A Survey of Cybersecurity of Digital Manufacturing
Priyanka Mahesh, Akash Tiwari, Chenglu Jin, Panganamala R. Kumar, A. L. Narasimha Reddy, Satish T.S. Bukkapatanam, Nikhil Gupta, Ramesh Karri
JJOURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 1
A Survey of Cybersecurity and Resilience of DigitalManufacturing
Priyanka Mahesh, Akash Tiwari, Chenglu Jin, Panganamala R. Kumar,
Fellow, IEEE ,A. L. Narasimha Reddy,
Fellow, IEEE , Satish T.S. Bukkapatanam, Nikhil Gupta, and Ramesh Karri,
Fellow, IEEE
Abstract —Recent efforts towards industry 4.0 promote a digitalmanufacturing (DM) paradigm that can enhance quality andproductivity, reduce inventory and the lead-time for deliveringcustom, batch-of-one products based on achieving convergence of3D printing and hybrid machine tools, Automation and RoboticSystems, Sensors, Computing, and Communication Networks,Artificial Intelligence, and Big Data. A DM system consists ofembedded electronics, sensors, actuators, control software, andinter-connectivity to enable the machines and the componentswithin them to exchange data with other machines, componentstherein, the plant operators, inventory managers, and customers.This paper will outline the cybersecurity risks and threat vectorsin the emerging DM context, assess the impact on manufacturing,and identify approaches to secure DM.
Index Terms —Digital Manufacturing
I. I
NTRODUCTION D IGITALIZATION of manufacturing aided by advances insensors, artificial intelligence, robotics, and networkingtechnology, is revolutionizing the traditional manufacturing in-dustry by rethinking manufacturing as a service. Concurrently,there is a shift in demand from high volume manufacturing tobatches-of-one, custom manufacturing of products [1]. Whilethe large manufacturing enterprises can reallocate resourcesand transform themselves to seize these opportunities, themedium and small scale enterprises (MSEs) with limitedresources need to become federated and proactively dealwith digitalization. Many MSEs essentially consist of general-purpose machines that give them the flexibility to execute a va-riety of process plans and workflows to create one-off productswith complex shapes, textures, properties, and functionalities.One way the MSEs can stay relevant in the next generationdigital manufacturing (DM) environment is to become fullyinter-connected with other MSEs by using the digital threadand becoming part of a larger, cyber-manufacturing businessnetwork [2]. This allows the MSEs to make their resourcesvisible to the market and continue to receive work orders .Digitization will also enhance compliance with the largerindustry and customers in terms of technology standards andpractices, and access resources and services available throughthe inter-connected digital supply chain (DSN) network. P. Mahesh, C. Jin, N. Gupta, and R. Karri are with New York Uni-versity, Brooklyn, NY, 11201 USA. e-mail: { pm2929, chenglu.jin, ngupta,rkarri } @nyu.eduA. Tiwari, P. R. Kumar, A. L. N. Reddy, and S. T. S. Bukkapatanamare with Texas A&M University, College Station, TX, 77843 USA. e-mail: { akash.tiwari, prk, reddy, satish } @tamu.edu MSEs serve as suppliers to OEMs and other parts of the manufacturingsupply networks.
In the emerging DM, timeliness of information is impor-tant for lean production, as well as quality and productiv-ity assurance. Digitization creates communication channelsacross vendors and OEMs on one hand and between thevarious machines inside an MSE on the other. DM requiresthe integration of cyber (computing and communications)resources with the physical resources in the manufacturingprocess and supply chain. Continuous streaming of data fromsensors at various locations in the manufacturing plant (e.g.,individual machines and the network of machines) informs thedata-driven decision making that guides design modifications,calibrates manufacturing methods, and programs the robottasks and paths that they navigate the manufacturing floor.Securing such a distributed and connected cyber-physical sys-tem against cyberattacks requires developing novel approachesthat are tailored to the threats faced by such systems. Thecyberattacks can range from sabotage of product quality andintellectual property theft to ransomware. The attack surface,threat vectors, and solutions need to be analyzed to enable asecure, resilient, and scalable next generation DM.Traditionally, manufacturing plants have been siloed andnaturally create air gaps making them secure [3]. On onehand, DM exploits the information from the various sensorsand devices to streamline the process and material flow. Onthe other hand, the distributed and collaborative nature of DMexposes it to risks that come with the connectivity required toimplement DM. A typical DM process workflow is illustratedin Figure 1. A large part of the process before the actual manu-facturing step is completely digital and relies on computationalresources and computer networks for design, simulation, andprogramming the controllers of the manufacturing machines.The DM system may consist of additive, subtractive, andhybrid manufacturing machines. This process flow requiresconnectivity throughout the process chain. However, connec-tivity poses a security risk, which needs to be addressed bytraditional and novel cybersecurity solutions that are applicableto various steps of the process flow. This paper is focusedon analyzing the cybersecurity risks, developing an attacktaxonomy and proposing novel solutions designed for the DMcyber-physical system.This paper is organized as follows: Section 2 will present ahybrid manufacturing cell, a building block of DM, and usesit to discuss vulnerabilities. A taxonomy of threats for DMand attack case studies are discussed in Section III. SectionIV will demonstrate how novel manufacturing-unique defensescan mitigate the attacks. Section V discusses lessons learnedfrom state-of-the-art in DM security and research challenges. a r X i v : . [ c s . CR ] J un OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 2
Design team 1 Design team 2 Design team 3 : CAD libraries and scripts ! .? •CAD software•CSG modeling:CAD software : CSG modeling: --+ � Design file 1 (30 model) --+ �
Design file 2 (30 model) � :--+ � CAD software: Design file 3
CSG modeling, (30 model)
Computer-Aided Design •FEA Database.Finite Element Analysis t FEA Team t Printer Manufacturer ! Remote Access over the Internet Machine Specific Scripts ! ,____.. � i-� .STL/.AMF Slicer Software• G-Code : � CAM program Toolpath: Machine Firmware t Slicer/CAM Operator / � · t Calibration File Printer Operator H ybrid Manufacturing Ep / ( D t "'t ➔ Assembled Ultrasonic � Part Fused Dr osition "' t • � � .. • / Tomography 30 article Random lnjectr Mold*/ Samples r : Weight/Density :·------- I I
Sintering Strength
Testing and Assembly
Fig. 1. A representative process workflow in digital manufacturing systems.
II. H
YBRID M ANUFACTURING C ELL : A DM B
ASIC B LOCK
Hybrid manufacturing cells are a prime example of a DMbuilding block. Hybrid manufacturing combines traditionaland advanced manufacturing technologies with state-of-the-art DM to work in tandem to produce the desired part. Atraditional manufacturing cell has resources to process andproduce parts efficiently and economically. Key componentsof a hybrid manufacturing cell include classical manufacturingmachines retrofitted with sensors and connectivity, emergingdigitally-enabled manufacturing machines (e.g., additive, sub-tractive and hybrid machines), autonomous robots, and quality-control/inspection instrumentation.Connectivity and computational infrastructure are key en-ablers of hybrid manufacturing cells, and sets them apartfrom a traditional manufacturing cell. Connectivity includesthe feedback loops within the machines based on the machinestate and feedback loops based on the observations of theprocess from an observer external to the machine. It also refersto the communication channels among the manufacturingresources within the manufacturing cell. The computationalinfrastructure supports data collection, storage, analysis, anddecision making elements of manufacturing. While connectiv-ity and computational infrastructure improve the utilization ofthe manufacturing resources, they can be attack vectors forinternal and external adversaries. Thus, vulnerable nodes inthese supporting infrastructures must be identified and securedto realize the economic and efficiency benefits of DM. In thefollowing sub-sections we discuss applications of the hybridmachine tools, describe key components in a cell, feedbackloops within a cell and the vulnerabilities.
A. Applications of Hybrid Machines
While metal additive manufacturing processes are costly andinefficient for creating certain part features such as surfacetexture, subtractive manufacturing processes are expensive forcertain designs because of the tooling and material costs. Hy-brid machines bring synergy in these complementary processes (by including both additive and subtractive manufacturingcapabilities within a single machine) especially for manufac-turing custom components, resulting in reduced setup times,material costs and error in handling. Hybrid machines satisfythe quality and accuracy requirements for industrial applica-tions [4] and are able to replace process chains spread acrossmultiple machines (possibly located at different enterprises) tojust a single machine, reducing any logistical inefficiencies.Hybrid machines have been successfully used in re-manufacturing and repair of high value components and inmanufacturing parts that require complex process chains. Pipecasings for offshore oil extraction have several features (Boss,Fins, Flange and Spiral coatings) on the surface critical forthe application. The use of a hybrid machine for such a partwas proven to reduce material cost by ∼ B. The Hybrid Machine Tool
Figure 2(a) illustrates a hybrid machine tool with its threekey elements the hybrid process element, the controller, andthe smart element. The hybrid process elements include themilling tools, the coordinate measuring touch probe, grindingtools, and the laser engineered net-shaping process that em-ploys a directed energy deposition printing head. These toolssupport consecutively running the additive and subtractivemanufacturing cycles within a process cycle. The controlelement allows the user to interface with the hybrid processelement and the execution of process cycles. It acts as an
OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 3 (a) (b)Fig. 2. (a) Hybrid Machine Tool and constituent elements. Sensors shown include accelerometer, dynamometer, acoustic emission sensor and a high-speedcamera. (b) Data streams collected from the sensor wrapper of the smart element [10] internal observer that observes the internal state of the machine(e.g., position, feed rate, laser power, and spindle speed) andsends actuation signals based on the instructions specifiedby the operator. The smart elements include sensors (e.g.,accelerometer, acoustic emission sensor, dynamometer, anda high-speed camera) with supporting hardware. Hardwareand software that enable data acquisition from the sensorsare termed the sensor wrapper [11], [12]. The sensor wrapperimplementation is composed of high-resolution sensors, DataAcquisition system (e.g, CompactDAQ from the NationalInstruments), signal conditioning elements such as filters andamplifiers (e.g., AE2A Amplifier from Mistras), and humanmachine interface (e.g. LabView from National Instruments).The sensors include the acoustics sensors (e.g., WSA wide-band AE sensor from Physical Acoustics, accelerometer (e.g.,K-Shear 8728A500 from Kisler) and a dynamometer (e.g.,MFS15050 tri-axis dynamometer from CNIC Electric Co.).The sensor wrapper also has high-speed camera (e.g, MiniAX 200 high-speed camera from Photron). The sensor signalsallow the process states to be estimated for feedback control[13] as well as for providing observations from the perspectiveof an external observer (e.g., the operator) [14]. During theprocess cycle, the sensors collect acceleration, force, acousticemissions and camera recordings of the process. The threeelements of the hybrid machine tool work in harmony toenable refined control over the process. Such harmony ispossible due to the coordination among process hardware andIoT devices in the computing and the communication channels.
