Use and Misuse of the Power Side Channel in Additive Manufacturing Security
Abstract
Additive Manufacturing (AM) is growing rapidly as an industry, particularly into the production of functional, safety-critical parts. AM Security has accordingly become a key research area for the technology, as sabotage and data theft present major risks to the safety of systems using AM-produced parts and investment in the sector as a whole. One of the chief struggles in AM Security is with the cyber-physical nature of AM systems: information generated in purely digital systems is transformed into control signals driving physical actuators, which cannot be properly controlled or observed with traditional cybersecurity means. To bridge this gap, the field of AM Security has turned to side channels. These are the unintended emanations of cyber-physical processes, which can be monitored to reason about the instrumented system’s behaviors. In this dissertation, I focus on a side channel as yet unexplored by other researchers: actuator power. By instrumenting the control-signal wires of major actuators with inductive current clamps, I can non-intrusively capture that actuator’s behavior in fine detail. Building on this rich source of data, I propose, develop, and test three applications: a signature-based sabotage detection system, a reconstruction-based prototype malicious data theft attack, and a visual comparison system for side channel-based sabotage forensics. This dissertation makes a number of novel contributions to the field. The signature-based detection method represents the first such method using this side-channel, and also serves as a test of the channel’s potential information content. The reconstruction attack, in addition to presenting a novel attack vector, develops a system for side channel-based reconstruction with field-leading accuracy and operating on more complex models than previously attempted. Finally, the forensic comparison system builds on my reconstruction methods to investigate attack localization and characterization, capabilities the field currently lacks that will be vital to securing AM in the future.