Using 3 D printers as weapons

Additive manufacturing, also known as 3D printing, is a transformative manufacturing technology that will play a significant role in the critical manufacturing sector. Industrialgrade 3D printers are increasingly used to produce functional parts for important systems. However, due to their reliance on computerization, 3D printers are susceptible to a broad range of attacks. More importantly, compromising a 3D printer is not a goal, but rather a staging point for launching subsequent attacks with the printer. For example, an adversary can compromise a 3D printer in order to manipulate the mechanical properties of manufactured parts. If the manufactured parts are used in jet engines or in other safetycritical systems, they could endanger human life, disrupt critical infrastructure assets and produce significant economic and societal impacts. This paper analyzes the ability of an adversary to “weaponize” compromised additive manufacturing equipment in order to cause kinetic, nuclear/biological/chemical or cyber damage. In particular, the paper presents categories (taxonomies) of the elements in an additive manufacturing workflow that can be compromised by successful attacks, the manipulations that the compromised elements can exercise and the weapon-like effects resulting from these manipulations. The relationships between these taxonomies are discussed. Finally, the weaponization capabilities of 3D printers are characterized. & 2016 Elsevier B.V. All rights reserved.

[1]  Yuan Xue,et al.  Taxonomy for description of cross-domain attacks on CPS , 2013, HiCoNS '13.

[2]  Liang Hao,et al.  Effect of Layer Thickness in Selective Laser Melting on Microstructure of Al/5 wt.%Fe2O3 Powder Consolidated Parts , 2014, TheScientificWorldJournal.

[3]  Eleonora Atzeni,et al.  From Powders to Dense Metal Parts: Characterization of a Commercial AlSiMg Alloy Processed through Direct Metal Laser Sintering , 2013, Materials.

[4]  Benoit M. Macq,et al.  Applicability of watermarking for intellectual property rights protection in a 3D printing scenario , 2015, Web3D.

[5]  J-C. Laprie,et al.  DEPENDABLE COMPUTING AND FAULT TOLERANCE : CONCEPTS AND TERMINOLOGY , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..

[6]  Adrian Bowyer,et al.  The intellectual property implications of low-cost 3D printing , 2010 .

[7]  Kelley L. Dempsey,et al.  Risk Management for Replication Devices , 2015 .

[8]  Hod Lipson,et al.  Freeform Fabrication of Electroactive Polymer Actuators and Electromechanical Devices , 2004 .

[9]  LipsonHod,et al.  AMF Tutorial: The Basics (Part 1) , 2014 .

[10]  S. Shankar Sastry,et al.  A Taxonomy of Cyber Attacks on SCADA Systems , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.

[11]  Berk Sunar,et al.  Trojan Detection using IC Fingerprinting , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[12]  Thomas A. Campbell,et al.  ADDITIVE MANUFACTURING AS A DISRUPTIVE TECHNOLOGY: IMPLICATIONS OF THREE-DIMENSIONAL PRINTING , 2013 .

[13]  Todd R. Andel,et al.  Intellectual Property Protection in Additive Layer Manufacturing: Requirements for Secure Outsourcing , 2014, PPREW@ACSAC.

[14]  Douglas S. Thomas,et al.  Costs and Cost Effectiveness of Additive Manufacturing , 2014 .

[15]  Todd R. Andel,et al.  Towards Security of Additive Layer Manufacturing , 2015, ArXiv.

[16]  Robert L. Mason,et al.  Fatigue Life of Titanium Alloys Fabricated by Additive Layer Manufacturing Techniques for Dental Implants , 2013, Metallurgical and Materials Transactions A.

[17]  T. A. Krola,et al.  OPTIMIZATION OF SUPPORTS IN METAL-BASED ADDITIVE MANUFACTURING BY MEANS OF FINITE ELEMENT MODELS , 2012 .

[18]  Harold Willmington,et al.  What You Need to Know About You , 2010 .

[19]  Barry Berman,et al.  3D printing: the new industrial revolution , 2012, IEEE Engineering Management Review.

[20]  Jill Slay,et al.  Lessons Learned from the Maroochy Water Breach , 2007, Critical Infrastructure Protection.

[21]  Hod Lipson,et al.  Printing Embedded Circuits , 2007 .