C. Process Control Based on Feedback Loops
The hybrid machine tool can produce parts with complexgeometries and functionalities. These capabilities of the ma-chine create complexities in the process cycles and allow for faults to creep into the process. While process faultsare inevitable for any complex system, one needs to executecorrective measures to mitigate the effects of these faults.Monitoring the process as an external observer is thereforeessential in operating the hybrid machine tool. The hybridelements can allow the operator to take corrective actions whena fault is observed. For example, a defect created in the partduring the additive manufacturing cycle can be undone byexecuting a subtractive cycle over the layer with the defectbefore resuming the additive cycle. Taking corrective measuresafter a fault occurs leads to loss in manufacturing lead timeand the physical resources. The smart elements can interveneto save time and resources by informing the operator aboutan imminent fault. This is possible by using the informationthat the sensor wrapper collects. Figure 2(b) illustrates thetime synchronized data stream for an additive manufacturingcycle collected over 120 seconds. The Data stream for theforce signals are densely packed, therefore an adjacent plotrepresents the force plot for a 0.05 second window. Theinformation generated from the sensor wrapper is voluminous.Data is sampled at a rate of 100 KHz, 50 KHz and 10 KHzfor the acoustic emissions, the accelerometer, and the forcetransducers, respectively. Each of these data streams over a120 second period generate 89.5 MB, 44.7 MB and 8.92 MBof data, respectively. The High-speed camera captures imagesat a maximum of 1000 frames per second amounting to 110GB over the 120 second period.The controller (internal observer) observes and controlsthe hybrid machine tool based on the machine state. Theexternal observer however, observes the process and takescorrective measures. This establishes two feedback loops. Thecontroller sends actuation signals to the hybrid machine toolbased on instructions within the G-code (subject to change
OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 4
Fig. 3. Closed Loop control block diagram for the Hybrid Machine Tool. based on the external observations of the process) that issent by the operator. The G-code is a file containing thehigh-level instructions meant to be executed on the hybridmachine. The operator may observe the information streamand take corrective measures by sending new instructionswhen the information stream resembles the nascent stages ofan imminent fault, thereby overcoming the fault altogether.This is illustrated in Figure 3 as a closed loop controller.The refined control over the process is thus achieved bya feedback control that is based on both information on themachine state and information about the process. The feedbackcontrol entails collecting, processing, and analyzing volumi-nous information to derive inferences about the process in realtime. This requires computing on large amounts of informationin a timely manner and may resort to AI methods to processthe information. This makes the need for computing infrastruc-ture apparent. Factors influencing the computing infrastructureinclude, the environment where computing happens, latency ofthe computation, the type of data, and the amount of data.In online quality control where the corrective and prognosticmeasures are to be taken, information from the sensor isprocessed in real time to infer about the state of the processand therefore, data storage and computing resources must be inthe vicinity of the process to avoid latency. Another situationfor online quality control is where latency of the calculation isnot an issue, but there are no computational resources on theshop floor. Then, the computational services offered by cloudplatforms are leveraged. For offline quality control, where adefect in the part is identified later, the investigator may usedata collected during the process to identify process faults –missed by online quality control– that may have led to a defect.Thus, the computing infrastructure is dictated by the require-ments of the manufacturing cell. Data storage, computations,and transmission of the calculations to the destination areessential to establish the closed loop control. Since manufac-turing shop-floors may be limited in their capacity to cater tosuch requirements efficiently, cloud computing infrastructurecould be economical and efficient. Cloud-based computinginfrastructure is mature and reliable for application in thehybrid manufacturing cells. Cloud service providers (e.g.,Amazon Web Services and Rackspace) have integrated the el-ements of storage, computation and communication. Amazonprovides storage services (namely, the Elastic Block Store)and hosts well-known services (R, Matlab, Mathematica) as Virtual Machines (VMs) in the cloud. All computations canbe visualized on the cloud VMs with software like Tableau andthe workflow in the cloud orchestrated by scientific workflowmanagement software such as Kepler.Figure 4 illustrates the cloud as being central to onlineand offline quality control for the hybrid manufacturing cells.Signals collected by the sensors from the plant are storedin a local historian (storage for the data stream) and isthen uploaded to the cloud for storage. From this point, thescientific workflow management software handles the flow ofdata. The computing VM is activated to receive the data, toanalyze the data, and to calculate new control signal outputs,which are downloaded onto the controller closing the loop. Foroffline quality control, scanning electron microscopes and 3Dprofilometers in the hybrid manufacturing cell inspect the partafter the process cycle. These instruments download process-related data streams from the cloud storage and identifyanomalies in the process to explain defects in the part.
D. Vulnerabilities in a Hybrid Machine Tool
Although the hybrid machine tool is only one of the multipleresources of a digital manufacturing process workflow, thiscritical resource has multiple vulnerable nodes. Figure 5summarizes eight vulnerable nodes in the closed loop controldiagram illustrated in Figure 3.1) The first class of vulnerabilities can be used to manipulatethe instructions sent to the controller/plant. The adversarycan intervene at nodes 1 and 2. At node 1 the adversarymodifies the instruction (typically a G-code) sent by theoperator. The adversary may intervene at node 2 andtamper with the actuation signal sent to the plant.2) The second class of vulnerabilities is the replay attack.At node 4, since the actuation signal is monitored, thereplay attack can trick the external observer into thinkingthat the instructions are executed as per specifications.3) The third class of vulnerabilities arise due to the feedbackloops. The internal observer (controller) and the externalobserver use the machine state and process informationto send new instructions. The adversary may intervene atnode 3, 5 and 6 to relay false information on the machinestate and process resulting in erroneous feedback control.This sabotages the process of online quality control.
Fig. 4. Cloud-based computing platform for a Hybrid Manufacturing Cell.
OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 5
Fig. 5. Vulnerable nodes in a Hybrid Machine Tool. The vulnerable nodesare identified by a red star, indexed by a subscript.
4) The last class of vulnerabilities are identified at nodes7 and 8. Node 7 corresponds to the side channel attacksleading to IP theft. Node 8 represents an indirect sabotageof the system in place due to counterfeit production.The block H ( s ) within the innermost feedback loop isa transfer function block that estimates the machine state(e.g., spindle speed, bed and tool position, laser power) basedon the measurements from built-in sensors, such as opticalscales and other motion trackers. The controller is continuallytracking the error between the reference signal (generated fromthe interpretation of the instructions in the G-code) and thefeedback signal of the estimated machine state from the hybridmachine tool. The reference signal specifies what the machinestate should be at any given point in time as per the instructionsin the G-code. The controller sends actuation signals ( (cid:126)u ) to thehybrid machine tool that nullifies this error and thus bringingthe machine state to the reference state. Injection attacksperformed at node 2, include false actuation signals that drivethe machine to undesirable states resulting in process faults.In case of a Man-in-the-Middle attack (replay attack) carriedout at node 3, the transfer function block receives incorrectobservations (contrary to the actual observations made bythe optical scales within the machine) leading to a trail ofmiscalculations of the estimate of the machine state, error andtherefore the actuation signal itself. Therefore, again resultingin the machine being driven to undesirable states and thuseventually faults in the process.The block H ( s ) in the outer feedback loop estimates thestate of the process, based on information from a sensorwrapper [15] and generates new instruction sets as required.Typically, the transfer functions tend to be nonlinear opera-tors to fuse information on the nonlinear and nonstationarydynamics underlying the measured signals to detect changesfor corrective actions [16] or anticipate anomalies for prgnos-tication and anticipatory control [17]. The state of the processis defined in terms of the thermo-mechanical state variablesthat capture the process that determines transformation of thegeometry, morphology, and the microstructure of the part asit is being realized, as well as the health of the machine andits components. Information derived from the sensor wrappermay include thermal history, acoustic emission, and vibrations.The new set of instructions generated based on the estimated process state include reduction of laser power for the DEDprocess if desired melt-pool geometry, thermal history and/ormicro structure are not realized, re-manufacturing of layersdue to part distortions, and stopping the machine for preventivemaintenance due to tool wear. Information on thermal historycan be used to predict part deformation during additive manu-facturing cycles[18]. Vibration data in a grinding process canpredict surface quality[15]. Acoustic emission signals can beused to predict the cutting conditions for orthogonal cuttingexperiments [19]. Such applications of the sensory informationfrom the process allow for generation of prognosis-basedinstructions to the controllers.The outer feedback loop tracks the process and serves thepurpose of minimizing the process deviation and averting anyprocess anomaly. Attacks on the outer feedback loop have adirect consequence on the inner feedback loop, since instruc-tions generated by the outer feedback loop are direct inputs tothe inner feedback loop. Man-in-the-Middle attacks carried outat nodes 4,5 or 6 yield incorrect process state estimations andtherefore wrong prognosis leading to generation of incorrectinstructions to the controller. Injection attacks at node 1 servethe effect of controllers in the inner feedback loop trackingreference signals generated from the adversarys instructions,obviating the efforts of the prognosis-based instructions fromthe external feedback loop.Side channel attacks at node 7 involve adversaries monitor-ing the footprint generated by the process. These footprints,for example, can be captured using a microphone that col-lects the acoustic sounds produced by the machine when inoperation [20] or by tapping into the sensor data and othersignals in the outer feedback loop. Adversaries that track thesefootprints from un-monitored channels could reverse engineerthe product and create counterfeits which could find their wayinto the supply chain of critical components. Although theeffect of a counterfeited product is not as pronounced in themanufacturing of low volume, high-value customizable partsas is the case where these hybrid machines are put to use,existence of such threats cannot be overlooked. Counterfeitproducts do not qualify the strict quality standards causingdevastation in critical applications. They also sabotage brandreputation. Counterfeiting practices threaten the entire hybridmachine tool that is meticulously put in place with its feedbackloops to ensure strict part quality and highlighted as node 8.III. D IGITAL M ANUFACTURING : T
AXONOMY OF T HREATS
Cyber-enablement and interconnectivty of digital supplychain networks introduce threats including financial theft andtheft of IP. Some of the threats are unique to DM includingdigitally printing dangerous or illegal components, stealingcompetitor IP (e.g. the design files), modifying them andmanufacturing counterfeits or sub-standard components anddeny service by taking manufacturing plants or critical parts ofthe manufacturing plants (e.g. printers) offline. The attackersmay have different motivations including (i) nation stateactors, (ii) organized criminals, (iii) politically, socially, orideologically motivated hacktivists, (iv) hackers with financialgain or sabotage intent, (v) competitors, and (vi) malicious
OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 6
Reverse EngineerDeny ServiceReduce ReliabilitySide Channel LeakEstablish Covert ChannelTamper Data CAD SoftwareComponents, such as Sensors, ActuatorsDesign File (stereolithography file) Digital Manufacturing MachineControllerToolpath(g-code) WatermarkingIP AuthenticationPhysical AuthenticationFingerprintingObfuscationIP TheftSabotagePiracyCounterfeiting
Attack Goals Attacks Attack Targets Countermeasures
Fig. 6. Threat taxonomy and corresponding security measures. The left column (orange) shows the goals of attackers, and the red column describes possibleattacks, the green column shows the targets of attackers, and the right column (blue) shows countermeasures. The arrows from the orange column to the redcolumn show how an attacker can achieve different goals using various attacks, and the arrows from the red column to the green column show how eachattack can be applied on each target. Also, the arrows from the green column to the blue column show how each component in DM systems can be protectedby countermeasures. insiders. The motivation of the attacker, resources available,and the damage caused in each category can be different andshould be a part of the threat analysis.
A. Taxonomy of threats
Figure 6 shows a taxonomy of attacks, attack goals, attacktargets and the countermeasures using the DM process chain inFigure 1. It also shows how an attacker can choose their attackmethods based on their goals and targets. This taxonomy isused to develop defenses presented in Figure 6. For example,to prevent an attacker from tampering with the design files(e.g., STL files), a defender can embed identification codesin the design to physically authenticate the printed product.If the design has been tampered with or reverse engineered,the embedded code will be impacted, and therefore will notmatch with the correct one.According to this taxonomy, we classify recent relatedworks in Table I. We first classify the papers based on whetherthey focus on attacks or defenses or both. Then the threatmodels that they consider are identified. In the case that thepaper is a survey that covers a variety of threat models, wewill leave the threat model field blank. Lastly, we categorizeall papers based on the attack methods they presented or basedon the defenses. It is not surprising that most papers arefocused on presenting possible defenses. However, in orderto develop a defense scheme, the threat model that it targetsoverwhelmingly indicates that sabotage is the main attack goaland the attacks are launched either to tamper the files or for IPtheft. IP theft is a major concern in DM because the design ofhardware parts remains the same for many years, even decades.Revision to the designs that have been in place for so long,due to design theft becomes expensive and taxing exercise.A related issue in manufacturing sector is that a legitimatelyobtained part can be used to reverse engineer the part designwhich is then used for unauthorized production leading toIP theft. The deterrence in such cases lies in the production method that cannot be easily copied or decoded. Although DoSattacks are a major concern in financial and technology sectors,they are not a major concern in the manufacturing sector.This is because in many large manufacturing enterprises,the manufacturing machines are maintained on a separate,protected internal network, which is then securely connectedto the internet for software or firmware updates only undersupervision when the production activity is not taking place.A growing concern is the manufacturing-unique side channels(e.g., acoustics) and side channel attacks aided by machinelearning used to uncover patterns in data obtained from themultiple sensing sources such as the acoustic, thermal, smartpower meter and security camera sensors.The threats in our taxonomy apply to all type of manufactur-ing machines including the hybrid machines. The complexityof the hybrid machine tool opens up possibilities for attackersto sabotage or steal secrets. Attackers can sabotage the prod-ucts by tampering the control signals, or instructions (e.g.,the G-Code) from the operators. Attackers can steal designsecrets from side channel leaks from the hybrid machine tool.To explain the attacks and potential impact of the attacks onvarious aspects of DM process chain, we present five casestudies shown as red rows in Table I.
B. Case Study 1 Dr0wned attack on AM [24]
Informed by taxonomy of Figure 6, the goal of this attackwas sabotage. The attack was conducted to reduce reliability ofthe part, and the attack target was design files. This attack on a3D printer deliberately introduced defects into the part duringprinting [24]. The controller PC connected to the 3D printerwas compromised by exploiting an un-patched vulnerability inWinRAR. The attack decreased the fatigue life of a quadcopterpropeller causing a mid-flight failure by manipulating thepart geometry (an example shown in Figure 7(b)). The attackwas executed in three stages: The attacker compromises theController PC, developed a counterfeit design similar to the
OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 7
TABLE IC
ATEGORIZATION OF
DM S
ECURITY STUDIES . “D O S”, “R EV . E NGG .”, “T
AMPER ”, “U
NRELIABLE ”, C OV . CHANNEL ” STAND FOR “D ENIAL OF S ERVICE ”, “R
EVERSE E NGINEERING ”, “T
AMPERING DATA ”, “R
EDUCE RELIABILITY ”, AND “ COVERT CHANNEL ”, RESPECTIVELY . R
ED ROWS AREATTACK CASE STUDIES IN SECTION
III. B
LUE ROWS ARE DEFENSE CASE STUDIES IN SECTION
IV.
Attack Goals AttacksPapers A tt ac k s D e f e n s e s P i r ac y S a bo t a g e C oun t e rf e it D o S R e v . E ngg . T a m p e r U n r e li a b l e S i d ec h a nn e l C ov . c h a nn e l I P T h e f t Gupta et al. [21] (cid:88) (cid:88) (cid:88) (cid:88)
Strurm et al. [22] (cid:88) (cid:88) (cid:88)
Ranabhat et al. [23] (cid:88) (cid:88) (cid:88) (cid:88)
Belikovetsky et al. [24] (cid:88) (cid:88) (cid:88) (cid:88) (cid:88)
Yampolskiy et al. [25] (cid:88) (cid:88) (cid:88) Wu et al. [26] (cid:88) (cid:88) (cid:88) (cid:88) (cid:88) Chhetri et al. [27] (cid:88) (cid:88) (cid:88) (cid:88) (cid:88)
Desmit et al. [28] (cid:88) (cid:88) (cid:88) (cid:88) (cid:88)
Chen et al. [29] (cid:88) (cid:88) (cid:88) (cid:88)
Elhabashya et al. [30] (cid:88) (cid:88) (cid:88) (cid:88) (cid:88)
Moore et al. [31] (cid:88) (cid:88) (cid:88) (cid:88) (cid:88)
Bracho et al. [32] (cid:88) (cid:88) (cid:88) (cid:88)
Graves et al. [33] (cid:88) (cid:88) (cid:88) (cid:88)
Yampolskiy et al. [34] (cid:88) (cid:88) (cid:88) (cid:88) (cid:88) (cid:88)
Chhetri et al. [35] (cid:88) (cid:88) (cid:88) (cid:88) (cid:88)
Belikovetsky et al. [36] (cid:88) (cid:88) (cid:88) (cid:88) (cid:88)
Chhetri et al. [37] (cid:88) (cid:88) (cid:88) (cid:88)
Baumann et al. [38] (cid:88) (cid:88) (cid:88) (cid:88) Wu et al. [39] (cid:88) (cid:88) (cid:88) (cid:88) (cid:88) Gupta et al. [40] (cid:88) (cid:88) (cid:88) (cid:88) (cid:88) (cid:88)
Moore et al. [41] (cid:88) (cid:88) (cid:88) (cid:88) (cid:88)
Tsoutsos et al. [10] (cid:88) (cid:88) (cid:88)
Belikovetsky et al. [42] (cid:88) (cid:88) (cid:88) (cid:88) (cid:88) (cid:88) (cid:88)
Zarreh et al. [43] (cid:88) (cid:88) (cid:88) (cid:88) (cid:88) (cid:88)
Miller et al. [44] (cid:88) (cid:88) (cid:88) (cid:88) (cid:88)
Chaduvula et al. [45] (cid:88) (cid:88) (cid:88) (cid:88)
Raban et al. [46] (cid:88) (cid:88) (cid:88) (cid:88) (cid:88) (cid:88)
Chen et al. [47] (cid:88) (cid:88) (cid:88) Yu et al. [48] (cid:88) (cid:88) (cid:88) Hoffman et al. [49] (cid:88) (cid:88) (cid:88) (cid:88)
Abdulhameed et al. [50] (cid:88) (cid:88) (cid:88)
Padmanabhan et al. [51] (cid:88) (cid:88) (cid:88)
Prinsloo et al. [52] (cid:88) (cid:88) (cid:88) (cid:88) (cid:88) (cid:88)
Chhetri et al. [53] (cid:88) (cid:88) (cid:88)
Calzado et al. [54] (cid:88) (cid:88)
Yampolskiy et al. [55] (cid:88) (cid:88) (cid:88)
Ivanova et al. [56] (cid:88) (cid:88)
Bridges et al. [57] (cid:88) (cid:88) (cid:88) (cid:88) (cid:88)
Holland et al. [58] (cid:88) (cid:88)
Chhetri et al. [59] (cid:88) (cid:88) (cid:88) (cid:88)
Wei et al. [60] (cid:88) (cid:88) (cid:88) Wu et al. [61] (cid:88) (cid:88) (cid:88) Vincent et al. [62] (cid:88) (cid:88) (cid:88) (cid:88) (cid:88) (cid:88)
Riel et al. [63] (cid:88) (cid:88) (cid:88) (cid:88)
Ren et al. [64] (cid:88) (cid:88) (cid:88) (cid:88) He et al. [65] (cid:88) (cid:88) (cid:88) (cid:88) (cid:88) Wu et al. [66] (cid:88) (cid:88) (cid:88) (cid:88) (cid:88) (cid:88) Fey et al. [67] (cid:88) (cid:88) (cid:88) (cid:88)
Elhabashy et al. [68] (cid:88) (cid:88) (cid:88)
Slaughter et al. [69] (cid:88) (cid:88) (cid:88) (cid:88) (cid:88)
Satchidanandan et al. [70] (cid:88) (cid:88) (cid:88)
Satchidanandan et al. [71] (cid:88) (cid:88) (cid:88)
Woollaston [72] (cid:88) (cid:88) (cid:88)
INCIBE [73] (cid:88) (cid:88) (cid:88)
Satchidanandan et al. [74] (cid:88) (cid:88) (cid:88)
Behera et al. [75] (cid:88) (cid:88) (cid:88)
OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 8 (a) (b) (c)Fig. 7. (a) Two 3D printed propellers. One of is defective. (b) CAD model of the design. (c) Design is compromised at the joints causing in-service failure. [24] original design, and replaced the original design file on the vic-tims PC with the counterfeit design file with the manipulationsshown in Figure 7(c). A reverse shell backdoor was installedon the PC, which was used to submit jobs to the 3D printer.This allowed the malicious software to take over the 3-Dprinter and execute commands by the hacker. According to ourtaxonomy, a variety of defenses can be applied to this scenario.Although the attacker exploited a software vulnerability, thedetection of sabotage was possible by more rigorous testingof the part.
