Abstract
Additive manufacturing or 3D printing is commonly used to create mission-critical parts in the critical infrastructure. This research focuses on threats that target the key slicing step of additive manufacturing, when design files that model part geometry are converted to G-code toolpath files that convey instructions for printing parts layer by layer. The research leverages a hitherto unknown slicing software vulnerability where G-code corresponding to part slices is stored as plaintext ASCII characters in heap memory during execution. The vulnerability was discovered in two open-source, full-featured slicing software suites that support many 3D printers.
Experiments with a toolkit developed to target slicing software in real time demonstrate that the attacks are surreptitious and fine-grained. Two attacks, temperature modification and infill exclusion, performed against G-code generated for fused filament fabrication printers demonstrate the ability to sabotage printed parts as well as print environments. Although the vulnerability can be mitigated using strong authentication and access controls along with G-code obfuscation, the ability to automate surreptitious, fine-grained attacks that degrade printed parts in ways that are imperceptible to the human eye and undetectible by nondestructive testing methods is a serious concern.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
3MF Consortium, 3MF Specification, San Francisco, California (3mf.io/specification), 2020.
S. Belikovetsky, M. Yampolskiy, J. Toh, J. Gatlin and Y. Elovici, dr0wned – Cyber-physical attack with additive manufacturing, presented at the Eleventh USENIX Workshop on Offensive Technologies, 2017.
I. Birrell, 3D-printed prosthetic limbs: The next revolution in medicine, The Guardian, February 19, 2017.
J. Burke, 3D printing off to the races, Oak Ridge National Laboratory Blog, Oak Ridge National Laboratory, Oak Ridge, Tennessee (www.ornl.gov/blog/3d-printing-races), April 26, 2019.
J. Ellis, 3D-printed nuclear reactor promises faster, more economical path to nuclear energy, Oak Ridge National Laboratory News, Oak Ridge National Laboratory, Oak Ridge, Tennessee (www.ornl.gov/news/3d-printed-nuclear-reactor-promises-faster-more-economical-path-nuclear-energy), May 11, 2020.
S. Ford, Additive manufacturing technology: Potential implications for U.S. manufacturing competitiveness, Journal of International Commerce and Economics, vol. 6(1), pp. 40–74, 2014.
Inspector General, U.S. Department of Defense, Audit of the Cybersecurity of Department of Defense Additive Manufacturing Systems, Washington, DC (media.defense.gov/2021/Jul/07/2002757308/-1/-1/1/DODIG-2021-098.PDF), 2021.
J. Keller, The navy can now 3D-print submarines on the fly for SEALs, Task and Purpose (taskandpurpose.com/gear-tech/navy-3d-printing-submarines), July 31, 2017.
T. Kramer, F. Proctor and E. Messina, The NIST RS274NGC Interpreter – Version 3, NIST Interagency/Internal Report 6556, National Institute of Standards and Technology, Gaithersburg, Maryland, 2000.
Library of Congress, STL (Stereolithography) File Format Family, Washington, DC (www.loc.gov/preservation/digital/formats/fdd/fdd000504.shtml), September 9, 2019.
T. McCue, Additive manufacturing industry grows to almost \$12 billion in 2019, Forbes, May 8, 2020.
R. Miller, Response time in man-computer conversational transactions, Proceedings of the AFIPS Fall Joint Computer Conference, Part I, pp. 267–277, 1968.
S. Moore, P. Armstrong, T. McDonald and M. Yampolskiy, Vulnerability analysis of desktop 3D printer software, Proceedings of the 2016 Resilience Week, pp. 46–51, 2016.
S. Moore, W. Glisson and M. Yampolskiy, Implications of malicious 3D printer firmware, Proceedings of the Fiftieth Hawaii International Conference on System Sciences, 2017.
H. Pearce, K. Yanamandra, N. Gupta and R. Karri, FLAW3D: A Trojan-Based Cyber Attack on the Physical Outcomes of Additive Manufacturing, arXiv: 2104.09562 (arxiv.org/abs/2104.09562), 2021.
B. Post, B. Richardson, P. Lloyd, L. Love, S. Nolet and J. Hannan, Additive Manufacturing of Wind Turbine Molds, Document ORNL/TM-2017/290, Oak Ridge National Laboratory, Oak Ridge, Tennessee, 2017.
M. Rais, Y. Li and I. Ahmed, Dynamic thermal and localized filament kinetic attacks on a fused-filament-fabrication-based 3D printing process, Additive Manufacturing, vol. 46, article no. 102200, 2021.
L. Sturm, C. Williams, J. Camelio, J. White and R. Parker, Cyber-physical vulnerabilities in additive manufacturing systems: A case study attack on the .STL file with human subjects, Journal of Manufacturing Systems, vol. 44(1), pp. 154–164, 2017.
C. Xiao, Security attack on 3D printing, presented at the xFocus Security Conference (www.claudxiao.net/Attack3DPrinting-Claud-en.pdf), 2013.
M. Yampolskiy, W. King, J. Gatlin, S. Belikovetsky, A. Brown, A. Skejellum and Y. Elovici, Security of additive manufacturing: Attack taxonomy and survey, Additive Manufacturing, vol. 21, pp. 431–457, 2018.
S. Zeltmann, N. Gupta, N. Tsoutsos, M. Maniatakos, J. Rajendran and R. Karri, Manufacturing and security challenges in 3D printing, Journal of the Minerals, Metals and Materials Society, vol. 68(7), pp. 1872–1881, 2016.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 IFIP International Federation for Information Processing
About this paper
Cite this paper
Kurkowski, E., Van Stockum, A., Dawson, J., Taylor, C., Schulz, T., Shenoi, S. (2022). MANIPULATION OF G-CODE TOOLPATH FILES IN 3D PRINTERS: ATTACKS AND MITIGATIONS. In: Staggs, J., Shenoi, S. (eds) Critical Infrastructure Protection XVI. ICCIP 2022. IFIP Advances in Information and Communication Technology, vol 666. Springer, Cham. https://doi.org/10.1007/978-3-031-20137-0_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-20137-0_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-20136-3
Online ISBN: 978-3-031-20137-0
eBook Packages: Computer ScienceComputer Science (R0)