A physical hash for preventing and detecting cyber-physical attacks in additive manufacturing systems

Cyber-physical security is a major concern in the modern environment of digital manufacturing, wherein a cyber-attack has the potential to result in the production of defective parts, theft of IP, or damage to infrastructure or the operator have become a real threat that have the potential to create bad parts. Current cyber only solutions are insufficient due to the nature of manufacturing environments where it may not be feasible or even possible to upgrade physical equipment to the most current cyber security standards, necessitating an approach that addresses both the cyber and the physical components. This paper proposes a new method for detecting malicious cyber-physical attacks on additive manufacturing (AM) systems. The method makes use of a physical hash, which links digital data to the manufactured part via a disconnected side-channel measurement system. The disconnection ensures that if the network and/or AM system becomes compromised, the manufacturer can still rely on the measurement system for attack detection. The physical hash ensures protection of the intellectual property (IP) associated with both process and toolpath parameters while also enabling in situ quality assurance. In this paper, the physical hash takes the form of a QR code that contains a hash string of the nominal process parameters and toolpath. It is manufactured alongside the original geometry for the measurement system to scan and compare to the readings from its sensor suite. By taking measurements in situ, the measurement system can detect in real-time if the part being manufactured matches the designer's specification. In this paper, the overall concept and underlying algorithm of the physical hash is presented. A proof-of concept validation is realized on a material extrusion AM machine, to demonstrate the ability of a physical hash and in situ monitoring to detect the existence (and absence) of malicious attacks on the STL file, the printing process parameters, and the printing toolpath.