dr0wned - Cyber-Physical Attack with Additive Manufacturing

📝 Abstract

Additive manufacturing (AM), or 3D printing, is an emerging manufacturing technology that is expected to have far-reaching socioeconomic, environmental, and geopolitical implications. As use of this technology increases, it will become more common to produce functional parts, including components for safety-critical systems. AM’s dependence on computerization raises the concern that the manufactured part’s quality can be compromised by sabotage. This paper demonstrates the validity of this concern, as we present the very first full chain of attack involving AM, beginning with a cyber attack aimed at compromising a benign AM component, continuing with malicious modification of a manufactured object’s blueprint, leading to the sabotage of the manufactured functional part, and resulting in the physical destruction of a cyber-physical system that employs this part. The contributions of this paper are as follows. We propose a systematic approach to identify opportunities for an attack involving AM that enables an adversary to achieve his/her goals. Then we propose a methodology to assess the level of difficulty of an attack, thus enabling differentiation between possible attack chains. Finally, to demonstrate the experimental proof for the entire attack chain, we sabotage the 3D printed propeller of a quadcopter UAV, causing the quadcopter to literally fall from the sky.

💡 Analysis

Additive manufacturing (AM), or 3D printing, is an emerging manufacturing technology that is expected to have far-reaching socioeconomic, environmental, and geopolitical implications. As use of this technology increases, it will become more common to produce functional parts, including components for safety-critical systems. AM’s dependence on computerization raises the concern that the manufactured part’s quality can be compromised by sabotage. This paper demonstrates the validity of this concern, as we present the very first full chain of attack involving AM, beginning with a cyber attack aimed at compromising a benign AM component, continuing with malicious modification of a manufactured object’s blueprint, leading to the sabotage of the manufactured functional part, and resulting in the physical destruction of a cyber-physical system that employs this part. The contributions of this paper are as follows. We propose a systematic approach to identify opportunities for an attack involving AM that enables an adversary to achieve his/her goals. Then we propose a methodology to assess the level of difficulty of an attack, thus enabling differentiation between possible attack chains. Finally, to demonstrate the experimental proof for the entire attack chain, we sabotage the 3D printed propeller of a quadcopter UAV, causing the quadcopter to literally fall from the sky.

📄 Content

dr0wned – Cyber-Physical Attack with Additive Manufacturing Sofia Belikovetsky Ben-Gurion University of the Negev Mark Yampolskiy University of South Alabama Jinghui Toh Singapore University of Technology and Design Yuval Elovici Ben-Gurion University of the Negev, Singapore University of Technology and Design Abstract—Additive manufacturing (AM), or 3D printing, is an emerging manufacturing technology that is expected to have far-reaching socioeconomic, environmental, and geopo- litical implications. As use of this technology increases, it will become more common to produce functional parts, including components for safety-critical systems. AM’s dependence on computerization raises the concern that the manufactured part’s quality can be compromised by sabotage. This paper demonstrates the validity of this concern, as we present the very first full chain of attack involving AM, beginning with a cyber attack aimed at compromising a benign AM component, continuing with malicious modification of a manufactured object’s blueprint, leading to the sabotage of the manufactured functional part, and resulting in the physical destruction of a cyber-physical system that employs this part. The contributions of this paper are as follows. We propose a systematic approach to identify opportunities for an attack involving AM that enables an adversary to achieve his/her goals. Then we propose a methodology to assess the level of difficulty of an attack, thus enabling differentiation between possible attack chains. Finally, to demonstrate the experimental proof for the entire attack chain, we sabotage the 3D printed propeller of a quadcopter UAV, causing the quadcopter to literally fall from the sky.

1. Introduction Additive Manufacturing (AM), often called 3D printing, refers to the creation of 3D objects by adding thin lay- ers, one layer at a time, to build up an object from two dimensions to three in order to create the desired form. Compared to the traditional “subtractive manufacturing” technologies, which use various cutting tools to reduce a solid block of source material to the desired shape and size, AM has numerous socioeconomic, environmental, and technical advantages. These include, but are not limited to, shorter design-to-product time, just-in-time and on-demand production, production in the proximity to assembly lines, reduction of source material waste, and especially, the ability to produce functional parts with complex internal structure and application area-optimized physical properties. These advantages have played a significant role in the increased adoption of this transformative technology in the recent years. According to the Wohlers report [1], in 2015 the AM industry accounted for $5.165 billion of revenue, with 32.5% of all AM-generated objects used as functional parts. Due to the computerization involved in AM, several researchers have raised concerns regarding its security, in- cluding intellectual property violation [2], [3], [4], [5], [6], [7], [8] and sabotage of manufactured object’s quality [9], [10], [11], [12], [13], [14]. In this paper, we focus on the latter – a threat to public safety and national security when functional parts of safety-critical systems or of critical infrastructure are sabotaged. While prior work addresses various selected aspects of this issue, to the best of our knowledge, no one has provided a holistic view and pre- sented a proof that this type of indirect, multistage, cyber- physical attack is actually possible. This paper provides such a proof. This paper presents the complete chain of attack involving AM, beginning with a cyber attack aimed at compromising a component in the AM environment, continuing with malicious modification of a design file, leading to the manufacture of a sabotaged functional part, and resulting in the physical destruction of a cyber-physical system that employs this part. In order to accomplish this, we propose a systematic approach to identify possible attack chains that will allow an adversary to achieve his/her goals. For the selection of the attack to be performed, we propose a methodology to assess the level of difficulty of an attack. The assessment is based on the skills, tools, and network access available to an adversary. Lastly, for the experimental evaluation of both our ap- proach and the concern raised, we demonstrate an attack on a benign desktop 3D printer owner who prints a re- placement propeller for his quadcopter UAV. Our remote sabotage attack causes the propeller to break during flight, and this is quite literally followed by the quadcopter falling from the sky. The remainder of the paper is structured as follows: In Section 2, we discuss the previous work in this area. Section 3 contains an overview of the Additive Manufacturing workflow which will be the basis of the rest of the study. Section 4 maps the attack chain what will lead to sabotage of a system by compromising a 3D printed func- tional part. We discuss the flow of

This content is AI-processed based on ArXiv data.