Secure 3D Printing: 'Three-Layer' System Protects Parts from Hackers

A 3D printer is essentially a small embedded computer — and can be exploited like one.

Researchers from Georgia Institute of Technology and Rutgers University have developed a “three-layer” way of certifying that an additively manufactured part has not been compromised.

Even with the correct stereolithography (STL) files, a trusted chain of operations, and a secure facility, attackers have the ability to exploit a 3D printer’s embedded software, also known as firmware, to damage a component.

Dr. Raheem Beyah (Image Credit: Georgia Tech)

Malicious software in a printer can lead to hidden product defects. The most nefarious example of a compromise, according to Dr. Raheem Beyah, a Professor in Georgia Tech’s School of Electrical and Computer Engineering, is the ability to create flaws in a 3D-printed part’s internal structure.

“If you change that internal pattern and make sure everything else outside is the exact same, then nobody really knows,” Beyah told Tech Briefs. “So, if you go and do this to the brakes of a car or some part of a plane, they can fail dramatically.”

Making a Mark

To ensure the integrity of a 3D-printed part, Beyah and his research team developed a three-pronged system of physical and acoustic techniques: nanorod detection, noise measurement, and sensor-based tracking.

The first security “layer” requires the embedding of tiny particles into a standard filament. In theory, a user places the gold nanorods in select locations throughout the object, known only to the individual who generated the STL file.

“It should be very difficult to go back and guess that. It’s just too many locations to randomly brute force,” said Beyah, referring to a trial-and-error hacking method.

The gold nanorods are the same contrast agents used in medical imaging techniques for detecting tumors.

The team ultimately wants to fine-tune nanoparticle placement to create a kind of identifiable 3D watermark, one revealed by a CT scan or spectroscopy method. Any surprises in the placement of nanoparticles would indicate possible compromise of the firmware.

The nanoparticle process requires little retrofitting to existing 3D printers. The validation technique is independent of a printer’s firmware and software.

“You essentially have a filament that has the nanoparticles embedded, and you just provide the filament to the 3D printer,” said Beyah.

The Golden Rule

A second layer of security relies upon a microphone – a common condenser microphone, in Beyah’s case.

If you’re printing the exact same object, the extruder and other pieces of machinery should be making the same sounds. The acoustic measurements provide a “golden copy” that can be compared to later prints.

By pointing the AKG P170 instrumental microphone at a 3D printer, the Georgia Institute of Technology professor sought to detect audio aberrations, possible indicators of malicious software.

Similarly, when creating the same part, all the pieces of the 3D printer should have reliable movement patterns. An add-on accelerometer, the third layer of the verification method, detects that a printer’s extruder and other elements have followed a consistent, “golden” mechanical path.

Ready to Go

The researchers tested their three-part technique on three different types of 3D printers and a computer numerical control (CNC) machine. A polyethylene tibial knee prosthesis was used as the test case, as the engineers detected variations in the print process.

Along with fine-tuning nanoparticle placement, the team is exploring signal-processing methods to improve acoustic measurements and filter out the noise of additional 3D printers. Beyah hopes to commercialize the technology and place the easy-to-use system in manufacturers’ hands.

“This is a novel idea, but it’s not something that costs us $10,000 to do,” said Beyah. “We can retrofit existing 3D printers, and actually provide and deploy the security today.”

The verification and intrusion detection research will be presented on August 18 at the 26th USENIX Security Symposium  in Vancouver, British Columbia. The two institutions recently received a grant from the National Science Foundation to further develop the process.

What do you think? Are you concerned about the integrity of 3D-printed parts? Share your comments below.

Related Content: