Introduction
Cyber-Physical Additive Manufacturing (AM) constructs a physical 3D object layer-by-layer according to its digital representation and has been vastly applied to fast prototyping and the manufacturing of functional end-products across fields. The computerization of traditional production processes propels these technological advancements; however, this also introduces new vulnerabilities, necessitating the study of cyberattacks on these systems [12]. The AM Sabotage Attack is one kind of kinetic cyberattack that originates from the cyber domain and can eventually lead to physical damage, injury, or even death [2]. By introducing inconspicuous yet damaging alterations in any specific process of the AM digital process chain, the attackers can compromise the structural integrity of a manufactured component in a manner that is invisible to a human observer. If the manufactured objects are critical for their system, those attacks can even compromise the whole system’s structural integrity and pose a severe safety risk to its users. For example, an inconspicuous void (less than 1 mm in dimension) placed in the 3D design of a tensile test specimen can reduce its yield load by 14% [11]. However, security studies primarily focus on securing digital assets [10], overlooking the fact that AM systems are CPSs. The AM system, or the printer, is comprised of a set of connected hardware components, and thus can unintentionally produce analog emissions during the operation of printing through different physical side-channels such as acoustics, electromagnetic radiation, vibration, and power. In AM systems, the information flow in the cyber domain has at least one corresponding control signal sent to the physical domain. This signal flow, in turn, actuates the physical processes accordingly, resulting in side-channel emissions that have a high degree of mutual information with the digital control signals. This property allows our group to a series of research on utilizing the correlation between the two domains and validating that physical domain signals match their cyber domain counterparts [4, 9, 1, 6, 7, 3, 8, 5]. Sabotaging the structural integrity of 3D objects requires the attacker to make subtle variations to one or more of the sub-processes in the AM process chain, resulting in a change in the printer’s control parameters and a corresponding change to its analog emissions. In this case, monitoring the operation of the targeted AM systems can be the most direct defense [4]. To detect such modifications, our group proposes an attack detection system that continuously monitors and analyzes the different side-channel information leaked during the operation of AM systems, allowing us to identify unusual analog emissions resulting from potential sabotage attacks.
The AM Process Chain
The manufacturing of 3D objects in AM requires a chain of cyber-physical processes [12]. We primarily describe the process chain for the Fused Deposition Model (FDM) based AM. As shown in Figure Document, the process chain begins in the cyber domain with an idea for a 3D object. The first item on the workflow is to substantiate the design specifications using Computer-Aided Design (CAD) tools. Next, the generated CAD model gets converted into the STereoLithography (STL) format that uses a series of triangles to model the surface geometry. In the Computer-Aided Manufacturing (CAM) process, the slicing algorithms convert the STL files into a layer-by-layer description file which instructs the printer on how to create the 3D object. The description file uses a Numerical Control Programming Language called G/M-code. The G-codes describe the motion and flow settings of the printer, determining the speed of the nozzle along each axis and the amount of material to deposit at each printing step. As an example, G1 F2100 X5 Y6 Z1.2 E2.1 represents a single line of G-code for controlling the movement of the nozzle, where G1 means coordinated linear motion, F defines travel feed rate (speed) which is measured in mm/min, and distance and extrusion are measured in mm. On the other hand, the M-codes control the machine settings such as temperature, coolant. Lastly, the printer’s firmware interprets each received G/M-code instruction into the corresponding control signals to actuate the printer hardware and, in turn, print the object.
[width=1.0]imgs/digital_process_chain.pdf
In the physical domain, the FDM-based printer uses thermoplastic filament materials to form 3D physical objects. The printer uses motors and belts to control the heated nozzle to melt the materials, depositing the extrusion onto the surface of the build plate at a precisely controlled rate. An array of stepper motors enables a fine-grained degree of control, each controlling movement along a single axis. These components act as a significant source of information leakage because of their analog emissions during printer operation. The analog emissions come from various side-channels of the printer (vibration, acoustic, magnetic, and power side-channels), which are streams of information outside of the primary data path containing information which can be correlated with the data in the primary path. In this case, the primary data path includes the control signals sent to the printer. The stepper motors are a major source of vibration and acoustic emissions due to the fluctuating radial force and torque ripples working on the stator core of the stepper motor. The varying electric field in the stepper motors also leaks data to the magnetic side channel. The power side-channel reveals the primary consumers of power in a 3D printer, such as the heating elements, stepper motors, fans, bed heater, and the internal control circuitry. In short, through these side-channels, the unintentional information leakage about the primary data path enables the inference of control signal values from side-channel information.