[22]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[23]  Dirk Helbing,et al.  Globally networked risks and how to respond , 2013, Nature.

[24]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[25]  P. Wright,et al.  Anisotropic material properties of fused deposition modeling ABS , 2002 .

[26]  Mark Mohammad Tehranipoor,et al.  Power supply signal calibration techniques for improving detection resolution to hardware Trojans , 2008, 2008 IEEE/ACM International Conference on Computer-Aided Design.

[27]  G. Manimaran,et al.  Internet infrastructure security: a taxonomy , 2002, IEEE Netw..

[28]  Yuan Xue,et al.  A language for describing attacks on cyber-physical systems , 2015, Int. J. Crit. Infrastructure Prot..

[29]  Bernhard Mueller,et al.  Additive Manufacturing Technologies – Rapid Prototyping to Direct Digital Manufacturing , 2012 .

[30]  Scott D. Lathrop,et al.  Wireless security threat taxonomy , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..

[31]  Hovav Shacham,et al.  Return-oriented programming without returns , 2010, CCS '10.

[32]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[34]  E. Byres,et al.  The Myths and Facts behind Cyber Security Risks for Industrial Control Systems , 2004 .

[35]  Martin Moser,et al.  Information Technology Security Threats to Modern e-Enabled Aircraft: A Cautionary Note , 2014, J. Aerosp. Inf. Syst..

[36]  B. Stucker,et al.  Effect of process parameters on bond formation during ultrasonic consolidation of aluminum alloy 3003 , 2006 .

[37]  Hovav Shacham,et al.  Return-Oriented Programming: Systems, Languages, and Applications , 2012, TSEC.

[38]  Sujeet Shenoi,et al.  A Taxonomy of Attacks on the DNP3 Protocol , 2009, Critical Infrastructure Protection.

[39]  William E. Frazier,et al.  Metal Additive Manufacturing: A Review , 2014, Journal of Materials Engineering and Performance.

[40]  Srivaths Ravi,et al.  Security in embedded systems: Design challenges , 2004, TECS.

[41]  Sujeet Shenoi,et al.  Attack taxonomies for the Modbus protocols , 2008, Int. J. Crit. Infrastructure Prot..

[42]  Douglas S. Thomas,et al.  Economics of the U.S. Additive Manufacturing Industry , 2013 .

[43]  Alec Yasinsac,et al.  Security Challenges of Additive Manufacturing with Metals and Alloys , 2015, Critical Infrastructure Protection.

[44]  Ian A. Ashcroft,et al.  Investigation the Effect of Particle Size Distribution on Processing Parameters Optimisation in Selective Laser Melting Process , 2011 .

[45]  P. Colegrove,et al.  Microstructure and Mechanical Properties of Wire and Arc Additive Manufactured Ti-6Al-4V , 2013, Metallurgical and Materials Transactions A.

[46]  Liang Hou,et al.  Additive manufacturing and its societal impact: a literature review , 2013 .

[47]  S. Kelly,et al.  Microstructural evolution in laser-deposited multilayer Ti-6Al-4V builds: Part II. Thermal modeling , 2004 .

[48]  Yuan Xue,et al.  Systematic analysis of cyber-attacks on CPS-evaluating applicability of DFD-based approach , 2012, 2012 5th International Symposium on Resilient Control Systems.

[49]  L. Sturm,et al.  CYBER-PHYSICAL VUNERABILITIES IN ADDITIVE MANUFACTURING SYSTEMS , 2014 .

[50]  Dieter Gollmann,et al.  Vulnerabilities of cyber-physical systems to stale data - Determining the optimal time to launch attacks , 2014, Int. J. Crit. Infrastructure Prot..

[51]  S. Kelly,et al.  Microstructural evolution in laser-deposited multilayer Ti-6Al-4V builds: Part I. Microstructural characterization , 2004 .

[52]  C. Schade,et al.  DEVELOPMENT OF ATOMIZED POWDERS FOR ADDITIVE MANUFACTURING , 2014 .

[53]  Ray Hunt,et al.  A taxonomy of network and computer attacks , 2005, Comput. Secur..

[54]  Jules White,et al.  Cyber-physical security challenges in manufacturing systems , 2014 .