C. Case Study 2: Cyberattack on the Honda automotivephysical plant [72]
Honda’ Tokyo-based automotive production plant wasforced to go offline by the self-propagating malware Wan-naCry impacting the production of about 1000 vehicles [72].The WannaCry malware infected hundreds of thousands ofcomputers worldwide by exploiting vulnerabilities in un-patched legacy systems [76]. The plant was shut down for48 hours to recover operations and data, as both the ICSand IT networks were impacted [72]. As shown in Figure 8the ransomware got deployed in the plant computer networkusing a backdoor in an older un-patched version of thewindows OS and then infected all systems in the network.According to our taxonomy in Figure 6, the attacker in thiscase launched a denial of service attack on the automotiveplant by infecting and tampering their controller computers inthe control network.
D. Case Study 3: Cyberattack on the physical power grid [73]
Attackers may want to sabotage DM machines by temperingwith their power supplies. Idaho National Laboratory demon-strated Aurora Vulnerability, where a connected generator wassubjected to cyberattack on the control processors to openand close the breakers out of sync [73]. This stressed themechanical systems inside the power generator, destabilizingit and causing it to explode. This and other similar attacks candamage the physical infrastructure in a manufacturing plant.Nation-scale attacks have been launched on the Ukrainianpower grid leading to country-wide power outages affecting230,000 citizens [77]. Three power distribution companieswere affected as a result of this coordinated cyberattack thatlasted for several hours. This attack exploited credentials andinfected the network and SCADA systems using phishingemails with malware [77]. Absence of network monitoring and rules for remote access led to this attack. Disruptionin the power supply even momentarily can damage the partthat is being manufactured and some of the damages maygo undetected because of their small size or location. As pertaxonomy Figure 6, these attacks have the goal of sabotagingthe product or the machine and the target can be any systemconnected to the power supply, ranging from power grid andsmarts meter (side channels) to the printer power supply.
E. Case Study 4: Additive Manufacturing Firmware At-tack [31]
Attackers may set their attack target to be the firmwareof 3D printer. If the firmware is compromised, attackers cansabotage the system by either modifying the control or denythe service of the machines. The attacker’s strategy is to exploitthe firmware in order to selectively affect the integrity ofprinted artifacts; this approach is particularly effective in caserandom sample testing is applied after the artifact is printed,as it increases the chance of bypassing detection. Furthermore,any intervention to the printer firmware (especially at thebootloader level) can make the attack persistent.There are different tactics an attacker can employ to infectthe printer firmware. Most 3D printers and hybrid manufac-turing platforms support Internet connectivity to allow remotemanagement or troubleshooting from the manufacturer, as partof a service-level agreement with the end-users. In this case,attackers can exploit vulnerabilities in the network servicesrunning on the printer and eventually escalate their privilegeson the printer. This privilege escalation can be exploited toupdate the printer with infected firmware, in case signedfirmware updates are not supported. Another attack vector thatmay be exploited, is the input file parser within the printer. Incases where the firmware directly processes tool path inputfiles (e.g. G-code files), any input sanity vulnerability mayallow memory corruption and execution flow hijacking. In thiscase, attackers can inject malicious routines through input files,or reuse existing code within the firmware memory space.As soon as an attacker has infected the printer firmware,they can easily control the actuators of the printer (e.g.,print head motors, extruder valves or laser operation). Bycontrolling these actuators in a judicious fashion, attackers caninject physical property attacks [31]. Furthermore, attackerscan also perform a Denial of Service (DoS) attack to the printerso that legitimate users can no longer use the 3D print service.
OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 9
Fig. 8. WannaCry cyberattack on the Honda automotive plant computer network [72] . F. Case Study 5: Dissolvable support material [40]
This attack is applicable to multihead/multimaterial printers,where support material can be printed in addition to the buildmaterial. Typically, the support material is dissolvable and assoon as the part is printed, it is submerged into an oxidizer(e.g., acid) to separate it from the build material. The attackconsists of maliciously replacing build material in the interiorof the 3D part with support material, allowing narrow channelsfor oxidizer to enter inside. Then, as soon as the print iscomplete and the solvent removes all support material, itwould also carve hollow spaces within the part, where originalbuild material was replaced. The effect of this attack is toreduce the structural integrity of the part, since the internalstructure will no longer be solid. According to our taxonomy inFigure 6, this attack is classified as sabotage on DM machinein order to reduce the reliability of the products.IV. D
IGITAL M ANUFACTURING : C
YBERPHYSICAL D EFENSES
This section presents five case studies of manufacturing-unique defenses spanning watermarking of controllers usedin a range manufacturing settings, design obfuscation, partidentification and provenance checking using embedded codes,authentication of designs in the signal processing domain,and an epidemiological approach to manufacturing IoT devicesecurity by leveraging their inherent diversity.
A. Securing Manufacturing Controllers via Dynamic Water-marks[70], [71]
Manufacturing may be broadly subdivided into discretemanufacturing and process manufacturing. Discrete manufac-turing is concerned with manufacture or assembly of discreteunits. In contrast, in process industries, the production pro-cesses are continuous and batches are indistinguishable [78].Examples are manufacturing plants such as chemical refineriesand paper mills. The production process depends critically onmaintaining the compositions, temperatures, pressures, etc.,of relevant chemical reactions, the levels of tanks, or flowrates, etc. The regulation of all the required variables is done
Fig. 9.
A manufacturing plant with some subverted nodes. through a feedback control loop that senses the relevant outputvariables and calculates what actuation commands to apply.Therefore the sensors, actuators and control laws play acritical role in the manufacturing process. The measurementsmade by the sensors typically travel over a communicationnetwork. The measurements may also be processed at nodesin the network either for fusing information or for performingcomputations to support the control law. The problem of cyber-security arises since sensor measurements or other informationtraveling over the communication network may be intercepteden route and altered. It is also possible that in distributedcontrol systems, the sensors may be compromised to reportfalse measurements. Therefore, for securing the manufacturingprocesses, it is critical to address the security of the overalldistributed control system. Figure 9 depicts a manufacturingplant with some compromised nodes in the feedback loops.One can unify all the cases via a simple abstraction wherejust sensors are compromised, as indicated in Figure 10. Wher-ever the corruption of the measurements may have taken place,one can just suppose that the sensor has been compromised.The resulting threat model is shown in Figure 11. Oneor more sensors/communication/computational nodes in thecyberphysical system may be compromised, as indicated inFig. 9. A compromised sensor node can report any false dataat any time, as shown in Fig. 11. We do not restrict the
OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 10 range of false-data attacks. With this abstraction in hand, itis possible to develop an active defense based on the idea of“dynamic watermarking” [74]. The basic idea is illustrated inFigure 12. Consider the problem of verifying if a sensor isbeing truthful in reporting its plant output measurements. Theactuation nodes superimpose a small secret random “excitationsignal” onto their nominal actuation command.This secret excitation can be regarded as a form of “wa-termarking” in the signal domain for the dynamical (control)system and hence the name dynamic watermarking. This exci-tation applied into the plant manifests itself in a transformedway in the outputs of the plant – it is indelible just like awatermark on a sheet of paper. The manner in which it istransformed depends on the dynamics of the pathway fromthe actuator to the particular output. In model-based control,design engineers have a good model of this pathway. If asensor reports measurements that do not contain the trans-formed watermark, then the actuator can deduce that the sensormeasurements have been compromised somewhere. One canconclude that an attack is happening and act appropriately.The tests to determine whether the sensor measurementscontain the appropriate watermark are statistical in nature.They rely on the fact that noise is normally present in thesensor measurements, and that the attacker cannot separatethis ambient noise from the superimposed private excitationapplied by the actuator. The statistical tests that can beconducted in various scenarios are described in [74], [79]. Toillustrate the core of the idea, consider the following example.
Example:
Consider a fully-observed linear scalar Gaussiancontrolled dynamical system described by the equation: x [ t + 1] = ax [ t ] + bu [ t ] + w [ t ] , where x [ t ] is the state of the system and u [ t ] is the controlinput at time t . w [ t ] ∼ N (0 , σ w ) is i.i.d. noise with a Gaussiandistribution. We suppose that a, b, σ w are known to the controlsystem designer. Let z [ t ] be the measurement reported by thesensor. A truthful sensor reports z [ t ] ≡ x [ t ] , but a malicioussensor reports z [ t ] (cid:54)≡ x [ t ] . We assume an arbitrary history-dependent feedback control policy g is in place, so that thecontrol policy-specified input is u nominal [ t ] = g t ( z t ) , where z t := ( z [1] , z [2] , . . . , z [ t ]) denotes the reported measure-ments up to time t . This results in a closed loop system, x [ t + 1] = ax [ t ] + bu nominal [ t ] + w [ t ] . Suppose that the actuatorsuperimposes a Gaussian noise unknown to the sensor on its
Fig. 10.
The abstraction of a manufacturing plant with compromisedsensors.
Fig. 11. The malicious behavior of sensor nodes. control input: u [ t ] = u nominal [ t ] + e [ t ] , where e [ t ] ∼ N (0 , σ e ) is a “dynamic watermark.”. The true state therefore satisfies: x [ t + 1] − ax [ t ] − bu nominal [ t ] ∼ N (0 , σ w ) , and (1) x [ t + 1] − ax [ t ] ∼ N (0 , b σ e + σ w ) . (2)The intuition behind dynamic watermarking is that by super-imposing the private excitation that is unknown to the sensor,the actuator forces the sensor to report measurements that arecorrelated with { e [ t ] } , lest it be exposed. In particular, for thisscalar system, the following two “Attack Detector Tests” canbe done by the actuator to detect if the sensor is malicious: Attack Detector Test 1:
Actuator checks if the reported se-quence of measurements { z [ t ] } satisfies lim T →∞ T (cid:80) T − t =0 ( z [ t +1] − az [ t ] − bu nominal [ t ] − be [ t ]) = σ w . Attack Detector Test 2:
Actuator checks if the reported se-quence of measurements { z [ t ] } satisfies lim T →∞ T (cid:80) T − t =0 ( z [ t +1] − az [ t ] − bu nominal [ t ]) = b σ e + σ w . If the sensor is honest and reports truthful measurements z [ t ] ≡ x [ t ] , it passes both Tests. If either test fails, the actuatorcan declare the presence of a malicious sensor in the system.The more difficult question is: If the signal z [ t ] passes both Fig. 12.
