dr0wned – Cyber-Physical Attack with Additive Manufacturing

Authors: 

Sofia Belikovetsky, Ben-Gurion University of the Negev; Mark Yampolskiy, University of South Alabama; Jinghui Toh, Singapore University of Technology and Design; Jacob Gatlin, University of South Alabama; Yuval Elovici, Ben-Gurion University of the Negev, Singapore University of Technology and Design

Abstract: 

Additive Manufacturing (AM, or 3D printing) is an emerging manufacturing technology with far-reaching implications. AM is increasingly used to produce functional parts, including components for safety-critical systems. However, AM’s unique capabilities and dependence on computerization raise a concern that an AM generated part could be sabotaged by a cyber-physical attack.

In this paper, we demonstrate the validity of this concern by presenting a novel attack: reducing the fatigue life of a functional part. We develop a sabotage attack against a specific 3D-printed quadcopter propeller, causing its mid-flight failure, ultimately leading to the quadcopter’s fall and destruction. The study described in this paper presents the very first full chain of attack against AM.We present all stages of the attack, beginning with a cyber-attack aimed at compromising a manufacturing environment and ending with the destruction of the target system that employs this part. Among major scientific contributions of this paper are a new category of a sabotage attack (accelerated fatigue), a novel systematic approach to identify options for such attack involving AM, and a demonstration of an empiric approach for the development and validation of an AM specific malicious manipulation.

We further demonstrate how the proposed sabotage attack can be integrated in a worm, thus enabling a widescale attack targeting either specific or similar enough digital design files of functional parts.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {206156,
author = {Sofia Belikovetsky and Mark Yampolskiy and Jinghui Toh and Jacob Gatlin and Yuval Elovici},
title = {dr0wned {\textendash} Cyber-Physical Attack with Additive Manufacturing},
booktitle = {11th {USENIX} Workshop on Offensive Technologies ({WOOT} 17)},
year = {2017},
address = {Vancouver, BC},
url = {https://www.usenix.org/conference/woot17/workshop-program/presentation/belikovetsky},
publisher = {{USENIX} Association},
}