Abstract
The use of additive manufacturing in the critical infrastructure makes it an attractive target for cyber attacks. However, research on additive manufacturing threats has tended to focus on specific vulnerabilities and specific attacks against specific systems. The narrow scope hinders the understanding of the attack vectors that constitute the attack surfaces as well as the various targets and impacts of attacks. This results in vulnerabilities, potential attacks and countermeasures being overlooked during security analyses.
This research addresses the limitations by focusing on material extrusion, the most common additive manufacturing process. A material extrusion workflow (process chain) that comprehensively covers the design, slicing and printing phases is specified. Analysis of the workflow in conjunction with attack and defense frameworks yields attack-defense models for the three material extrusion phases. The attack-defense models, which specify the attack vectors, attack vector vulnerabilities and countermeasures, attack surfaces, system targets, target vulnerabilities and vulnerability countermeasures, and attacks and attack impacts, directly support risk identification, risk assessment and analysis, and risk mitigation and planning.
Three material extrusion printers ranging from hobbyist to industrial systems are used as case studies. Four attacks on the printers during the design, slicing and printing phases are described, including vulnerability identification, exploit development and countermeasures. The case studies demonstrate the effectiveness of attack-defense modeling and its ability to clarify and bolster the cyber security and risk management postures of material extrusion additive manufacturing environments.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
M. Al Faruque, S. Chhetri, A. Canedo and J. Wan, Acoustic side-channel attacks on additive manufacturing systems, Proceedings of the Seventh ACM/IEEE International Conference on Cyber-Physical Systems, 2016.
M. Al Faruque, S. Chhetri, S. Faezi and A. Canedo, Forensics of Thermal Side Channels in Additive Manufacturing Systems, CECS Technical Report #16-01, Center for Embedded and Cyber-Physical Systems, University of California, Irvine, Irvine, California, 2016.
S. Belikovetsky, M. Yampolskiy, J. Toh, J. Gatlin and Y. Elovici, dr0wned – Cyber-physical attack with additive manufacturing, presented at the Eleventh USENIX Workshop on Offensive Technologies, 2017.
M. Berger, The attack on a German synagogue highlights the threat posed by do-it-yourself guns, The Washington Post, October 11, 2019.
S. Bridges, K. Keiser, N. Sissom and S. Graves, Cyber security for additive manufacturing, Proceedings of the Tenth Annual Cyber and Information Security Research Conference, article no. 14, 2015.
A. Damani, The fundamentals and impact of Industry 4.0, Forbes, June 24, 2020.
Q. Do, B. Martini and K. Choo, A data exfiltration and remote exploitation attack on consumer 3D printers, IEEE Transactions on Information Forensics and Security, vol. 11(10), pp. 2174–2186, 2016.
A. Hojjati, A. Adhikari, K. Struckmann, E. Chou, T. Nguyen, K. Madan, M. Winslett, C. Gunter and W. King, Leave your phone at the door: Side channels that reveal factory floor secrets, Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 883–894, 2016.
Homeland Security Advisory Council, Final Report of the Emerging Technologies Subcommittee 3D-Printing, U.S. Department of Homeland Security, Washington, DC, 2020.
Hybrid Manufacturing Technologies, Seven Families of Additive Manufacturing (According to ASTM F2792 Standards), McKinney, Texas (www.additivemanufacturing.media/cdn/cms/7_families_print_version.pdf), 2021.
E. Kurkowski, A. Van Stockum, J. Dawson, C. Taylor, T. Schulz and S. Shenoi, Manipulation of G-code toolpath files in 3D printers: Attacks and mitigations, in Critical Infrastructure Protection XVI, J. Staggs and S. Shenoi (Eds.), Springer, Cham, Switzerland, pp. 155–174, 2022.
Manufactur3D Magazine, The seven types of additive manufacturing technologies, Thane, India (manufactur3dmag.com/7-types-additive-manufacturing-technologies), April 6, 2018.
T. McCue, Additive manufacturing industry grows to almost \(\$\)12 billion in 2019, Forbes, May 8, 2020.
MITRE Corporation, ATT &CK for Industrial Control Systems, Bedford, Massachusetts (collaborate.mitre.org/attackics/index.php/Main_Page), 2021.
MITRE Corporation, D3FEND: A Knowledge Graph of Cybersecurity Countermeasures, Bedford, Massachusetts (d3fend.mitre.org), 2021.
K. Molenaar, S. Anderson and C. Schexnayder, Guidebook on Risk Analysis Tools and Management Practices to Control Transportation Project Costs, NCHRP Report 658, The National Academies Press, Washington, DC, 2010.
S. Moore, P. Armstrong, T. McDonald and M. Yampolskiy, Vulnerability analysis of desktop 3D printer software, Proceedings of the 2016 Resilience Week, pp. 46–51, 2016.
S. Moore, W. Glisson and M. Yampolskiy, Implications of malicious 3D printer firmware, Proceedings of the Fiftieth Hawaii International Conference on System Sciences, 2017.
H. Pearce, K. Yanamandra, N. Gupta and R. Karri, FLAW3D: A Trojan-Based Cyber Attack on the Physical Outcomes of Additive Manufacturing, arXiv: 2104.09562 (arxiv.org/abs/2104.09562), 2021.
N. Shevchenko, B. Frye and C. Woody, Threat Modeling for Cyber-Physical System-of-Systems: Methods Evaluation, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania (resources.sei.cmu.edu/library/asset-view.cfm?assetid=526365), 2018.
C. Song, F. Ling, Z. Ba, K. Ren, C. Zhou and W. Xu, My smartphone knows what you print: Exploring smartphone-based side-channel attacks against 3D printers, Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 895–907, 2016.
L. Sturm, C. Williams, J. Camelio, J. White and R. Parker, Cyber-physical vulnerabilities in additive manufacturing systems: A case study attack on the .STL file with human subjects, Journal of Manufacturing Systems, vol. 44(1), pp. 154–164, 2017.
C. Xiao, Security attack on 3D printing, presented at the xFocus Security Conference (www.claudxiao.net/Attack3DPrinting-Claud-en.pdf), 2013.
M. Yampolskiy, W. King, J. Gatlin, S. Belikovetsky, A. Brown, A. Skejellum and Y. Elovici, Security of additive manufacturing: Attack taxonomy and survey, Additive Manufacturing, vol. 21, pp. 431–457, 2018.
S. Zeltmann, N. Gupta, N. Tsoutsos, M. Maniatakos, J. Rajendran and R. Karri, Manufacturing and security challenges in 3D printing, Journal of the Minerals, Metals and Materials Society, vol. 68(7), pp. 1872–1881, 2016.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 IFIP International Federation for Information Processing
About this paper
Cite this paper
Van Stockum, A. et al. (2022). ATTACK-DEFENSE MODELING OF MATERIAL EXTRUSION ADDITIVE MANUFACTURING SYSTEMS. In: Staggs, J., Shenoi, S. (eds) Critical Infrastructure Protection XVI. ICCIP 2022. IFIP Advances in Information and Communication Technology, vol 666. Springer, Cham. https://doi.org/10.1007/978-3-031-20137-0_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-20137-0_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-20136-3
Online ISBN: 978-3-031-20137-0
eBook Packages: Computer ScienceComputer Science (R0)