Exone end to end binder jetting service

Thesis Student Tests for CyberAttack Risks in Distributed 3D Printing

Metal Parts Produced
Commercial Space
Medical Devices

Share this Article

Charles Ellis Norwood recently presented a thesis, ‘Demonstration of Vulnerabilities in Globally Distributed Additive Manufacturing,’ to the Virginia Polytechnic Institute and State University.

Norwood explores new methods in transferring data for manufacturing, as 3D design files can be sent virtually anywhere—with the potential for being 3D printed in a faraway area of the world. While this offers great ease in delivery of data and potential products, such methods of communication also mean that the designer gives up control and in some cases protection of parts.

“Industrial parts are increasingly produced by additive manufacturing,” states Norwood. “Several studies have shown the potential for additive manufacturing to improve supply chains for spare parts. With advances in additive manufacturing and the rise of globally distributed manufacturing, the logical step is to combine the two into globally distributed additive manufacturing. In one potential model of this system, designers and manufacturers would be two different entities in different places in the world. A design firm could engineer and develop a product, then hire an independent manufacturer to produce it. Designers could have as much or as little manufacturing capability as they need, and manufacturers could function solely to produce parts.

“With such a system, the major advantages of globally distributed manufacturing are realized. If a consumer decides to purchase a product, the original design firm could find the manufacturer closest to the consumer and have it produced. With additive manufacturing, products can be produced on demand, so an ideal system could effectively eliminate the need to keep stocks of parts or products. Consequently, it would reduce all associated costs such as warehouses and logistics for part organization.”

Norwood focuses on security in such transmissions, and the need for encryption to avoid cyberattacks and the possibility of failure in critical 3D-printed parts due to malicious activity. The need to make sure security is offered within the technology is critical due to the lack of enforcement of intellectual property measures in other countries; for example, transmissions being exchanged from one US manufacturer to another are expected to be safe due to understanding of the laws and possible punishment due to any infractions. Other countries, however, are well-known for blatantly ignoring IP laws.

“There could be little legal recourse for international IP theft,” stated Norwood. “Rather than legal solutions, technological solutions could help protect IP when transmitted across international borders.”

Norwood assessed stepper motors and associated encrypted code in a simulated research study, seeking security flaws. While encryption is not always easily hacked these days, data becomes open to attack when the secure printer decrypts the code and changes it to instructions for printing.

“The G-Code instructions control the paths of the motors, heaters, and other processes of the printer. Printer software converts the G- 4 Code to stepper motor control signals, which motor drivers use to operate the stepper motors. Motor drivers send power signals along wires to the stepper motors, which control the physical motion of the printer as it prints parts,” states Norwood.

A hacker can feasibly detect all movements and pulse patterns, analyze them, and reverse engineer the process, resulting in their ability to rebuild stolen 3D-printed parts from their own end. And, while this type of attack sounds sophisticated, it is possible. For testing, Norwood used both a simulated additive manufacturing machine (consisting of the controlling computer, motor drivers, motors, and an external 24V power supply) and then an “attacking device” capable of translating the current transmitted through the motor wires—and then translating them (in reverse engineering mode) back into G-Code for use.

Full attacking device diagram [35]

“The sequence of coil charging is controlled by the stepper motor driver. The “state” column refers to the state of the stepper motor. As the motor turns, it progresses through four distinct states depending on the voltage of the coils,” explained Norwood.

Current sensor outputs compared to output of differential amplifier

The author was able to create a range of tests based on the sensors, recorders, and processors for analysis of forward or reverse motor motion, along with copying G-Code instructions similar to what would be used for a 3D-printed part. Clarifying that although the method was not 100 percent successful (possibly due to errors caused by the 3D printing simulation), Norwood stated that the success rate in assessment was high enough to show that his method was effective for long data sequences. It is also important to note that he was able to run a basic attack in simulation with a customized system costing under $100.

“To perform a full system test, one would not need to perform significant research and development of the attacking system. The approach for one motor could be repeated for all other printer motors, the data synchronized, and a full G-Code program recovered. The techniques presented in this thesis merely need to be repeated on more precise, advanced equipment to demonstrate a full system attack,” concluded the author.

“A system is only secure when the costs to hack it exceed the financial benefit. More advanced sensors, data recorders, and processors would not be prohibitively expensive. Advanced technology intellectual property can be worth millions of dollars, so it must be protected.”

Malicious attacks within the 3D printing industry have occurred before, such as the crypto-mining attack on Thingiverse, and users are aware of cyber threats, prompting challenges like cybersecurity hackathons, and graduate courses educating students on cybersecurity in additive manufacturing.

Full experimental setup

Pointing out that any transmitted data—encrypted or not—presents vulnerability, the author mentions other suggested solutions for preventing theft or pirating:

  • Fingerprinting or watermarking of products
  • Tracking of the entire information flow
  • “Smart contracts” ensuring security of data between entities working together
[Source / Images: ‘Demonstration of Vulnerabilities in Globally Distributed Additive Manufacturing’]

Share this Article

Recent News

3D Printing Webinar and Event Roundup: October 17, 2021

3D Printing News Briefs, October 16, 2021: STEM, 3D Printing Patents, & More


3D Design

3D Printed Art

3D Printed Food

3D Printed Guns

You May Also Like


Honda and WASP Partner for Sustainable 3D Printed Motorcycle Models

After delivering highly publicized 3D printed habitats, helping create commercial drones, and even providing technology for the Italian police to solve crimes, 3D printer manufacturer WASP announced the results of...


Divergent Now Has Six 12-Laser Metal 3D Printers to Produce its Supercars

Divergent Technologies, well-known for its 3D printed contributions to the automotive industry, announced that it has developed what it calls the “state-of-the-art” Divergent Adaptive Production System (DAPS®), an end-to-end digital...

3D Printing News Briefs, October 13, 2021: Metal 3D Printing, Prostheses, & More

In today’s 3D Printing News Briefs, ExOne and SSI are working together to drive volume production with metal binder jet 3D printing, and RadTech has announced a new photopolymer AM...

New Metal 3D Printer from AddUp Installed at Ohio State’s Manufacturing Center

AddUp, Inc., an industrial metal additive manufacturing OEM that was established by French companies Michelin and Fives as a joint venture, offers both Directed Energy Deposition (DED) and Laser Powder Bed Fusion (LPBF) printers,...


View our broad assortment of in house and third party products.