Dynamic Watermarking: The Actuator Node i adds asecret noise e i ( t ) , called “watermark,” to the nominal control input u i, nominal ( t ) that it is expected to apply given the reported sensormeasurements. It can disclose that it is adding a secret noise, andit can also disclose the statistics of the watermark, but it does not reveal the actual value of the random signal e i ( t ) . OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 11
Tests 1 and 2, then what guarantees can we provide on theCPS ? Rather strong guarantees can be provided if the signalpasses both Tests. Let v [ t +1] := z [ t +1] − az [ t ] − bu nominal [ t ] − be [ t ] − w [ t ] . It has the interpretation as the additive distortionsequence introduced by the malicious sensors to the processnoise present in the system . If z [ t ] ≡ x [ t ] , then v [ t ] ≡ . Theorem 1 [74]:
Suppose that the reported sequence of mea-surements passes the two tests. lim T →∞ T (cid:80) Tt =1 v [ t ] = 0 .That is, { v [ t ] } is a zero power signal.It states that if the malicious sensors wish to remain undetectedby passing the above two tests employed by the actuators, thenthe only attack that they can launch is to distort the processnoise present in the system by adding a zero power signalto it. This in turn allows the dynamic watermarking methodto provide powerful guarantees on the overall closed-loopperformance of the Physical Plant even under attack. Suppose,for example, that | a | < and a closed-loop linear control lawhas been designed to maintain stability, u nominal [ t ] = f x [ t ] with | a + bf | < , with the control gain g chosen to yield goodquadratic regulator performance. Theorem 2 [74]:
The malicious sensor cannot compromisethe mean-square performance if it is to remain undetectedthrough the above two Tests: lim T →∞ T (cid:80) T − t =0 x [ t ] =( σ w + B σ e ) / (1 − | a + bf | ) .System metrics such as the quadratic regulation cost cannotbe degraded by the malicious sensors, no matter what attackstrategy they employ, without being detected.The dynamic watermarking is only designed to detect anattack. What is to be done after an attack is detected dependson the context. In some plants, one may be able to switchto manual control. In others, one may be able to replace thesensor, or reboot the system. Dynamic watermarking is anactive defense in which the actuators inject secret excitationin order to monitor the system and detect any adversarialpresence. This idea was introduced in [80] to detect replayattacks, and extended in [81] to detect other attacks. Thepapers [74], [79], [82] develop detectors that provably detectarbitrary attacks that introduce non-zero power distortion.Dynamic Watermarking is a general methodology that canapply in a variety of contexts. It has been implementedin a laboratory process control system [83]. A laboratorydemonstration showing the efficacy of dynamic watermarkingin an automation transportation testbed [84] was followed byan implementation on a real autonomous vehicle driven inautonomous mode [85]. It holds potential to be deployed asa general purpose attack detection strategy in digital and con-tinuous manufacturing plants, and in IoT and manufacturingsystems with sensors and actuators. B. Security of Design files: Obfuscating Designs [40]
One of the major concerns in the DM is to ensure thesecurity and authenticity of CAD files. These files are de-signed to provide incredible capabilities and information to thedesigners. For example, some design software programs savethe entire workflow as a feature tree that the designers canuse to conveniently recall a previous design step by a singleclick. However, such capabilities are also major security risks
Fig. 13.
The same CAD model of a gear shows different physicalgeometry when it is sliced and printed on the 3D printer build platein the x-z and x-y orientations due to the presence of security features. because these files can reveal not only the design but also theentire design process. Hence, embedding security in the designfiles may compromise some of the functionalities [86].Recent studies have shown the possibility of embedding alayer of security in the form of design features. These featurescan be developed with design elements such as overlappingsurfaces, curvatures, and scaling functions. A part 3D printedfrom the design file containing such security features willappear to be different than the onscreen representation of thegeometry unless the security key is applied. An example ofsuch secure CAD file is shown in Figure 13, where a stolenCAD file will print with a different gear geometry if thefile is not sliced and printed in the prescribed orientation. Acombination of slicing orientation, slicing resolution, printerresolution and other manufacture-time processing parameterscan be used for designing such security features.
C. Securing Manufactured Parts by Embedding Codes[47]
Parts manufactured by subtractive or formative manufac-turing rely on surface markings for identification or au-thentication. Serial number, bar code, QR codes, and otherforms of identifications are stamped or embossed on theparts. Additive manufacturing presents a unique possibilityof encoding information inside the part during manufacturingbecause the part is printed layer by layer. Either conventionalor bespoke identification marks can be encoded in the product.These internal markings can be read by imaging methodssuch as tomography, radiography, and ultrasonic imaging.We have demonstrated the possibility of embedding a QRcode inside the part [86]. The method of embedding theinternal identification codes depends on the AM technology.For example, sintering temperature can be changed locally togenerate a feature that provides a different signature when the
OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 12
Fig. 14.
Two QR codes are sliced into 300 parts each and embeddedas interpenetrating codes. The correct slicing will retain only theauthentic code. Incorrect slicing will retain points that will notproduce any scannable code. product is subjected to tomography. Methods such as selectivelaser sintering have a resolution of only a few microns so anindividual feature of such size is not a concern in terms of themechanical properties of the part. The method demonstratedslices a larger QR code into hundreds of pixel sized parts.These parts are spatially distributed in a large number of slicesof the part after the slicing operation. Each part is below thecritical size compromising the mechanical properties. Slicingof the code into hundreds of parts also makes it difficult tofind the unique direction from which this would become ascannable code. Such obfuscation schemes can be designed towork in a number of ways. In one possibility, the sliced codescan be oriented such that the code is present in the CAD/STLfiles but slicing will remove it and produce a solid part withouta trace of the code in it.Reverse engineered and reconstructed CAD files will nothave the code. Hence, the parts manufactured from these fileswill also not have the codes. Further, the parts printed fromstolen CAD files will have the code and will allow identifyingthe unauthorized counterfeit. In another embodiment, twointer-penetrating codes can be designed such that slicing atcertain angles will remove one code with the remaining codeused for identification as shown in Figure 14 [86]. Thisscheme will result in reverse engineered CAD files that donot resemble the original ones.
D. Intellectual Property Protection by Fingerprinting in theAcoustic Domain [75]
CAD files are used as inputs for 3D printers in AM methods.These files are not designed for mere visualization of the partdesign but are designed to manufacture the part. This posesa limitation on encryption and compression methods that canbe applied to such files. Any algorithm that causes a loss ofinformation will not be useful for such application and onlylossless methods are required.A novel encryption method is proposed where a losslessalgorithm converts the CAD files to frequency domain audiofiles [75]. The frequency domain files are saved as a spectro-gram, which is used to generate the fingerprints of the design in the form of (time, frequency) pairs for the amplitude peaks.These fingerprints can be used as an alternate modality for fileauthentication at any step in the manufacturing process chain.Figure 15 shows a CAD model of a wheel hub, which istransformed into the frequency domain spectrogram. The reddots in the spectrogram mark the fingerprints identified forthe model. The number of fingerprints depend on a designerspecified threshold level or automatically determined basedon the security level. If the entire spectrogram is saved orthe threshold level is low enough, the spectrogram can beconverted back to the CAD model without any distortion orloss of geometry. Such spectrograms are sensitive to change inthe design file. Even changing a dimension to the limit of res-olution of the CAD file will generate significant perturbationsin the fingerprints that can be detected.
E. Securing Manufacturing IoT Networks by Device Popula-tion Diversity
The manufacturing industry is adopting Internet-of-Things(IoT) devices at 40% annual growth rates for enhanced assetmanagement and increased productivity [87]. The proliferationof IoT and other non-compute devices is increasing the diver-sity of devices connected to the network in the next-generationmanufacturing system [88]. The number and diversity ofIoT devices is expected to grow over time as sensors andcontrollers are deployed widely [89]–[95].Due to the increasing diversity in IoT devices, their ease inconnecting to networks, weak default password configurations,and general lack of ability to automatic upgrade of firmware,they are an easy target for cyberattacks [96]–[100]. Whileefforts to deal with vulnerability of a particular equipment or aunit in manufacturing system has been reasonably addressed,assuring cybersecurity in the presence of a diverse ”populationmix” of IoT sensors and other non-compute devices deployedin the next-generation manufacturing plants or across theenterprise has not received much attention.As a proxy to studying the device population mix in a realworld manufacturing enterprise, we carried out a measurementcampaign of types of devices on a large-scale campus network[95]. We carried out a census of devices connected to thecampus network, and classified them based on their function.The results are shown in Figure 16(a). The devices connectedto the network included desktops, laptops, mobile phones,VOIP phones, printers, TV displays, AV equipment, scienceappliances, and building automation gear among others. While
Fig. 15.
Lossless transformation of a wheel hub solid model fromCAD format to frequency domain spectrogram.
OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 13 (a)
Printer Firmware Printer Passwords (b) (c)Fig. 16. (a) Diversity in device population on a Network. (b) Printers with no passwords (c) Status of firmware updates on printers. the importance of keeping the computing equipment patchedand up-to-date has for obvious reasons been recognized forquite some time, only recently the security of non-compute IoTdevices has started receiving attention [101]. Our study showedthat over 71% of devices on the campus network are non-compute. Among these, ∼
59% of the printers on the networkhad out-of-date firmware (see Figure 16(b)) and over half ofthe printers had no password. In a manufacturing plant, thepercentage and diversity of non-compute devices is expectedto be higher.Current network security approaches and tools are deviceagnostic and ignore the diversity of the networked IoT devices.However, not all the devices are created equal and not allthe devices are updated and maintained at the same level ofnetwork hygiene. In the campus network that we studied, whilethe computers are managed, patched, and secured by the ITteam, the printers are maintained by graduate students, theVOIP phones are managed by the communications department,and the building automation devices are maintained by the fa-cilities department. This leads to inconsistencies in the hygieneand health across devices. We advocate enhancing securitytools to consider the diversity of the device populations.Public health experts and epidemiologists consider popula-tion diversity and the differing impact of diseases on differentgroups in keeping the population healthy. Similarly, we advo-cate network security policies and mechanisms tailored to thepopulation of devices in the manufacturing network. This hasbenefits over state-of-the-art device-agnostic approaches.Dynamics of the device population has a significant impacton virus/attack epidemics in the network. For example, theMirai attack targeted particular type of devices and networkswith these devices had more compromises. Knowing the localdevice population allows one to mine CERT vulnerabilitydatabase [102], [103] to study vulnerabilities specific to thenetwork. The CERT database is a repository of known vul-nerabilities characterized by anticipated criticality. We canconstruct device population specific attack vulnerability pro-files. Besides the CERT database, one could use internalinformation to augment the network monitoring tools. Forexample, a Programmable Logic Controller (PLC) control-ling a boiler may need to be more carefully monitored andprotected compared to a printer on the network. If additionalinformation about the devices is available, this can be factoredinto allocation decisions on monitoring devices. Data fromour study on campus devices revealed that the firmware in printers is not upgraded as frequently as in other devices (seeFig. 16(c)). While this knowledge is beneficial in deployingIT resources for updating/patching the device firmware toreduce the number of un-patched vulnerabilities, until that timethese devices are upgraded, extra resources maybe needed tomonitor them.It is important to study the vulnerabilities of the networkdevice population and take steps to protect local device pop-ulations. Following are at least three ways.1) Based on the number of local devices and the knownvulnerabilities on these devices, network monitoring toolsand resources can be optimally apportioned to maximizetheir effectiveness in detecting and containing the attacks.At the time of connection, the level of provided networkservice can be tailored to the known security vulnerabil-ities of the device requesting network service. The levelsof service could include complete detail of service, lim-ited access through security perimeters, requiring securitypatches or upgrades before full access could be providedetc. These approaches apply one device at a time at thetime of connecting to the network.2) Isolate similarly vulnerable devices on a Virtual LAN(VLAN) to provide suitable security for these devices.For example, the Windows8 devices for which no newsecurity patches will be available could be isolated in aseparate VLAN and protect them with a security devicethat carefully monitors Windows8 specific attacks. Simi-larly, IoT devices in a critical infrastructure could be puton a separate VLAN that only trusted users can access.Even if they are not perfect, such population specificisolation and protections will improve security.3) Given the device population, network monitoring toolscan aggregate anomalies based on device types to findpatterns of attacks on specific types of devices. Moreinformation can be gleaned by aggregation based ondevice type. Observed anomalies can be checked againstvulnerabilities in the CERT database to find attack vec-tors. V. C ONCLUSION
Adoption of DM requires companies to migrate to a DigitalSupply Chain Network (DSN) as shown in Figure 17. Thefigure visually represents how a classical linear supply chain e.g., devices with older firmware or vulnerabilities from CERT database. OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 14
Fig. 17. The emerging digital supply chain network. collapses into a set of dynamic networks due to digitalization.DSNs enabled by networking within and across organizationsare integral to the DM. While integration of the social mediamay be a counter-intuitive component in the DSN, companiesare adopting social media platforms to report service outagesand system malfunctions and to provide customer support.As our study shows, the elements of the DM process chainopen up a large attack surface and introduce numerous vul-nerabilities making them susceptible to traditional cyberattacksand attacks that impact the physical plant and the quality ofthe manufactured products. The digital integration spanningthe entire supply chain while making the production andmovement of goods efficient, increases the attack surface andintroduces new attack vectors.Not all participants in a manufacturing supply chain mayhave the same level of resources to implement the mostadvanced defenses. The weakest links in a supply chain maybesides compromising their own assets, may compromise theassets of all participants in the supply chain. This is especiallytrue for the MSEs, who have limited resources, neverthelesshave to embrace adoption of digital manufacturing. When theMSEs employ the digital thread as part of setting up the DMworkflow and use the DSN to establish connectivity withintheir enterprise and across enterprises in the supply chain,they have to tackle the threats on all these multiple levels. Thechallenge for these MSEs is therefore to be judicious in usingthe limited resources to address these multi-level threats. TheMSEs must prioritize which cybersecurity issues to address asthey transition to a DM workflow.While this study focused on cybersecurity of manufacturing-unique elements of DSN other elements such as the informa-tion, financial, and business networks are equally important.Some of these elements can be secured using well-knowninformation security approaches such as encrypting data andcommunication. Side channel attacks and reverse engineeringof products are threats that extend beyond the DM networkand impact a company significantly. Reverse engineering ofa product can lead to revenue loss, where the CAD modelsmay be generated by skillful designers based on an actual partacquired from the OEM without any disruption or breaches tothe connected supply chain. These additional risks need to beaddressed when securing DM. Most IOT or DM technology components lack sufficient device activity logging capability.Insecure network protocols are typically used to connect DMcomponents to the internet. Various methods can be used toassess the security posture of a manufactured product. Tra-ditional systems have typically either been designed withoutsecurity in mind, or with the explicit presumption that thesystem is isolated and so not subject to cyberattacks [3]. Thenew generation of manufacturing sectors resulting from theadoption of the DM process workflow and migrating to theDSN would need special focus on securing complex systemsthat are integrated within the control network in the manu-facturing plant. Hence, security controls should be designedfrom the inception of software development or hardwareconfiguration in the control network.A
CKNOWLEDGMENT
The NYU team acknowledges the National Science Foun-dation Cyber-Physical Systems grant CMMI-1932264 andNSF grant DGE-1931724. Bukkapatnam’s research is par-tially supported by the Natioanal Science Foundation grantsCMMI-1432914 and S&AS INT-1849085, and Texas A&MUniversity’s x-grants program. Reddys research is supportedby Qatar National Research Foundation grant 9-069-1-018.The material by Kumar is based upon work partially sup-ported by NSF Science & Technology Center Grant CCF-0939370, the U.S. Army Research Office under Contract No.W911NF-18-10331, the U.S. Army Research Office underCooperative Agreement Number W911NF-19-2-0243, he U.S.Army Research Laboratory under Contract No. W911NF-19-2-0033 U.S. ONR under Contract No. N00014-18-1-2048,and the Department of Energy. The views and conclusionscontained in this document are those of the authors andshould not be interpreted as representing the official policies,either expressed or implied, of the Army Research Officeor the U.S. Government. The U.S. Government is authorizedto reproduce and distribute reprints for Government purposesnotwithstanding any copyright notation herein.R
EFERENCES[1] R. Y. Zhong, X. Xu, E. Klotz, and S. T. Newman, “Intelligentmanufacturing in the context of industry 4.0: a review,”
Engineering ,vol. 3, no. 5, pp. 616–630, 2017.[2] A. S. Iquebal, Z. Wang, W.-H. Ko, Z. Wang, P. Kumar, A. Srinivasa,and S. T. Bukkapatnam, “Towards realizing cybermanufacturing kiosks:quality assurance challenges and opportunities,”
Procedia Manufactur-ing , vol. 26, pp. 1296–1306, 2018.[3] N. Tuptuk and S. Hailes, “Security of smart manufacturing systems,”
Journal of manufacturing systems , vol. 47, pp. 93–106, 2018.[4] M. Praniewicz, T. Kurfess, and C. Saldana, “Adaptivegeometry transformation and repair for hybrid manufactur-ing,”
Procedia Manufacturing
Procedia CIRP
OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 15 [7] M. Soshi, J. Ring, C. Young, Y. Oda, and M. Mori, “Innovative gridmolding and cooling using an additive and subtractive hybrid cncmachine tool,”
CIRP Annals
Proceedings of the 17th Solid Freeform Fabrication Symposium, Austin,TX, USA , 2006, pp. 14–16.[9] P. Zelinski, “3d hybrid printing and implant-supported prosthetics,”shorturl.at/rvFHZ, 2017, online; Last accessed the website in May2020.[10] N. G. Tsoutsos, H. Gamil, and M. Maniatakos, “Secure 3d printing:Reconstructing and validating solid geometries using toolpath reverseengineering,” in
Proceedings of the 3rd ACM Workshop on cyber-physical system security , 2017, pp. 15–20.[11] B. Botcha, Z. Wang, S. Rajan, N. Gautam, S. T. Bukkapatnam, A. Man-thanwar, M. Scott, D. Schneider, and P. Korambath, “Implementingthe transformation of discrete part manufacturing systems into smartmanufacturing platforms,” in
ASME 2018 13th International Manufac-turing Science and Engineering Conference . American Society ofMechanical Engineers Digital Collection, 2018.[12] A. S. Iquebal, B. Botcha, and S. Bukkapatnam, “Towards rapid,in situ characterization for materials-on-demand manufacturing,”
Manufacturing Letters
Journal of Manufacturing Scienceand Engineering , vol. 136, no. 2, 2014.[14] R. Palanna, S. Bukkapatnam, and F. S. Settles, “Model-based tamperingfor improved process performancean application to grinding of shafts,”
Journal of Manufacturing Processes , vol. 5, no. 1, pp. 24–32, 2003.[15] B. Botcha, V. Rajagopal, R. B. N], and S. T. Bukkapatnam,“Process-machine interactions and a multi-sensor fusion approach topredict surface roughness in cylindrical plunge grinding process,”
Procedia Manufacturing
RecentAdvances in Optimization and Modeling of Contemporary Problems .INFORMS, 2018, pp. 279–315.[17] C. Cheng, A. Sa-Ngasoongsong, O. Beyca, T. Le, H. Yang, Z. Kong,and S. T. Bukkapatnam, “Time series forecasting for nonlinear andnon-stationary processes: A review and comparative study,”
Iie Trans-actions , vol. 47, no. 10, pp. 1053–1071, 2015.[18] M. R. Yavari, K. D. Cole, and P. Rao, “Thermal Modeling inMetal Additive Manufacturing Using Graph Theory,”
Journal ofManufacturing Science and Engineering , vol. 141, no. 7, 05 2019,071007. [Online]. Available: https://doi.org/10.1115/1.4043648[19] Z. Wang, F. Chegdani, N. Yalamarti, B. Takabi, B. Tai, M. El Mansori,and S. Bukkapatnam, “Acoustic Emission Characterization of NaturalFiber Reinforced Plastic Composite Machining Using a RandomForest Machine Learning Model,”