Sabotage Attack Detection for AM Systems
As for the threat model, the attackers can exploit multiple attack surfaces on the AM process chain (Figure Document) to sabotage manufactured parts.
From the cyber domain, the adversaries can modify the intermediate forms of the 3D object by altering the integrity of the tools, firmware, or computers in the process chain, eventually resulting in the modification of the printer’s control signals and the sabotage of the printed object.
Cyber-security techniques can help mitigate risks further upstream in the digital process chain; however, AM systems often have network connectivity or physical access ports that can enable an adversary to exploit firmware vulnerabilities and compromise the system.
To this end, we focus our on detecting adversarial attacks to the printer firmware that modify the control parameters directly.
With this in mind, we assume that the G-codes sent to the AM system have not been previously tampered with and are representative of the correct 3D object model.
In this case, the movement of the AM machine’s internal components during a sabotage attack will not match the movements described by the instructions given in the G-code file, and thus, will result in different side-channel emissions.
By utilizing these side-channel emissions with the G-codes sent to the printer, we can infer the values of the control signals and then determine if the printer firmware has been hacked.
r.45
[width=]imgs/training_phase_flow_chart.pdf
System Architecture.
The architecture of our proposed Sabotage Attack Detection System is described in Figure Document.
To infer the control signals, the System State Estimation Model
learns the relationship between the various side-channel emissions and the various control signals using supervised machine learning approaches. The dataset for training consists of the analog emissions from the
Benchmark Printer along with their corresponding control signals, which are parsed from the G-codes. Once the mapping between analog emissions and control signals has been learned, our system first infers each control signal by continuously observing the analog emissions from the Monitoring Printer. The Attack Detection Algorithm then compares the unmodified control signals to the inferred signals to determine if a sabotage attack has occurred.Results
r0.25 [width=]imgs/kcad_testbed_annotated.png Experimental setup Our experimental setup is shown in Figure Document, consisting of an Ultimaker 3 3D-printer, four microphones, three vibration sensors (accelerometers), three magnetic sensors (magnetometers), and one current sensor. We use timestamps to match each G-code to its corresponding side-channel emissions recorded from the sensors. To evaluate the performance of our proposed detection system, we combined data from several different 3D-prints to produce a 20-gigabyte dataset containing 60,959 rows with 18,276 features per row. In the following sections, the selected results for state estimation and attack detection are shown (see [13] for more results).
AM System State Estimation
The ability of our system to detect sabotage attacks depends on how precisely our system models the relationship between side-channel information and the corresponding machine control parameters. To improve our system’s performance, we use multiple modalities of side-channel data for control signal estimation. To evaluate our multi-modal approach in comparison to single side-channel (unimodal) methods, we assessed the movement-axis prediction ( and
) performance of our classifiers using data from each modality. The results of the highest accuracy classifiers in each modality in comparison to our multi-modal approach and the single acoustic sensor approach presented in
[4] are shown in Figure Document. As shown in the figure, our multi-modal technique outperforms the uni-modal methods as well as the technique from [4]. Notably, the acoustic and vibration modalities show the highest uni-modal accuracy and reach within 5% of the accuracy of the multi-modal technique. Overall, these results demonstrate that our multi-modal technique results in performance improvement over uni-modal methods.0.5 [width=]imgs/modality-comparison-ax.png 0.5 [width=]imgs/modality-comparison-ay.png
AM Sabotage Attack Detection
To evaluate our attack detection performance, we generate synthetic attacks by adding adversarial modifications to G-Codes. Then, we pass the unmodified sensor data and the modified G-code files as inputs to our attack detection system to evaluate its ability to detect mismatches. Our overall row-level accuracy is 99.17% for movement-axis prediction. For axis-velocity prediction our average accuracy is 96.64%. Our overall attack detection accuracy for all control parameters is 98.15%. Although these attacks are synthetic, they provide empirical benchmarks to demonstrate the attack detection system’s capabilities.
