Using 3D printers as weapons

Additive manufacturing, also known as 3D printing, is a transformative manufacturing technology that will play a significant role in the critical manufacturing sector. Industrial-grade 3D printers are increasingly used to produce functional parts for important systems. However, due to their reliance on computerization, 3D printers are susceptible to a broad range of attacks. More importantly, compromising a 3D printer is not a goal, but rather a staging point for launching subsequent attacks with the printer. For example, an adversary can compromise a 3D printer in order to manipulate the mechanical properties of manufactured parts. If the manufactured parts are used in jet engines or in other safety-critical systems, they could endanger human life, disrupt critical infrastructure assets and produce significant economic and societal impacts.This paper analyzes the ability of an adversary to "weaponize" compromised additive manufacturing equipment in order to cause kinetic, nuclear/biological/chemical or cyber damage. In particular, the paper presents categories (taxonomies) of the elements in an additive manufacturing workflow that can be compromised by successful attacks, the manipulations that the compromised elements can exercise and the weapon-like effects resulting from these manipulations. The relationships between these taxonomies are discussed. Finally, the weaponization capabilities of 3D printers are characterized.

[1]  Douglas S. Thomas,et al.  Economics of the U.S. Additive Manufacturing Industry , 2013 .

[2]  Scott D. Lathrop,et al.  Wireless security threat taxonomy , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..

[3]  Yuan Xue,et al.  Taxonomy for description of cross-domain attacks on CPS , 2013, HiCoNS '13.

[4]  Hovav Shacham,et al.  Return-Oriented Programming: Systems, Languages, and Applications , 2012, TSEC.

[5]  Martin Moser,et al.  Information Technology Security Threats to Modern e-Enabled Aircraft: A Cautionary Note , 2014, J. Aerosp. Inf. Syst..

[6]  Douglas S. Thomas,et al.  Costs and Cost Effectiveness of Additive Manufacturing , 2014 .

[7]  P. Wright,et al.  Anisotropic material properties of fused deposition modeling ABS , 2002 .

[8]  Huy Vu,et al.  SecureCPS: Defending a nanosatellite cyber-physical system , 2014, Defense + Security Symposium.

[9]  Dieter Gollmann,et al.  Vulnerabilities of cyber-physical systems to stale data - Determining the optimal time to launch attacks , 2014, Int. J. Crit. Infrastructure Prot..

[10]  S. Kelly,et al.  Microstructural evolution in laser-deposited multilayer Ti-6Al-4V builds: Part II. Thermal modeling , 2004 .

[11]  William E. Frazier,et al.  Metal Additive Manufacturing: A Review , 2014, Journal of Materials Engineering and Performance.

[12]  Kelley L. Dempsey,et al.  Risk Management for Replication Devices , 2015 .

[13]  Eleonora Atzeni,et al.  From Powders to Dense Metal Parts: Characterization of a Commercial AlSiMg Alloy Processed through Direct Metal Laser Sintering , 2013, Materials.

[14]  Adrian Bowyer,et al.  The intellectual property implications of low-cost 3D printing , 2010 .

[15]  G. Manimaran,et al.  Internet infrastructure security: a taxonomy , 2002, IEEE Netw..

[16]  David W. Rosen,et al.  Additive Manufacturing Technologies: Rapid Prototyping to Direct Digital Manufacturing , 2009 .

[17]  Yuan Xue,et al.  Systematic analysis of cyber-attacks on CPS-evaluating applicability of DFD-based approach , 2012, 2012 5th International Symposium on Resilient Control Systems.

[18]  S. Shankar Sastry,et al.  A Taxonomy of Cyber Attacks on SCADA Systems , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.

[19]  Hod Lipson,et al.  Freeform Fabrication of Electroactive Polymer Actuators and Electromechanical Devices , 2004 .

[20]  James P. Peerenboom,et al.  Identifying, understanding, and analyzing critical infrastructure interdependencies , 2001 .

[21]  Thomas A. Campbell,et al.  ADDITIVE MANUFACTURING AS A DISRUPTIVE TECHNOLOGY: IMPLICATIONS OF THREE-DIMENSIONAL PRINTING , 2013 .

[22]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[23]  Benoit M. Macq,et al.  Applicability of watermarking for intellectual property rights protection in a 3D printing scenario , 2015, Web3D.

[24]  Shwetak N. Patel,et al.  Experimental Security Analysis of a Modern Automobile , 2010, 2010 IEEE Symposium on Security and Privacy.

[25]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[26]  Sujeet Shenoi,et al.  A Taxonomy of Attacks on the DNP3 Protocol , 2009, Critical Infrastructure Protection.

[27]  Hovav Shacham,et al.  Return-oriented programming without returns , 2010, CCS '10.

[28]  S. Kelly,et al.  Microstructural evolution in laser-deposited multilayer Ti-6Al-4V builds: Part I. Microstructural characterization , 2004 .

[29]  B. Stucker,et al.  Effect of process parameters on bond formation during ultrasonic consolidation of aluminum alloy 3003 , 2006 .

[30]  P. Colegrove,et al.  Microstructure and Mechanical Properties of Wire and Arc Additive Manufactured Ti-6Al-4V , 2013, Metallurgical and Materials Transactions A.

[31]  Liang Hao,et al.  Effect of Layer Thickness in Selective Laser Melting on Microstructure of Al/5 wt.%Fe2O3 Powder Consolidated Parts , 2014, TheScientificWorldJournal.

[32]  Xiaoxiao Wang,et al.  Power supply signal calibration techniques for improving detection resolution to hardware Trojans , 2008, ICCAD 2008.

[33]  Alec Yasinsac,et al.  Security Challenges of Additive Manufacturing with Metals and Alloys , 2015, Critical Infrastructure Protection.

[34]  Sujeet Shenoi,et al.  Attack taxonomies for the Modbus protocols , 2008, Int. J. Crit. Infrastructure Prot..

[35]  Ray Hunt,et al.  A taxonomy of network and computer attacks , 2005, Comput. Secur..

[36]  Jules White,et al.  Cyber-physical security challenges in manufacturing systems , 2014 .

[37]  Liang Hou,et al.  Additive manufacturing and its societal impact: a literature review , 2013 .

[38]  Todd R. Andel,et al.  Intellectual Property Protection in Additive Layer Manufacturing: Requirements for Secure Outsourcing , 2014, PPREW@ACSAC.

[39]  Srivaths Ravi,et al.  Security in embedded systems: Design challenges , 2004, TECS.

[40]  Barry Berman,et al.  3D printing: the new industrial revolution , 2012, IEEE Engineering Management Review.

[41]  Yuan Xue,et al.  A language for describing attacks on cyber-physical systems , 2015, Int. J. Crit. Infrastructure Prot..

[42]  Jill Slay,et al.  Lessons Learned from the Maroochy Water Breach , 2007, Critical Infrastructure Protection.

[43]  Robert L. Mason,et al.  Fatigue Life of Titanium Alloys Fabricated by Additive Layer Manufacturing Techniques for Dental Implants , 2013, Metallurgical and Materials Transactions A.

[44]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[45]  Dirk Helbing,et al.  Globally networked risks and how to respond , 2013, Nature.

[46]  J-C. Laprie,et al.  DEPENDABLE COMPUTING AND FAULT TOLERANCE : CONCEPTS AND TERMINOLOGY , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..

[47]  Hod Lipson,et al.  Printing Embedded Circuits , 2007 .

[48]  Berk Sunar,et al.  Trojan Detection using IC Fingerprinting , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).