research-article

MitM attacks on intellectual property and integrity of additive manufacturing systems: : A security analysis

Authors:

Hamza Alkofahi,

Anthony SkjellumAuthors Info & Claims

Volume 140, Issue C

https://doi.org/10.1016/j.cose.2024.103810

Published: 09 July 2024 Publication History

Abstract

Additive Manufacturing (AM) was originally invented to reduce the cost of the prototyping process. Over time, the technology evolved to be faster, more accurate, and affordable. These factors, in addition to the potential use of AM in parts production, have helped rapidly drive the growth of AM in both industrial and personal uses. Thus, there is an accompanying demand to understand the cybersecurity implications of such systems. In our research, we present an in-depth security review of Stratasys Dimension Elite and show how manufacturers of such high-end 3D printers failed to protect the confidentiality and integrity of the printed 3D models. Revealing the intricate dimensions of cyber threats within the realm of AM and laying the foundation for understanding the multifaceted nature of attacks, offering insights into vulnerabilities and potential consequences. Moreover, we demonstrate the massive impact network attacks can have on 3D printers' communication channels. Our sniffing attack stole transmitted models with a minimal overhead of 0.015 seconds to evade detection. The developed replacement attack targeted and replaced specific models with offline-prepared models. Also, we automated a sabotaging attack to alter the interior model structure on the fly with minimal visual but significant strength differences. By revealing these attacks, this research not only improves the security posture of 3D printers but also enhances the understanding of security challenges in additive manufacturing as a whole.

References

[1]

M. Ahsan, M.H. Rais, I. Ahmed, SOK: side channel monitoring for additive manufacturing-bridging cybersecurity and quality assurance communities, in: 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P), IEEE, 2023, pp. 1160–1178.

[2]

Airbus (2016): Innovative 3d printing solutions are taking shape within airbus. https://www.airbus.com/en/newsroom/news/2016-04-innovative-3d-printing-solutions-are-taking-shape-within-airbus.

[3]

A.M. Alnajim, S. Habib, M. Islam, S.M. Thwin, F. Alotaibi, A comprehensive survey of cybersecurity threats, attacks, and effective countermeasures in Industrial Internet of Things, Technologies 11 (6) (2023) 161.

[4]

Batra, Rohitab (2016): API monitor. http://www.rohitab.com/apimonitor.

[5]

J. Brandman, L. Sturm, J. White, C. Williams, A physical hash for preventing and detecting cyber-physical attacks in additive manufacturing systems, J. Manuf. Syst. 56 (2020) 202–212.

[6]

F. Chen, Y. Luo, N.G. Tsoutsos, M. Maniatakos, K. Shahin, N. Gupta, Embedding tracking codes in additive manufactured parts for product authentication, Adv. Eng. Mater. 21 (4) (2019).

[7]

Q. Do, B. Martini, K.-K.R. Choo, A data exfiltration and remote exploitation attack on consumer 3d printers, IEEE Trans. Inf. Forensics Secur. 11 (10) (2016) 2174–2186.

[8]

A. Forés-Garriga, M.A. Pérez, G. Gómez-Gras, G. Reyes-Pozo, Role of infill parameters on the mechanical performance and weight reduction of PEI Ultem processed by FFF, Mater. Des. 193 (2020).

[9]

J.-Y. Lee, J. An, C.K. Chua, Fundamentals and applications of 3d printing for novel materials, Appl. Mater. Today 7 (2017) 120–133.

[10]

Loff, Sarah (2014): International space station's 3-d printer. https://www.nasa.gov/content/international-space-station-s-3-d-printer.

[11]

B. Macq, P.R. Alface, M. Montanola, Applicability of watermarking for intellectual property rights protection in a 3d printing scenario, in: Proceedings of the 20th International Conference on 3D Web Technology, 2015, pp. 89–95.

[12]

P. Mahesh, A. Tiwari, C. Jin, P.R. Kumar, A.N. Reddy, S.T. Bukkapatanam, N. Gupta, R. Karri, A survey of cybersecurity of digital manufacturing, Proc. IEEE 109 (4) (2020) 495–516.

[13]

M. McCormack, S. Chandrasekaran, G. Liu, T. Yu, S.D. Wolf, V. Sekar, Security analysis of networked 3d printers, in: 2020 IEEE Security and Privacy Workshops (SPW), IEEE, 2020, pp. 118–125.

[14]

Microsoft Corporation (2021): Process monitor. https://docs.microsoft.com/sysinternals/downloads/procmon.

[15]

P.K. Mishra, P. Senthil, S. Adarsh, M. Anoop, An investigation to study the combined effect of different infill pattern and infill density on the impact strength of 3d printed polylactic acid parts, Compos. Commun. 24 (2021).

[16]

S.B. Moore, W.B. Glisson, M. Yampolskiy, Implications of malicious 3d printer firmware, in: Proceedings of the 50th Hawaii International Conference on System Sciences, 2017, pp. 6089–6098.

[17]

S. Nasiri, M.R. Khosravani, Applications of data-driven approaches in prediction of fatigue and fracture, Mater. Today Commun. 33 (2022).

[18]

Norsk Titanium (2017): Norsk Titanium delivers first FAA-certified additive manufactured Ti64 structural aviation components. https://www.norsktitanium.com/media/press/norsk-titanium-delivers-first-faa-certified-additive-manufactured-ti64-structural-aviation-components.

[19]

Y. Pan, J. White, D. Schmidt, A. Elhabashy, L. Sturm, J. Camelio, C. Williams, Taxonomies for reasoning about cyber-physical attacks in IoT-based manufacturing systems, Int. J. Interact. Multimed. Artif. Intell. (2017).