0.5 0.7 [width=]imgs/wrenches_figure.png 0.7 [width=]imgs/modified_gear.png 0.5 [width=0.7]imgs/segments_figure.PNG
To validate these results in a real scenario, we tested two real-world sabotage attacks: a gear and a wrench. Since gears and wrenches are generally placed in high-stress scenarios, it is plausible that a kinetic cyberattack could compromise their structural integrity and significantly increase the chance of equipment failure. Moreover, these parts serve as analogues to other load-bearing 3D printed parts to demonstrate that our detection system can identify kinetic cyberattacks on these types of components. The original and attacked wrenches are shown in Figure Document, and the adversarial modifications to the gear are shown in Figure Document. Although these specific modifications are visible to the human eye in the final print, this was done primarily for demonstrative purposes. These modifications can easily be concealed in internal layers of the print without modifying the outward appearance of the object, enabling it to pass visual quality inspections done by both machines and employees. For both test cases, the detection system was able to detect the attack successfully. These tests demonstrate that our methodology can be applied to real-world, practical AM tasks.
Conclusion
AM systems are core to the future of manufacturing and Industry 4.0. Since these systems are advancing in terms of complexity and connectivity as well as producing parts for increasingly critical and taxing applications, the security of these systems is a significant concern. Since AM systems are CPSs, they present a broad and diverse attack surface, making attack detection and prevention a daunting task. Our proposed sabotage attack detection system has demonstrated the ability to detect various attacks by correlating multiple forms of physical-domain emissions of the AM system with cyber-domain information. We have achieved an overall detection accuracy of 98.15% on synthetic benchmarks and demonstrated that our system could detect two real-world scenarios of sabotage attacks. Although our solution addresses a significant security risk in AM systems, more work is needed to address the broad scope of potential AM vulnerabilities.
- [1] (2016) Forensics of thermal side-channel in additive manufacturing systems. University of California, Irvine. Cited by: p2.
- [2] (2013) The dawn of kinetic cyber. In 2013 5th international conference on cyber conflict (CYCON 2013), pp. 1–15. Cited by: p2.
- [3] (2017) Side channels of cyber-physical systems: case study in additive manufacturing. IEEE Design & Test 34 (4), pp. 18–25. Cited by: p2.
- [4] (2016) Kcad: kinetic cyber-attack detection method for cyber-physical additive manufacturing systems. In Proceedings of the 35th international conference on Computer-Aided Design, pp. 74. Cited by: p2, p7.
- [5] (2018) Information leakage-aware computer-aided cyber-physical manufacturing. IEEE Transactions on Information Forensics and Security 13 (9), pp. 2333–2344. Cited by: p2.
- [6] (2017) Fix the leak!: an information leakage aware secured cyber-physical manufacturing system. In Proceedings of the Conference on Design, Automation & Test in Europe, pp. 1412–1417. Cited by: p2.
- [7] (2017) Security trends and advances in manufacturing systems in the era of industry 4.0. In 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp. 1039–1046. Cited by: p2.
- [8] (2019) Oligo-snoop: a non-invasive side channel attack against dna synthesis machines.. In NDSS, Cited by: p2.
- [9] (2016) Acoustic side-channel attacks on additive manufacturing systems. In Proceedings of the 7th International Conference on Cyber-Physical Systems, pp. 19. Cited by: p2.
- [10] (2018) Intellectual property protection of 3d print supply chain with blockchain technology. In 2018 IEEE International Conference on Engineering, Technology and Innovation (ICE/ITMC), pp. 1–8. Cited by: p2.
- [11] (2014) Cyber-physical vunerabilities in additive manufacturing systems. Context 7 (2014), pp. 8. Cited by: p2.
- [12] (2018) Security of additive manufacturing: attack taxonomy and survey. Additive Manufacturing 21, pp. 431–457. Cited by: p2, p3.
- [13] (2020) Sabotage attack detection for additive manufacturing systems. IEEE Access 8 (), pp. 27218–27231. External Links: Document, ISSN 2169-3536 Cited by: p6.
Comments
There are no comments yet.