How Secure is Additive Manufacturing?
Published by : Industrial Automation
AM has the same attack vectors as any other cyber physical system and also has unique challenges, says Sreeja Gadhiraju.
Additive Manufacturing (AM), or 3D printing, is one of the most developing sectors with an expected growth rate of 26%-32% globally by the end of this decade. Like every other field, with an increase in the use of the technology, there exists an increase in security risk. With AM being considered as democratisation of creation, how safe is the complete process? What are the chances of getting the desired product, which was designed as digital modal? Or rather what are the chances of getting a sabotaged product?
Components in AM workflow
Additive Manufacturing instrumentation is not particularly owned by any original equipment manufacturer. There are multiple processes which use a wide range of machines, which are owned by different OEMs. In most of the cases, the OEMs have their own software packages which must be used by the developer. On the other hand, there are multiple open-source software packages which are generally used for desktop printers, mostly for the individual use of the users at small scale. Just like any other machinery, AM machines also have multiple electrical and mechanical components, which needs maintenance. Along with the software and hardware there are other inputs in additive manufacturing workflow, such as power supply and material supply.
The illustration shows the AM workflow and gives an idea how it can be attacked easily.
Additive manufacturing is not just a simple process of design modal to finished component but has multiple operations from the creation of the modal till the production. As the number of steps increases, so is the risk of sabotage.
It is clearly understandable from the AM workflow that apart from the designer and machine operator there could be many others who could get access to the machine very easily.
What could be an attack in AM?
A variety of elements can be used to compromise one or more elements of the AM workflow. From the design phase till the production phase, one could attack and take control over the process. Depending on the compromised element in the workflow, the complications arise. From the manipulation of the file till changing the machine parameters, every small manipulation leads to an unexpected end product.
In 2018, a team of researchers from Lawrence Livermore National Lab (LLNL), Livermore, CA (United States) have worked on attacking a desktop printer which is used to print propellers for a quadcopter UAV. They have successfully manipulated the design files and still managed to pass the quality check of the component, which was done by visual inspection but managed to cause damage to the drone. For causing this the researchers assume that the attacker/adversary needs average hacking skills but moderate to advance AM skills. The research has been published and quoted as ‘Security of additive manufacturing: Attack taxonomy and survey’.
After the above mentioned research, many researchers across the globe started working on the security in AM processes. Based on the results of those researches, once a 3D printer has been attacked, it could lead to multiple unexpected outcomes which are summed up below:
Object specification modification
Object’s specification describes the object’s geometry, orientation, and ultimately its material; the latter is just relevant for multi-material AM equipment. It ought to be noted that the object specification will have numerous representations, based on the ‘location’ within the AM workflow. It's normally related to the STL or AMF files, both of which are CAD formats, but it can also be depicted within a toolpath file or as a series of individual G-code commands, etc.
It is obvious that the object’s geometry and material impact its mechanical properties. Changing exterior shape will have an effect on a part’s integrability in a system and eventually detected by visual review. Several researchers have proposed the utilisation of internal defects as a method of sabotage. This kind of attack can eventually have an effect on the part’s weight and weight distribution – thus the properties that may impact the performance of the system employing such a part.
In material science, it is very well known that the anisotropy of 3D-printed parts is fundamental in several AM processes. In simple words, part orientation on the build plate is one of the most important features in 3D printing. Based on this property, researchers have proposed changing the built direction as a means of sabotaging a manufactured part’s mechanical properties.
Manufacturing process manipulation
Unlike the traditional subtractive manufacturing, AM not only defines the manufactured object’s geometry by subtractive methods, but also ‘creates’ its material. Various parameters of AM manufacturing processes influence the microstructure of the created material, thus defining its physical properties. For metals and alloys, a qualitative analysis of manufacturing parameters manipulations that can be used to sabotage a part’s quality. The parameters which could be potential objects of malicious manipulations could be heat source energy, layer thickness and scanning strategies, etc. In the case of fused deposition modelling (FDM), an AM technology that is popular with desktop 3D printers, parameters like nozzle temperature, print bed temperature, filament extrusion speed, the distance between the extruder and the printed object, etc., can be manipulated. All these can eventually have an impact on the strength of bonding between layers, thus impacting the part’s mechanical properties.
The researchers named the factors which could lead to a sabotaged part as attack vectors. The attack vectors could be any of the following depending on the adversary who would like to attack the system and cause unexpected manipulations.
1. Software attacks: The compromising of the software that is used in the controller PC/laptop which could be Code Injection to AM files or through a open source backdoor.
2. Hardware/Firmware attacks: Gaining the control over the firmware thus by controlling the complete printing process.
3. Network attacks: The machines connected to the same network being attacked by gaining access to just one of the machines in the network.
History of attacks in AM
As of today, there are no attacks which have particularly targeted the field of additive manufacturing and there are no examples quoted about the same. However, all these researchers have proved that it is possible to attack and manipulate an additive manufacturing workflow. As additive manufacturing is still in infancy, so is the risk. According to Gartner, AM will reach ‘the plateau of productivity’ in the next 5 to 10 years. As the technology continues to grow, so will be the applications. AM parts are already being incorporated in security-sensitive and safety-critical products. With a high level computerisation involved, AM is definitely considered to be a target because of its widespread applications. AM has the same attack vectors as any other cyber physical system and also has unique challenges.
AM security awareness is as important as the AM process knowledge. The system owner as an individual or entrepreneur must be aware that there is viable risk involved and must engage in risk assessments and should be able to determine the security measures which have to be implemented.
While it is true that AM can definitely change the future by being a democratisation of creation, it is each creator’s responsibility to take care of their own creation by saving them from being corrupted. Isn’t it?
Sreeja Gadhiraju is a young engineer pursuing Masters in Mechatronics in Germany. A former team lead in Amazon, for Sreeja the craving to know and study latest technologies is an addiction. Presently studying Robotics, Modelling and Simulation, Cyber Physical Systems, etc., she has fallen in love with additive manufacturing. “There is so much to know, there are so many things which can do using this amazing technology. I want to finish my masters and proceed further towards PhD in Additive Manufacturing,” says Sreeja.