[20]

H. Pearce, K. Yanamandra, N. Gupta, R. Karri, FLAW3D: a Trojan-based cyber attack on the physical outcomes of additive manufacturing, IEEE/ASME Trans. Mechatron. 27 (6) (2022) 5361–5370.

[21]

M.H. Rais, Y. Li, I. Ahmed, Dynamic-thermal and localized filament-kinetic attacks on fused filament fabrication based 3d printing process, Addit. Manuf. 46 (2021).

[22]

M.H. Rais, M. Ahsan, V. Sharma, R. Barua, R. Prins, I. Ahmed, Low-magnitude infill structure manipulation attacks on fused filament fabrication 3d printers, in: International Conference on Critical Infrastructure Protection, Springer, 2022, pp. 205–232.

[23]

B. Ranabhat, J. Clements, J. Gatlin, K.-T. Hsiao, M. Yampolskiy, Optimal sabotage attack on composite material parts, Int. J. Crit. Infrastruct. Prot. 26 (2019).

[24]

Reichinger, Andreas (2012): Inside the Stratasys dimension catalyst CMB file format. https://azttm.wordpress.com/2012/09/22/inside-the-stratasys-dimension-catalyst-cmb-file-format/.

[25]

M. Rismalia, S. Hidajat, I. Permana, B. Hadisujoto, M. Muslimin, F. Triawan, Infill pattern and density effects on the tensile properties of 3d printed PLA material, J. Phys., Conf. Ser. 1402 (2019) 044041. IOP Publishing.

[26]

L. Roscoe, et al., Stereolithography interface specification, America-3D Systems Inc 27 (2020) (1988) 10.

[27]

M. Rott, S.A.S. Monroy, Power-based intrusion detection for additive manufacturing: a deep learning approach, in: Industrial IoT Technologies and Applications: 4th EAI International Conference, Industrial IoT 2020, Virtual Event, December 11, 2020, Proceedings 4, Springer, 2021, pp. 171–189.

[28]

Song, Dug (2003): Dsniff. https://www.monkey.org/~dugsong/dsniff/.

[29]

J. Straub, 3d Printing Cybersecurity: Detecting and Preventing Attacks That Seek to Weaken a Printed Object by Changing Fill Level, Dimensional Optical Metrology and Inspection for Practical Applications VI, vol. 10220, SPIE, 2017, pp. 90–104.

[30]

L.D. Sturm, C.B. Williams, J.A. Camelio, J. White, R. Parker, Cyber-physical vulnerabilities in additive manufacturing systems: a case study attack on the. STL file with human subjects, J. Manuf. Syst. 44 (2017) 154–164.

[31]

M.Q. Tanveer, A. Haleem, M. Suhaib, Effect of variable infill density on mechanical behaviour of 3-d printed PLA specimen: an experimental investigation, SN Appl. Sci. 1 (12) (2019) 1–12.

[32]

The Wireshark Development Team (2019): Wireshark. https://www.wireshark.org.

[33]

Wall, Mike (2019): Made in space launches 3d printer, plastic recycler to space station. https://www.space.com/made-in-space-3d-printer-recycler-launch.html.

[34]

M. Wu, Z. Song, Y.B. Moon, Detecting cyber-physical attacks in cybermanufacturing systems with machine learning methods, J. Intell. Manuf. 30 (2019) 1111–1123.

[35]

M. Yampolskiy, T.R. Andel, J.T. McDonald, W.B. Glisson, A. Yasinsac, Intellectual property protection in additive layer manufacturing: requirements for secure outsourcing, in: Proceedings of the 4th Program Protection and Reverse Engineering Workshop, 2014, pp. 1–9.

[36]

M. Yampolskiy, A. Skjellum, M. Kretzschmar, R.A. Overfelt, K.R. Sloan, A. Yasinsac, Using 3d printers as weapons, Int. J. Crit. Infrastruct. Prot. 14 (2016) 58–71.

[37]

S.-Y. Yu, A.V. Malawade, S.R. Chhetri, M.A. Al Faruque, Sabotage attack detection for additive manufacturing systems, IEEE Access 8 (2020) 27218–27231.

[38]

S.E. Zeltmann, N. Gupta, N.G. Tsoutsos, M. Maniatakos, J. Rajendran, R. Karri, Manufacturing and security challenges in 3d printing, JOM 68 (7) (2016) 1872–1881.

Recommendations

Intel Software Guard Extensions: Introduction and Open Research Challenges
SPRO '16: Proceedings of the 2016 ACM Workshop on Software PROtection

Hardware-enhanced security is an important pillar of secure systems in general and software protection in particular. This presentation will survey the recently announced Intel Software Guard Extensions (Intel SGX) as well as innovative usages for ...
Security and Integrity Analysis Using Indicators
CYBERSECURITY '12: Proceedings of the 2012 International Conference on Cyber Security

Computer systems today are under constant attack by adversaries that are looking for opportunistic ways to gain access and exfiltrate data, cause disruption or chaos, or leverage the computer for their own use. Whatever the motives are, these attacks ...
MARC: A Novel Framework for Detecting MITM Attacks in eHealthcare BLE Systems
Abstract
Real-time and ubiquitous patient monitoring demands the use of wireless data acquisition through resource constrained medical sensors, mostly configured with No-input No-output (NiNo) capabilities. Bluetooth is one of the most popular and widely ...

Comments

Information & Contributors

Information

Published In

cover image Computers and Security

Computers and Security Volume 140, Issue C

May 2024

963 pages

Issue’s Table of Contents

Elsevier Ltd.

Publisher

Elsevier Advanced Technology Publications

United Kingdom

Publication History

Published: 09 July 2024

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 15 Oct 2024

Other Metrics

View Author Metrics

Citations

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents