Abstract
Additive manufacturing or 3D printing is commonly used to create mission-critical parts in the critical infrastructure. This research focuses on threats that target the key slicing step of additive manufacturing, when design files that model part geometry are converted to G-code toolpath files that convey instructions for printing parts layer by layer. The research leverages a hitherto unknown slicing software vulnerability where G-code corresponding to part slices is stored as plaintext ASCII characters in heap memory during execution. The vulnerability was discovered in two open-source, full-featured slicing software suites that support many 3D printers. Experiments with a toolkit developed to target slicing software in real time demonstrate that the attacks are surreptitious and fine-grained. Two attacks, temperature modification and infill exclusion, performed against G-code generated for fused filament fabrication printers demonstrate the ability to sabotage printed parts as well as print environments. Although the vulnerability can be mitigated using strong authentication and access controls along with G-code obfuscation, the ability to automate surreptitious, fine-grained attacks that degrade printed parts in ways that are imperceptible to the human eye and undetectible by nondestructive testing methods is a serious concern.
Original language | English |
---|---|
Title of host publication | Critical Infrastructure Protection XVI - 16th IFIP WG 11.10 International Conference, ICCIP 2022, Revised Selected Papers |
Editors | Jason Staggs, Sujeet Shenoi |
Publisher | Springer Science and Business Media Deutschland GmbH |
Pages | 155-174 |
Number of pages | 20 |
ISBN (Print) | 9783031201363 |
DOIs | |
State | Published - 2022 |
Event | 16th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, ICCIP 2022 - Virtual, Online Duration: Mar 14 2022 → Mar 15 2022 |
Publication series
Name | IFIP Advances in Information and Communication Technology |
---|---|
Volume | 666 IFIP |
ISSN (Print) | 1868-4238 |
ISSN (Electronic) | 1868-422X |
Conference
Conference | 16th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, ICCIP 2022 |
---|---|
City | Virtual, Online |
Period | 03/14/22 → 03/15/22 |
Funding
This research was supported by the National Science Foundation under Grant no. DGE 1501177 and by UT-Battelle under Contract no. DE-AC05-00OR22725 with the U.S. Department of Energy.
Keywords
- Additive manufacturing
- G-code attacks
- fused filament fabrication