subjects. Finally, in Section 5, the results of the attack are analyzed to identify ways of preventing and mitigating future attacks.
Section snippets
Cyber-vulnerabilities in the additive manufacturing process
To be able to prevent a cyber-attack, one must first understand the vulnerabilities and weaknesses of the system. To do this, it is necessary to follow a cyber-attack through the process chain, from conception to simulated deployment. In this section, the AM process chain is examined for potential vulnerabilities to cyber-attacks. Previous work by Bridges [14] has given a high level process view by highlighted points in the process chain where the theft or corruption of a design could occur;
Case study: cyber-physical attack on AM systems via altering .STL files
To gain a better understanding of existing vulnerabilities, to determine if these vulnerabilities are significant, to understand the circumstances that allow attacks to occur, and to develop better methods for preventing cyber-physical attacks from occurring in the future, the authors explored the effects of a cyber-physical attack on AM systems. Specifically, following the discussion of cyber-physical vulnerabilities along the AM process chain (Section 2), the authors decided to explore the
Effects of .STL void attack
To ascertain the potential impact of this specific attack, the authors sought to answer two research questions: (i) Can an automatically inserted void affect part strength enough to cause a failure?, and (ii) Can a void attack be detected by operators? These questions were answered via two experiments: first, the authors evaluated the effect of a “printed void” on the mechanical strength of a printed specimen; second, the authors evaluated the ability of AM operators to notice the attack via a
Discussion and recommendations
The results of this study show that more work is needed to protect AM systems against cyber-physical attacks. While the focus of this work was on the vulnerabilities of the universal AM file format, it is not done to suggest that we should move to a more closed, proprietary format. Not only would such an effort eliminate the primary reason behind the recent, widespread proliferation of desktop-scale AM systems within the hobbyist/maker community, it would also fail to address the root of the
Closure
With the increasing number of manufacturing systems connected to networks, more work needs to be done to ensure the safety of these systems. Additive manufacturing systems in particular have unique vulnerabilities presented by the ability to affect the internal layers without affecting the exterior. An overview of the AM process chain (Section 2) showed that the .STL file was a vulnerable attack vector due to its universality and ease of editing. Further investigation into the .STL file
Acknowledgements
This work was supported by the National Science Foundation Grant #1446804: “CPS: Synergy: Collaborative Research: Cyber-Physical Approaches to Advanced Manufacturing Security.” Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.
Portions of this work (graduate student funding) were also provided via Virginia Tech.
Logan Sturm is a PhD student in Mechanical Engineering at Virginia Tech. His research is focused on cyber-physical security for additive manufacturing systems. His research involves identifying vulnerabilities in the AM process chain and working to develop solutions to the problems that are unique to AM. He has also done work related to embedded devices in AM systems and co-led a group that won the America Makes Innovation Sprint for Smart Structures.
References (23)
- et al.
Current status and advancement of cyber-physical systems in manufacturing
J Manuf Syst
(2015) - et al.
Competences for cyber-physical systems in manufacturing—first findings and scenarios
Procedia CIRP
(2014) Are your IT professionals prepared for the challenges to come?
Comput Fraud Secur
(2014)- et al.
Side-Channels of Cyber-Physical Systems: Case Study in Additive Manufacturing
IEEE Des Test
(2017) - et al.
Feedback control of Layerwise Laser Melting using optical sensors
Phys Procedia
(2010) The Internet of Things: How the Next Evolution of the Internet is Changing Everything
CISCO White Pap
(2011)- et al.
Malware Risks and Mitigation Report
BITS Financ Serv Roundtable
(2011) Prospective Analysis on Trends in Cybercrime from 2011 to 2020
Natl Gendarm
(2011)- Falliere N, Murchu LO, Chien E. W32. Stuxnet Dossier 2011,...
- et al.
Hijacking an insulin pump: security attacks and defenses for a diabetes therapy system. e-Health Netw. Appl. Serv. (Healthcom)
2011 13th IEEE Int. Conf.
(2011)
Cited by (162)
MitM attacks on intellectual property and integrity of additive manufacturing systems: A security analysis
2024, Computers and SecurityEnsuring additive manufacturing quality and cyber–physical security via side-channel measurements and transmissions
2024, Journal of Manufacturing SystemsLightweight Geometric Compression Encoding for Additive Manufacturing
2023, CAD Computer Aided DesignStereo vision enabled flexible in-situ process authentication of additive manufacturing
2023, Manufacturing LettersUnderstanding blockchain applications in Industry 4.0: From information technology to manufacturing and operations management
2023, Journal of Industrial Information Integration
Logan Sturm is a PhD student in Mechanical Engineering at Virginia Tech. His research is focused on cyber-physical security for additive manufacturing systems. His research involves identifying vulnerabilities in the AM process chain and working to develop solutions to the problems that are unique to AM. He has also done work related to embedded devices in AM systems and co-led a group that won the America Makes Innovation Sprint for Smart Structures.
Christopher Williams is an Associate Professor and the Electro-Mechanical Corporation Senior Faculty Fellow in the Department of Mechanical Engineering at Virginia Tech. He currently holds the W. S. Pete White Chair for Innovation in Engineering Education. He is the Director of the Design, Research, and Education for Additive Manufacturing Systems Laboratory (DREAMS Lab), and the Associate Director of Virginia Tech’s Macromolecules & Interfaces Institute. He holds affiliate faculty appointments in the Department of Engineering Education and the Department of Material Science & Engineering.
Dr. Jaime Camelio is the Rolls-Royce Commonwealth professor for advanced manufacturing, the previous graduate program director and assistant department head of the Grado department of industrial and systems engineering at Virginia Tech. He leads the Virginia Tech Cyber-Physical Systems Security Manufacturing Group, which is looking to improve the resiliency of the critical infrastructure of the United States, specifically the manufacturing related segments. The group has three main focus areas; vulnerability assessment of the manufacturing enterprise, improving in-process monitoring in manufacturing systems, and augmenting current quality control tools in manufacturing, to detect unwanted changes in part or production.
Dr. Jules White is an Assistant Professor of Computer Science in the Dept. of Electrical Engineering and Computer Science at Vanderbilt University. His research focuses on securing, optimizing, and leveraging data from mobile cyber-physical systems. His mobile cyber-physical systems research spans four key focus areas: (1) mobile security and data collection, (2) high-precision mobile augmented reality, (3) mobile device and supporting cloud infrastructure power and configuration optimization, and (4) applications of mobile cyber-physical systems in multi-disciplinary domains, including energy-optimized cloud computing, smart grid systems, healthcare/manufacturing security, next-generation construction technologies, and citizen science.
Robert Parker is an independent consultant who has worked with the Virginia Tech Applied Research Corporation. His focus is on research program development and management as well as technical consulting. Current areas of interest include mobile security, cyber-physical systems security, trusted electronics, and more generally, embedded computing. He has previously worked as a deputy director at the Information Sciences Institute.