Mark Yampolskiy

Daniel Bradford Miller, Jacob Gatlin, William Bradley Glisson et al.

The continued adoption of Additive Manufacturing technologies is raising concerns in the security, forensics, and intelligence gathering communities. These concerns range from identifying and mitigating compromised devices, to theft of intellectual property, to sabotage, to the production of prohibited objects. Previous research has provided insight into the retrieval of configuration information maintained on the devices, but this work shows that the devices can additionally maintain information about the print process. Comparisons between before and after images taken from an AM device reveal details about the device's activities, including printed designs, menu interactions, and the print history. Patterns in the storage of that information also may be useful for reducing the amount of data that needs to be examined during an investigation. These results provide a foundation for future investigations regarding the tools and processes suitable for examining these devices.

Bikash Ranabhat, Joseph Clements, Jacob Gatlin et al.

Industry 4.0 envisions a fully automated manufacturing environment, in which computerized manufacturing equipment--Cyber-Physical Systems (CPS)--performs all tasks. These machines are open to a variety of cyber and cyber-physical attacks, including sabotage. In the manufacturing context, sabotage attacks aim to damage equipment or degrade a manufactured part's mechanical properties. In this paper, we focus on the latter, specifically for composite materials. Composite material parts are predominantly used in safety-critical systems, e.g., as load-bearing parts of aircraft. Further, we distinguish between the methods to compromise various manufacturing equipment, and the malicious manipulations that will sabotage a part. As the research literature has numerous examples of the former, in this paper we assume that the equipment is already compromised, our discussion is solely on manipulations. We develop a simulation approach to designing sabotage attacks against composite material parts. The attack can be optimized by two criteria, minimizing the "footprint" of manipulations. We simulate two optimal attacks against the design of a spar, a load bearing component of an airplane wing. Our simulation identifies the minimal manipulations needed to degrade its strength to three desired levels, as well as the resulting failure characteristics. Last but not least, we outline an approach to identifying sabotaged parts.

Samuel B. Moore, Jacob Gatlin, Sofia Belikovetsky et al.

Additive Manufacturing (AM), a.k.a. 3D Printing, is increasingly used to manufacture functional parts of safety-critical systems. AM's dependence on computerization raises the concern that the AM process can be tampered with, and a part's mechanical properties sabotaged. This can lead to the destruction of a system employing the sabotaged part, causing loss of life, financial damage, and reputation loss. To address this threat, we propose a novel approach for detecting sabotage attacks. Our approach is based on continuous monitoring of the current delivered to all actuators during the manufacturing process and detection of deviations from a provable benign process. The proposed approach has numerous advantages: (i) it is non-invasive in a time-critical process, (ii) it can be retrofitted in legacy systems, and (iii) it is airgapped from the computerized components of the AM process, preventing simultaneous compromise. Evaluation on a desktop 3D Printer detects all attacks involving a modification of X or Y motor movement, with false positives at 0%.

Sofia Belikovetsky, Yosef Solewicz, Mark Yampolskiy et al.

Additive Manufacturing (AM, or 3D printing) is a novel manufacturing technology that is being adopted in industrial and consumer settings. However, the reliance of this technology on computerization has raised various security concerns. In this paper we address sabotage via tampering with the 3D printing process. We present an object verification system using side-channel emanations: sound generated by onboard stepper motors. The contributions of this paper are following. We present two algorithms: one which generates a master audio fingerprint for the unmodified printing process, and one which computes the similarity between other print recordings and the master audio fingerprint. We then evaluate the deviation due to tampering, focusing on the detection of minimal tampering primitives. By detecting the deviation at the time of its occurrence, we can stop the printing process for compromised objects, thus save time and prevent material waste. We discuss impacts on the method by aspects like background noise, or different audio recorder positions. We further outline our vision with use cases incorporating our approach.

Sofia Belikovetsky, Mark Yampolskiy, Jinghui Toh et al.

Additive manufacturing (AM), or 3D printing, is an emerging manufacturing technology that is expected to have far-reaching socioeconomic, environmental, and geopolitical implications. As use of this technology increases, it will become more common to produce functional parts, including components for safety-critical systems. AM's dependence on computerization raises the concern that the manufactured part's quality can be compromised by sabotage. This paper demonstrates the validity of this concern, as we present the very first full chain of attack involving AM, beginning with a cyber attack aimed at compromising a benign AM component, continuing with malicious modification of a manufactured object's blueprint, leading to the sabotage of the manufactured functional part, and resulting in the physical destruction of a cyber-physical system that employs this part. The contributions of this paper are as follows. We propose a systematic approach to identify opportunities for an attack involving AM that enables an adversary to achieve his/her goals. Then we propose a methodology to assess the level of difficulty of an attack, thus enabling differentiation between possible attack chains. Finally, to demonstrate the experimental proof for the entire attack chain, we sabotage the 3D printed propeller of a quadcopter UAV, causing the quadcopter to literally fall from the sky.

Mark Yampolskiy, Todd R. Andel, J. Todd McDonald et al.

Additive Layer Manufacturing (ALM), also broadly known as 3D printing, is a new technology to produce 3D objects. As an opposite approach to the conventional subtractive manufacturing process, 3D objects are created by adding thin material layers over layers. Until recently, they have been used, mainly, for plastic models. However, the technology has evolved making it possible to use high-quality printing with metal alloys. Agencies and companies like NASA, ESA, Boeing, Airbus, etc. are investigating various ALM technology application areas. Recently, SpaceX used additive manufacturing to produce engine chambers for the newest Dragon spacecraft. BAE System plans to print on-demand a complete Unmanned Aerial Vehicle (UAV), depending on the operational requirements. Companies expect the implementation of ALM technology will bring a broad variety of technological and economic benefits. This includes, but not limited to, the reduction of the time needed to produce complex parts, reduction of wasted material and thus control of production costs along with minimization of part storage space as companies implement just-in-time and on-demand production solutions. The broad variety of application areas and a high grade of computerization of the manufacturing process will inevitably make ALM an attractive target for various attacks.