Demonstration of Vulnerabilities in Globally Distributed Additive Manufacturing
Norwood, Charles Ellis
MetadataShow full item record
Globally distributed additive manufacturing is a relatively new frontier in the field of product lifecycle management. Designers are independent of additive manufacturing services, often thousands of miles apart. Manufacturing data must be transmitted electronically from designer to manufacturer to realize the benefits of such a system. Unalterable blockchain legers can record transactions between customers, designers, and manufacturers allowing each to trust the other two without needing to be familiar with each other. Although trust can be established, malicious printers or customers still have the incentive to produce unauthorized or pirated parts. To prevent this, machine instructions are encrypted and electronically transmitted to the printing service, where an authorized printer decrypts the data and prints an approved number of parts or products. The encrypted data may include G-Code machine instructions which contain every motion of every motor on a 3D printer. Once these instructions are decrypted, motor drivers send control signals along wires to the printer's stepper motors. The transmission along these wires is no longer encrypted. If the signals along the wires are read, the motion of the motor can be analyzed, and G-Code can be reverse engineered. This thesis demonstrates such a threat through a simulated attack on a G-Code controlled device. A computer running a numeric controller and G-Code interpreter is connected to standard stepper motors. As G-Code commands are delivered, the magnetic field generated by the transmitted signals is read by a Hall Effect sensor. The rapid oscillation of the magnetic field corresponds to the stepper motor control signals which rhythmically move the motor. The oscillating signals are recorded by a high speed analog to digital converter attached to a second computer. The two systems are completely electronically isolated. The recorded signals are saved as a string of voltage data with a matching time stamp. The voltage data is processed through a Matlab script which analyzes the direction the motor spins and the number of steps the motor takes. With these two pieces of data, the G-Code instructions which produced the motion can be recreated. The demonstration shows the exposure of previously encrypted data, allowing for the unauthorized production of parts, revealing a security flaw in a distributed additive manufacturing environment.
General Audience Abstract
Developed at the end of the 20th century, additive manufacturing, sometimes known as 3D printing, is a relatively new method for the production of physical products. Typically, these have been limited to plastics and a small number of metals. Recently, advances in additive manufacturing technology have allowed an increasing number of industrial and consumer products to be produced on demand. A worldwide industry of additive manufacturing has opened up where product designers and 3D printer operators can work together to deliver products to customers faster and more efficiently. Designers and printers may be on opposite sides of the world, but a customer can go to a local printer and order a part designed by an engineer thousands of miles away. The customer receives a part in as little time as it takes to physically produce the object. To achieve this, the printer needs manufacturing information such as object dimensions, material parameters, and machine settings from the designer. The designer risks unauthorized use and the loss of intellectual property if the manufacturing information is exposed. Legal protections on intellectual property only go so far, especially across borders. Technical solutions can help protect valuable IP. In such an industry, essential data may be digitally encrypted for secure transmission around the world. This information may only be read by authorized printers and printing services and is never saved or read by an outside person or computer. The control computers which read the data also control the physical operation of the printer. Most commonly, electric motors are used to move the machine to produce the physical object. These are most often stepper motors which are connected by wires to the controlling computers and move in a predictable rhythmic fashion. The signals transmitted through the wires generate a magnetic field, which can be detected and recorded. The pattern of the magnetic field matches the steps of the motors. Each step can be counted, and the path of the motors can be precisely traced. The path reveals the shape of the object and the encrypted manufacturing instructions used by the printer. This thesis demonstrates the tracking of motors and creation of encrypted machine code in a simulated 3D printing environment, revealing a potential security flaw in a distributed manufacturing system.
- Masters Theses