NYU Abu Dhabi Team Wins Hack3D Challenge

Two students from New York University Abu Dhabi won the first prize of the Hack3D challenge at New York University Tandon’s School of Engineering. Only five teams advanced to the final round of the only student-led 3D printing cybersecurity hackathon. The Hack3D competition, which is part of a broader global cybersecurity competition called Cybersecurity Awareness Week (CSAW), encourages teams from around the globe to circumvent security measures in the additive manufacturing supply chain so that they can spotlight the need for anti-counterfeiting methods in 3D printing. The competition’s first round had a total of 49 teams trying to solve a problem to qualify for the next round, which included a trip to New York to attend the NYU Tandon challenge and prize money for winners and runners up.

Led by Nikhil Gupta, a mechanical and aerospace engineering professor at Tandon, the competition is in its second year, and during the first qualifying round had teams struggling to figure out the solution to a problem posted online. Participants were challenged to reconstruct a corrupted .gcode file employing skills in forensics and reverse-engineering. So basically, they had to hack the security measures Gupta embedded in the print files that make it virtually impossible to print a component correctly; in this case, a chess piece.

Last Friday, the final round rallied up five teams to compete in printing 3D parts that were embedded with anti-counterfeiting features developed at NYU Tandon and designed to protect CAD models. After eight intense hours at the NYU Tandon lab, Pedro Velasquez and Cole Beasley outrivaled the other four teams as they managed to hack the 3D printing cybersecurity code and 3D print the correct version. Called the SNEKS AD, the team was awarded $1,000 in prize money during a ceremony held last Friday night.

Hack3D, which explores vulnerabilities in 3D printing, brings together students from around the world to compete for scholarships and funding. Sponsored by some of the biggest names in the industry, like IBM, JP Morgan & Chase, Capsule 8, Red Balloon Security, and the National Science Foundation (NSF), this year’s CSAW annual competition gathered the world’s top student hackers, with a total of 180 teams advancing to final rounds, competing for scholarships and cash prizes, including NYU Tandon’s $1 million-plus in scholarships to all high school finalists in the CSAW Red Team Competition in Downtown Brooklyn.

3DPrint.com caught up with the winning team during the live competition on Friday via phone interview and both Beasley and Velasquez said they were “thrilled to be participating in the challenge” and “would love to return next year.” The computer science majors are both freshmen and eager to explore cybersecurity as part of their future in the chosen career.

Only three hours into the challenge, Velasquez suggested: “we have a good plan in place and are keeping up with the schedule; we already have our first prototype and are printing out our second so that we can start testing it.”

Coles explained that during the final round “they have given us one part (a male piece) and we basically have to create another part (female) that connects to it.” There was a code embedded in the CAD file, which he referred to as a “hint hidden inside the code,” and once they got the right piece 3D printed, they won the challenge.

During Hack3D, competitors also had the opportunity to learn and use skills in graphics programming, file manipulation, and reverse engineering, while also gaining an understanding of the additive manufacturing supply chain.

Gupta explained during an interview with 3DPrint.com that “hackathons are an important component in finding the strength of the security method, so this year we expanded the competition and had 49 entries from across the world. We gave them one problem, yet none of the teams could completely solve it, so the five finalists that came closest to the answer were able to compete. They had two months for the first challenge, but only eight hours for the final round, and they needed to 3D print the part in our lab to check whether they could succesfully solve the challenge.” 

“People have been doing traditional cybersecurity measures like password protecting files, encrypting files but there is nothing that relates to 3D printing itself, so we came up with some design schemes, so using the design features that we put in the files while designing the products. The security features prevent the files from getting printed in high quality unless you use a security key.” 

The runners up were Alex Manning and Erin Ozcan, also known as the pwndevils from Arizona State University, and in third place, the AGGIES from Texas A&M University: Akash Tiwari, Maccoy Merrell, and Mutaz Melhem.

Gupta went on to say that “we found that the cyber threat landscape in the 3D printing world, mainly for aerospace and medical devices, will get worse. For example, if a counterfeit part makes its way to an airplane and something goes wrong, it will become hard to figure out that it was the reason for an accident. On the other hand, 3D printing and general access to new technologies have made it easier to replicate parts or reverse engineer them to recreate a system.”

According to NYU, flawed parts printed from stolen design files could produce dire results: experts predict that by 2021, 75 percent of new commercial and military aircraft will fly with 3D printed engines, airframes, and other components, and the use of AM in the production of medical implants will grow by 20 percent per year over the next decade.

“Since mechanical engineers are the ones designing many parts, they need to get into a security mindset, to handle this issue,” continued Gupta.

So Gupta and other researchers at NYU Tandon and NYU Abu Dhabi were the first to convert flat QR codes into complex features hidden within 3D printed parts to foil counterfeiters and IP pirates and to provide an innovative way for unique device identification.

Gupta and his colleagues developed a scheme that “explodes” a QR code within a CAD file so that it presents several false faces — dummy QR tags — to a scanning device. Only a trusted printer or end user would know the correct head-on orientation for the scanner to capture the legitimate QR code image. 

“In 3D printing, you are creating a part layer by layer, so we break the QR code into a number of parts–like 300 different pieces–and we embed them into each layer, so that only one particular direction will show you the QR code, every other direction will show a cloud of points. Using any identifiable signature embedded, microstructures or metal sized particles can be used as a security method.”

Continued growth in the 3D printing sector means that the CAD design files and the machines become vulnerable to hacks. Cybersecurity issues in the virtual world wreak havoc, in the last year a series of ransomware and supply chain attacks led to seriously compromised companies and malicious hacking. All this can quickly translate into 3D printing, with objects manufactured being at serious risk of failure, and as cyberattacks become more advanced, the risks are greater.

NYU Tandon, one of the first university departments to teach cybersecurity in 3D printing, is raising the bar to spark student interest in the field, by engaging the global community in their annual hackathon. For Gupta, a lot of what we are beginning to see and as hacks become more advanced, this represents a significant danger for AM cybersecurity. The vulnerability of the internet around the world is increasing, accompanied by an expanding community of hackers that didn’t use to have the tools required for hacking. He claims that “there are now more motivations for hacks as digital manufacturing is rapidly increasing, bringing 3D printing to the forefront of the industry.” 

Discuss this and other 3D printing topics at 3DPrintBoard.com or share your thoughts below.

[Images: NYU Tandon]