NYU Tandon Paper on Cyber Risks of 3D Printing is Springer's Most-Read Engineering Research of 2016

Shutter stock

The publishing company Springer has more than 245 engineering journals in its portfolio, covering a wide range of fascinating and timely topics, including social robotics, biomedical microdevices, and computational mechanics. When editors took stock of the works that had been the most cited, downloaded, and shared in 2016, it was an article from JOM, The Journal of the Minerals, Metals & Materials Society that stood out at number one in the category of Engineering.

That article, “Manufacturing and Security Challenges in 3D Printing,” was written by a team of Tandon researchers: Nikhil Gupta, noted materials expert and an associate professor of mechanical engineering at NYU Tandon; lead author Steven Eric Zeltmann, a graduate student in mechanical engineering; Ramesh Karri, professor of electrical and computer engineering; Michail Maniatakos, professor of electrical and computer engineering at NYU Abu Dhabi; Nektarios Tsoutsos, a doctoral student at NYU Abu Dhabi, and Jeyavijayan Rajendran, an assistant professor at The University of Texas at Dallas and former student of Karri.

Additive manufacturing (AM), commonly called 3D printing, is a $4 billion business set to quadruple by 2020. One day, manufacturers may print everything from cars to medicines, disrupting centuries-old production practices. The Federal Aviation Administration recently certified the first 3D-printed part for GE commercial jet engines, and companies like Ford Motor Company are using AM to build products and prototypes.

But the new technology poses some of the same dangers unearthed in the electronics industry, where trusted, partially trusted, and untrusted parties are part of a global supply chain.

That finding, along with initial recommendations for remedies, was the basis of the top-ranked paper. In it, the researchers examined two aspects of 3D printing that have cybersecurity implications: printing orientation and insertion of fine defects. “These are possible foci for attacks that could have a devastating impact on users of the end product, and economic impact in the form of recalls and lawsuits,” said Gupta.

Additive manufacturing builds a product from a computer assisted design (CAD) file sent by the designer. The manufacturing software deconstructs the design into slices and orients the printer head. The printer then applies material in ultra-thin layers.

The researchers reported that the orientation of the product during printing could make as much as a 25 percent difference in its strength. However, since CAD files do not give instructions for printer head orientation, malefactors could deliberately alter the process without detection. Gupta explained that economic concerns also influence how a supplier prints a product. “Minus a clear directive from the design team, the best orientation for the printer is one that minimizes the use of material and maximizes the number of parts you can print in one operation,” he said.

Karri, a cybersecurity researcher known for improving the trustworthiness of the microchip supply chain, explained: “With the growth of cloud-based and decentralized production environments, it is critical that all entities within the additive manufacturing supply chain be aware of the unique challenges presented to avoid significant risk to the reliability of the product.” He pointed out that an attacker could hack into a printer that is connected to Internet to introduce internal defects as the component is being printed. “New cybersecurity methods and tools are required to protect critical parts from such compromise,” he said.

When the researchers introduced sub-millimeter defects between printed layers, they found that the defects were undetectable by common industrial monitoring techniques, such as ultrasonic imaging, which do not require destruction of the sample. Over time, materials can weaken with exposure to fatigue conditions, heat, light, and humidity and become more susceptible to these small defects. “With 3D printed components, such as metallic molds made for injection molding used in high temperature and pressure conditions, such defects may eventually cause failure,” Gupta said.

“It is unsurprising that the world’s 3D printing community found the Tandon team’s paper so timely and compelling,” Dean Katepalli Sreenivasan said. “Tandon has long been at the cutting edge of cybersecurity studies, and we are currently blazing new trails in hardware security. Professor Gupta and his colleagues are doing seminal work that will have a major impact on industry and the world.”

In October 2017, Gupta will be helping to organize a global symposium on additive manufacturing. His earlier event, held in 2016, drew numerous leaders from academia, industry, and government to Brooklyn to discuss the future of the field.

Read the full version of “Manufacturing and Security Challenges in 3D Printing.” The Office of Naval Research helped fund the research.