Security Analysis of Networked 3D Printers

2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI:10.1109/SPW50608.2020.00035

Matthew McCormack, Sanjay Chandrasekaran, Guyue Liu, Tian-jiao Yu, Sandra DeVincent Wolf, V. Sekar

{"title":"Security Analysis of Networked 3D Printers","authors":"Matthew McCormack, Sanjay Chandrasekaran, Guyue Liu, Tian-jiao Yu, Sandra DeVincent Wolf, V. Sekar","doi":"10.1109/SPW50608.2020.00035","DOIUrl":null,"url":null,"abstract":"Networked 3D printers are an emerging trend in manufacturing. However, many have poor security controls, allowing attackers to cause physical hazards, create defective safety-critical parts, steal proprietary data, and halt costly operations. Prior work has given limited attention to identifying if a network attacker is able to achieve these goals. In this work, we present C3PO, an open-source network security analysis tool that systematically identifies security threats to networked 3D printers. C3PO's design is guided by industry standards and best practices, identifying potential vulnerabilities in data transfer, the printing application, availability, and exposed network services. Furthermore, C3PO analyzes how a network deployment impacts a 3D printer's security, such as an attacker compromising an IoT camera in order to send malicious commands to a networked 3D printer. We use C3PO to analyze 13 networked 3D printers and 5 real-world manufacturing network deployments. We identified 8 types of network security vulnerabilities such as a susceptibility to low-rate denial of service attacks, the transmission of unencrypted data, and publicly accessible network deployments.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE Security and Privacy Workshops (SPW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SPW50608.2020.00035","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

Abstract

Networked 3D printers are an emerging trend in manufacturing. However, many have poor security controls, allowing attackers to cause physical hazards, create defective safety-critical parts, steal proprietary data, and halt costly operations. Prior work has given limited attention to identifying if a network attacker is able to achieve these goals. In this work, we present C3PO, an open-source network security analysis tool that systematically identifies security threats to networked 3D printers. C3PO's design is guided by industry standards and best practices, identifying potential vulnerabilities in data transfer, the printing application, availability, and exposed network services. Furthermore, C3PO analyzes how a network deployment impacts a 3D printer's security, such as an attacker compromising an IoT camera in order to send malicious commands to a networked 3D printer. We use C3PO to analyze 13 networked 3D printers and 5 real-world manufacturing network deployments. We identified 8 types of network security vulnerabilities such as a susceptibility to low-rate denial of service attacks, the transmission of unencrypted data, and publicly accessible network deployments.

查看原文本刊更多论文

网络化3D打印机的安全性分析

联网3D打印机是制造业的新兴趋势。然而，许多系统的安全控制很差，允许攻击者造成物理危害，制造有缺陷的安全关键部件，窃取专有数据，并中断昂贵的操作。先前的工作对识别网络攻击者是否能够实现这些目标给予了有限的关注。在这项工作中，我们提出了C3PO，一个开源的网络安全分析工具，系统地识别网络3D打印机的安全威胁。C3PO的设计以行业标准和最佳实践为指导，识别数据传输、打印应用程序、可用性和暴露的网络服务中的潜在漏洞。此外，C3PO还分析了网络部署如何影响3D打印机的安全性，例如攻击者为了向联网3D打印机发送恶意命令而破坏物联网摄像头。我们使用C3PO来分析13台联网3D打印机和5个现实世界的制造网络部署。我们确定了8种类型的网络安全漏洞，例如对低速率拒绝服务攻击的敏感性，未加密数据的传输以及可公开访问的网络部署。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 IEEE Security and Privacy Workshops (SPW)

自引率

0.00%

发文量