Journal of Manufacturing Scienceand Engineering , vol. 142, no. 3, 01 2020, 031003. [Online].Available: https://doi.org/10.1115/1.4045945[20] M. A. Al Faruque, S. R. Chhetri, A. Canedo, and J. Wan, “Acousticside-channel attacks on additive manufacturing systems,” in , 2016, pp. 1–10.[21] N. Gupta, A. Tiwari, S. T. Bukkapatnam, and R. Karri, “Additivemanufacturing cyber-physical system: Supply chain cybersecurity andrisks,”
IEEE Access , vol. 8, pp. 47 322–47 333, 2020.[22] L. D. Sturm, C. B. Williams, J. A. Camelio, J. White, and R. Parker,“Cyber-physical vulnerabilities in additive manufacturing systems: Acase study attack on the. stl file with human subjects,”
Journal ofManufacturing Systems , vol. 44, pp. 154–164, 2017.[23] B. Ranabhat, J. Clements, J. Gatlin, K.-T. Hsiao, and M. Yampolskiy,“Optimal sabotage attack on composite material parts,”
InternationalJournal of Critical Infrastructure Protection , vol. 26, p. 100301, 2019.[24] S. Belikovetsky, M. Yampolskiy, J. Toh, J. Gatlin, and Y. Elovici,“dr0wned–cyber-physical attack with additive manufacturing,” in { USENIX } Workshop on Offensive Technologies ( { WOOT } , 2017. [25] M. Yampolskiy, A. Skjellum, M. Kretzschmar, R. A. Overfelt, K. R.Sloan, and A. Yasinsac, “Using 3d printers as weapons,” InternationalJournal of Critical Infrastructure Protection , vol. 14, pp. 58–71, 2016.[26] M. Wu, Z. Song, and Y. B. Moon, “Detecting cyber-physical attacks incybermanufacturing systems with machine learning methods,”
Journalof intelligent manufacturing , vol. 30, no. 3, pp. 1111–1123, 2019.[27] S. R. Chhetri, A. Canedo, and M. A. Al Faruque, “Kcad: kinetic cyber-attack detection method for cyber-physical additive manufacturingsystems,” in . IEEE, 2016, pp. 1–8.[28] Z. DeSmit, A. E. Elhabashy, L. J. Wells, and J. A. Camelio, “Cyber-physical vulnerability assessment in manufacturing systems,”
ProcediaManufacturing , vol. 5, pp. 1060–1074, 2016.[29] F. Chen, G. Mac, and N. Gupta, “Security features embedded incomputer aided design (cad) solid models for additive manufacturing,”
Materials & Design , vol. 128, pp. 182–194, 2017.[30] A. E. Elhabashya, L. J. Wellsb, and J. A. Camelioc, “Cyber-physicalsecurity research efforts in manufacturing–a literature,”
Procedia Man-ufacturing , vol. 34, pp. 921–931, 2019.[31] S. B. Moore, W. B. Glisson, and M. Yampolskiy, “Implicationsof malicious 3d printer firmware,” in , T. Bui, Ed. ScholarSpace / AISElectronic Library (AISeL), 2017, pp. 1–10. [Online]. Available:http://hdl.handle.net/10125/41899[32] A. Bracho, C. Saygin, H. Wan, Y. Lee, and A. Zarreh, “A simulation-based platform for assessing the impact of cyber-threats on smartmanufacturing systems,”
Procedia Manufacturing , vol. 26, pp. 1116–1127, 2018.[33] L. M. Graves, J. Lubell, W. King, and M. Yampolskiy, “Characteristicaspects of additive manufacturing security from security awarenessperspectives,”
IEEE Access , vol. 7, pp. 103 833–103 853, 2019.[34] M. Yampolskiy, T. R. Andel, J. T. McDonald, W. B. Glisson, andA. Yasinsac, “Intellectual property protection in additive layer manu-facturing: Requirements for secure outsourcing,” in
Proceedings of the4th Program Protection and Reverse Engineering Workshop , 2014, pp.1–9.[35] S. R. Chhetri, N. Rashid, S. Faezi, and M. A. Al Faruque, “Securitytrends and advances in manufacturing systems in the era of industry4.0,” in . IEEE, 2017, pp. 1039–1046.[36] S. Belikovetsky, Y. Solewicz, M. Yampolskiy, J. Toh, and Y. Elovici,“Detecting cyber-physical attacks in additive manufacturing usingdigital audio signing,” arXiv preprint arXiv:1705.06454 , 2017.[37] S. R. Chhetri and M. A. Al Faruque, “Side channels of cyber-physicalsystems: Case study in additive manufacturing,”
IEEE Design & Test ,vol. 34, no. 4, pp. 18–25, 2017.[38] F. W. Baumann and D. Roller, “Additive manufacturing, cloud-based3d printing and associated servicesoverview,”
Journal of Manufacturingand Materials Processing , vol. 1, no. 2, p. 15, 2017.[39] D. Wu, A. Ren, W. Zhang, F. Fan, P. Liu, X. Fu, and J. Terpenny,“Cybersecurity for digital manufacturing,”
Journal of manufacturingsystems , vol. 48, pp. 3–12, 2018.[40] N. Gupta, F. Chen, N. G. Tsoutsos, and M. Maniatakos, “Obfuscade:Obfuscating additive manufacturing cad models against counterfeiting,”in
Proceedings of the 54th Annual Design Automation Conference2017 , 2017, pp. 1–6.[41] S. B. Moore, J. Gatlin, S. Belikovetsky, M. Yampolskiy, W. E.King, and Y. Elovici, “Power consumption-based detection of sabotageattacks in additive manufacturing,” arXiv preprint arXiv:1709.01822 ,2017.[42] S. Belikovetsky, Y. A. Solewicz, M. Yampolskiy, J. Toh, and Y. Elovici,“Digital audio signature for 3d printing integrity,”
IEEE Transactionson Information Forensics and Security , vol. 14, no. 5, pp. 1127–1141,2018.[43] A. Zarreh, C. Saygin, H. Wan, Y. Lee, A. Bracho et al. , “Cybersecurityanalysis of smart manufacturing system using game theory approachand quantal response equilibrium,”
Procedia manufacturing , vol. 17,pp. 1001–1008, 2018.[44] D. B. Miller, W. B. Glisson, M. Yampolskiy, and K.-K. R. Choo,“Identifying 3d printer residual data via open-source documentation,”
Computers & Security , vol. 75, pp. 10–23, 2018.[45] S. C. Chaduvula, A. Dachowicz, M. J. Atallah, and J. H. Panchal,“Security in cyber-enabled design and manufacturing: A survey,”
Journal of Computing and Information Science in Engineering , vol. 18,no. 4, 2018.
OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 16 [46] Y. Raban and A. Hauptman, “Foresight of cyber security threat driversand affecting technologies,” foresight , 2018.[47] F. Chen, Y. Luo, N. G. Tsoutsos, M. Maniatakos, K. Shahin, andN. Gupta, “Embedding tracking codes in additive manufactured partsfor product authentication,”
Advanced Engineering Materials , vol. 21,no. 4, p. 1800495, 2019.[48] S.-Y. Yu, A. V. Malawade, S. R. Chhetri, and M. A. Al Faruque,“Sabotage attack detection for additive manufacturing systems,”
IEEEAccess , vol. 8, pp. 27 218–27 231, 2020.[49] W. Hoffman and T. A. Volpe, “Internet of nuclear things: Managing theproliferation risks of 3-d printing technology,”
Bulletin of the AtomicScientists , vol. 74, no. 2, pp. 102–113, 2018.[50] O. Abdulhameed, A. Al-Ahmari, W. Ameen, and S. H. Mian, “Additivemanufacturing: Challenges, trends, and applications,”
Advances inMechanical Engineering , vol. 11, no. 2, p. 1687814018822880, 2019.[51] A. Padmanabhan and J. Zhang, “Cybersecurity risks and mitigationstrategies in additive manufacturing,”
Progress in Additive Manufac-turing , vol. 3, no. 1-2, pp. 87–93, 2018.[52] J. Prinsloo, S. Sinha, and B. von Solms, “A review of industry 4.0manufacturing process security risks,”
Applied Sciences , vol. 9, no. 23,p. 5105, 2019.[53] S. R. Chhetri, A. Barua, S. Faezi, F. Regazzoni, A. Canedo, and M. A.Al Faruque, “Tool of spies: Leaking your ip by altering the 3d printercompiler,”
IEEE Transactions on Dependable and Secure Computing ,2019.[54] M. Jim´enez, L. Romero, I. A. Dom´ınguez, M. d. M. Espinosa, andM. Dom´ınguez, “Additive manufacturing technologies: An overviewabout 3d printing methods and future prospects,”
Complexity , vol. 2019,2019.[55] M. Yampolskiy, L. Schutzle, U. Vaidya, and A. Yasinsac, “Securitychallenges of additive manufacturing with metals and alloys,” in
Inter-national Conference on Critical Infrastructure Protection . Springer,2015, pp. 169–183.[56] O. Ivanova, A. Elliott, T. Campbell, and C. Williams, “Unclonablesecurity features for additive manufacturing,”
Additive Manufacturing ,vol. 1, pp. 24–31, 2014.[57] S. M. Bridges, K. Keiser, N. Sissom, and S. J. Graves, “Cyber securityfor additive manufacturing,” in
Proceedings of the 10th Annual Cyberand Information Security Research Conference , 2015, pp. 1–3.[58] M. Holland, C. Nigischer, and J. Stjepandic, “Copyright protection inadditive manufacturing with blockchain approach,”
TransdisciplinaryEngineering: A Paradigm Shift , vol. 5, pp. 914–921, 2017.[59] S. Chhetri, S. Faezi, A. Canedo, and M. Al Faruque, “Poster abstract:Thermal side-channel forensics in additive manufacturing systems,” in
Proceedings of the 7th International Conference on Cyber-PhysicalSystems, Vienna, Austria, Apr , 2016, pp. 11–14.[60] C. Wei, Z. Sun, Y. Huang, and L. Li, “Embedding anti-counterfeitingfeatures in metallic components via multiple material additive manu-facturing,”
Additive Manufacturing , vol. 24, pp. 1–12, 2018.[61] M. Wu, H. Zhou, L. L. Lin, B. Silva, Z. Song, J. Cheung, andY. Moon, “Detecting attacks in cybermanufacturing systems: Additivemanufacturing example,” in
MATEC Web of Conferences , vol. 108.EDP Sciences, 2017, p. 06005.[62] H. Vincent, L. Wells, P. Tarazaga, and J. Camelio, “Trojan detectionand side-channel analyses for cyber-security in cyber-physical manu-facturing systems,”
Procedia Manufacturing , vol. 1, pp. 77–85, 2015.[63] A. Riel, C. Kreiner, G. Macher, and R. Messnarz, “Integrated designfor tackling safety and security challenges of smart products and digitalmanufacturing,”
CIRP annals , vol. 66, no. 1, pp. 177–180, 2017.[64] A. Ren, D. Wu, W. Zhang, J. Terpenny, and P. Liu, “Cyber securityin smart manufacturing: survey and challenges,” in
IIE Annual Con-ference. Proceedings . Institute of Industrial and Systems Engineers(IISE), 2017, pp. 716–721.[65] H. He, C. Maple, T. Watson, A. Tiwari, J. Mehnen, Y. Jin, andB. Gabrys, “The security challenges in the iot enabled cyber-physicalsystems and opportunities for evolutionary computing & other compu-tational intelligence,” in . IEEE, 2016, pp. 1015–1021.[66] M. Wu, J. Song, L. W. L. Lin, N. Aurelle, Y. Liu, B. Ding, Z. Song,and Y. B. Moon, “Establishment of intrusion detection testbed forcybermanufacturing systems,”
Procedia Manufacturing , vol. 26, pp.1053–1064, 2018.[67] M. Fey,
3D printing and international security: risks and challengesof an emerging technology . DEU, 2017, vol. 144.[68] A. E. Elhabashy, L. J. Wells, J. A. Camelio, and W. H. Woodall,“A cyber-physical attack taxonomy for production systems: a quality control perspective,”
Journal of Intelligent Manufacturing , vol. 30,no. 6, pp. 2489–2504, 2019.[69] A. Slaughter, M. Yampolskiy, M. Matthews, W. E. King, G. Guss, andY. Elovici, “How to ensure bad quality in metal additive manufac-turing: In-situ infrared thermography from the security perspective,”in
Proceedings of the 12th International Conference on Availability,Reliability and Security , 2017, pp. 1–10.[70] B. Satchidanandan and P. R. Kumar, “Secure control of networkedcyber-physical systems,” in . IEEE, 2016, pp. 283–289.[71] B. Satchidanandan and P. Kumar, “Control systems under attack: Thesecurable and unsecurable subspaces of a linear stochastic system,”in
Emerging Applications of Control and Systems Theory
Proceedings ofthe IEEE , vol. 105, no. 2, pp. 219–240, Feb 2017.[75] R. K. Behera, S. Sivaprakasam, L. N. Jagannathan, and N. Gupta,“System and method for security and management of computer-aideddesigns,” 2019, uS Patent 16/657,048.[76] Kaspersky, “What is wannacry ransomware?” https://usa.kaspersky.com/resource-center/threats/ransomware-wannacry, online; Last ac-cessed the website in May 2020.[77] D. U. Case, “Analysis of the cyber attack on the ukrainian power grid,”
Electricity Information Sharing and Analysis Center (E-ISAC)
Proceedings of 2017 9th International Conferenceon Communication Systems and Networks (COMSNETS) . IEEE, 2017,pp. 23–30.[80] Y. Mo and B. Sinopoli, “Secure Control Against Replay Attacks,” in
Proceedings of the 47th Annual Allerton Conference on Communica-tion, Control, and Computing , Sept 2009.[81] S. Weerakkody, Y. Mo, and B. Sinopoli, “Detecting Integrity Attacks onControl Systems using Robust Physical Watermarking,” in
Proceedingsof the 53rd IEEE Conference on Decision and Control , Dec 2014, pp.3757–3764.[82] Bharadwaj Satchidanandan and P. R. Kumar, “Secure control of net-worked cyber-physical systems,” in
Proceedimgs of the 2016 IEEE 55thConference on Decision and Control (CDC) , 2016, pp. 283–289.[83] Jaewon Kim, Woo-Hyun Ko and P. R. Kumar, “Cyber-security withdynamic watermarking for process control systems,” in . AIChE, 2019.[84] Bharadwaj Satchidanandan and P. R. Kumar, “Theory and imple-mentation of dynamic watermarking for cybersecurity of advancedtransportation systems,” in
Proceedings of the 2016 IEEE Conferenceon Communications and Network Security (CNS) , Oct 2016, pp. 416–420.[85] Lantian Shangguan, Kenny Chour, Woo Hyun Ko, Jaewon Kim, GopalKamath, Bharadwaj Satchidanandan, Swaminathan Gopalswamy and P.R. Kumar,, “Dynamic watermarking for cybersecurity of autonomousvehicles,”
Preprint , 2020.[86] F. Chen, G. Mac, and N. Gupta, “Security features embedded incomputer aided design (cad) solid models for additive manufacturing,”
Materials & Design
CIRP Annals , vol. 68, no. 1, pp. 459 – 462, 2019.[88] H. Yang, S. Kumara, S. T. Bukkapatnam, and F. Tsung, “The internet ofthings for smart manufacturing: A review,”
IISE Transactions , vol. 51,no. 11, pp. 1190–1216, 2019.[89] X. Liu, C. Qian, W. G. Hatcher, H. Xu, W. Liao, and W. Yu, “Se-cure internet of things (iot)-based smart-world critical infrastructures:Survey, case study and research opportunities,”
IEEE Access , Jul. 2019.
OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 17 [90] A. O. Akmandor, H. Yin, and N. K. Jha, “Smart, secure, yet energy-efficient, internet-of-things sensors,”
IEEE Trans. on Multi-Scale Com-puting Systems , Oct.-Dec. 2018.[91] D. Kumar, K. Shen, B. Case, D. Garg, D. Kuznetsov, R. Gupta, andZ. Durumeric, “All things considered: An analysis of iot devices onhome networks,”
USENIX Security Symposium , 2019.[92] A. Sivanathan, D. Sherratt, H. H. Gharakheili, A. Radford, C. Wi-jenayake, A. Vishwanath, and V. Sivaraman, “Characterizing andclassifying iot traffic in smart cities and campuses,” ,2017.[93] Z. Zheng and A. L. N. Reddy, “Safeguarding building automationnetworks: The-driven anomaly detector based on traffic analysis,”
IEEEICCCN (Invited Paper) , July 2017.[94] Z. Zheng, S. Jin, R. Bettati, and A. L. N. Reddy, “Securing cyber-physical systems with adaptive commensurate response,”
Proc. of IEEECNS Conference , October 2017.[95] Z. Zheng, A. Webb, A. L. N. Reddy, and R. Bettati, “Iotaegis: Ascalable framework to secure the internet of things,”
Invited Paper atIEEE ICCCN , July 2018.[96] E. Fernandes, A. Rahmati, K. Eykholt, and A. Prakash, “Internet ofthings security research: A rehash of old ideas or new intellectualchallenges?”
Proc. of IEEE Security & Privacy , 2017.[97] A. Alrawais, A. Alhothaily, C. Hu, and X. Cheng, “Fog computingfor the internet of things: Security and privacy issues,”
IEEE InternetComputing , Mar.-Apr. 2017.[98] H. Ghadeer, “Cybersecurity issues in internet of things and counter-measures,”
IEEE Int. Conf. on Industrial Internet (ICII) , 2018.[99] F. Dang, Z. Li, Y. Liu, E. Zhai, Q. A. Chen, T. Xu, Y. Chen, andJ. Yang, “Understanding fileless attacks on linux-based iot devices withhoneycloud,”
ACM MobiSys , 2019.[100] F. Loi, A. Sivanathan, H. H. Gharakheili, A. Radford, and V. Sivara-man, “Systematically evaluating security and privacy forconsumer iotdevices,”
Proc. of ACM IoT S&P , 2017.[101] P. Ducklin, “Mirai internet of things malware from krebs ddos attackgoes open source,”
Naked Security by Sophos , Oct. 2016.[102] CERT, “Vulnerability notes database,” ,2020.[103] NIST, “National vulnerability database,” https://nvd.nist.gov/ , 2020.
Priyanka Mahesh is a Graduate student at NewYork University. She obtained her B.Tech degree inComputer Science from SRM University. She hasworked in the consulting industry in the field ofcybersecurity on projects related to telematics andICS security. Her research is focused on addressingsecurity concerns in cyber-physical systems, embed-ded systems and industrial control systems in orderto build trustworthy IOT systems.
Akash Tiwari received the B.Tech. degree in indus-trial and systems engineering from the Indian Insti-tute of Technology (IIT) Kharagpur, India, in 2019.He is currently pursuing the Ph.D. degree with theDepartment of Industrial and Systems Engineering,Texas A&M University, College Station, TX, USA.He was a Summer Intern with the Royal EnfieldMotors Factory, Chennai, India, in 2017. In 2018,he was a Summer Research Intern with the DurhamUniveristy Business School, Durham, U.K.
Chenglu Jin is a research assistant professor atNYU Center for Cybersecurity and Center for UrbanScience and Progress. His research interest is cyber-physical system security, hardware security, and ap-plied cryptography. He holds a Ph.D. degree fromthe University of Connecticut.
P.R. Kumar (F88) received the B.Tech. degreein electronics engineering from Indian Institute ofTechnology (IIT) Madras, Chennai, India, in 1973,and the D.Sc. degree in systems science and math-ematics from Washington University in St. Louis,St. Louis, MO, USA, in 1977. He is currentlywith Texas A&M University, College Station, TX,USA. He was a faculty member with the Uni-versity of Maryland, Baltimore County (19771984)and the University of Illinois at Urbana-Champaign(19852011). He was the Leader of the Guest ChairProfessor Group on Wireless Communication and Networking with TsinghuaUniversity. He is a D. J. Gandhi Distinguished Visiting Professor withIIT Bombay, and an Honorary Professor with IIT Hyderabad. His researchinterests include cyber-physical systems, cybersecurity, privacy, wireless net-works, renewable energy, smart grid, autonomous vehicles, and unmanned airvehicle systems. Prof. Kumar is a member of the U.S. National Academyof Engineering, The World Academy of Sciences, and the Indian NationalAcademy of Engineering. He was awarded a Doctor Honoris Causa by ETHZurich. He was the recipient of the IEEE Field Award for Control Systems,the Donald P. Eckman Award of the AACC, Fred W. Ellersick Prize of theIEEE Communications Society, the Outstanding Contribution Award of ACMSIGMOBILE, the INFOCOM Achievement Award, and the SIGMOBILETest-of-Time Paper Award. He is a Fellow ACM. He was also the recipient ofthe Distinguished Alumnus Award from IIT Madras, the Alumni AchievementAward from Washington University in St. Louis, and the Daniel DruckerEminent Faculty Award from the College of Engineering, University of Illinoisat Urbana-Champaign.
Narasimha Reddy is currently a J.W. Runyon Pro-fessor in the department of Electrical and ComputerEngineering at Texas A&M University as well as theAssociate Dean for Research with the Texas A&MEngineering Program and the Assistant Directorof Strategic Initiatives & Centers with the TexasA&M Engineering Experiment Station. Reddys re-search interests are in Computer Networks, StorageSystems, and Computer Architecture. During 1990-1995, he was a Research Staff Member at IBMAlmaden Research Center in San Jose. Reddy holdsfive patents and was awarded a technical accomplishment award while at IBM.He received an NSF Career Award in 1996. His honors include an OutstandingProfessor award by the IEEE student branch at Texas A&M during 1997-1998, an Outstanding Faculty award by the Department of Electrical andComputer Engineering during 2003-2004, a Distinguished Achievement awardfor teaching from the Former Students Association of Texas A&M University,and a citation for one of the most influential papers from the 1st ACMMultimedia Conference.
OURNAL OF L A TEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 18
Satish T.S. Bukkapatnam received his Ph.D. andM.S. degrees in industrial and manufacturing engi-neering from the Pennsylvania State University. Hecurrently serves as Rockwell International Profes-sor with the Department of Industrial and SystemsEngineering department at Texas A&M University,College Station, TX, USA, and has been selectedas a Fulbright-Tocqueville distinguished chair. He isalso the Director of Texas A&M Engineering Exper-imentation Station (TEES) Institute for Manufactur-ing Systems. His research in smart manufacturingaddresses the harnessing of high-resolution nonlinear dynamic information,especially from wireless MEMS sensors, to improve the monitoring andprognostics, mainly of ultra-precision and nano-manufacturing processes andmachines, and wearable sensors for cardio-respiratory processes. His researchhas led to over 160 articles in journals and conference proceedings. He is afellow of the Institute for Industrial and Systems Engineers (IISE), and theSociety of Manufacturing Engineers (SME).
Nikhil Gupta is a Professor of Mechanical andAerospace Engineering at New York University. Heis also affiliated with NYU Center for Cybersecurity.His research is focused on developing methods tosecure computer aided design files against theft ofintellectual property and unauthorized production ofparts. His group is also using machine learning meth-ods for reverse engineering of parts and mechanicalproperty characterization. He is an author of over195 journal articles and book chapters on compositematerials, materials characterization methods andadditive manufacturing security.