TY - GEN
T1 - Leave your phone at the door
T2 - 23rd ACM Conference on Computer and Communications Security, CCS 2016
AU - Hojjati, Avesta
AU - Adhikari, Anku
AU - Struckmann, Katarina
AU - Chou, Edward J.
AU - Nguyen, Thi Ngoc Tho
AU - Madan, Kushagra
AU - Winslett, Marianne S.
AU - Gunter, Carl A.
AU - King, William P.
N1 - Publisher Copyright:
© 2016 Copyright held by the owner/author(s). Publication rights licensed to ACM.
PY - 2016/10/24
Y1 - 2016/10/24
N2 - From pencils to commercial aircraft, every man-made object must be designed and manufactured. When it is cheaper or easier to steal a design or a manufacturing process specification than to invent one's own, the incentive for theft is present. As more and more manufacturing data comes online, incidents of such theft are increasing. In this paper, we present a side-channel attack on manufacturing equipment that reveals both the form of a product and its manufacturing process, i.e., exactly how it is made. In the attack, a human deliberately or accidentally places an attack-enabled phone close to the equipment or makes or receives a phone call on any phone nearby. The phone executing the attack records audio and, optionally, magnetometer data. We present a method of reconstructing the product's form and manufacturing process from the captured data, based on machine learning, signal processing, and human assistance. We demonstrate the attack on a 3D printer and a CNC mill, each with its own acoustic signature, and discuss the commonalities in the sensor data captured for these two different machines. We compare the quality of the data captured with a variety of smartphone models. Capturing data from the 3D printer, we reproduce the form and process information of objects previously unknown to the reconstructors. On average, our accuracy is within 1 mm in reconstructing the length of a line segment in a fabricated object's shape and within 1 degree in determining an angle in a fabricated object's shape. We conclude with recommendations for defending against these attacks.
AB - From pencils to commercial aircraft, every man-made object must be designed and manufactured. When it is cheaper or easier to steal a design or a manufacturing process specification than to invent one's own, the incentive for theft is present. As more and more manufacturing data comes online, incidents of such theft are increasing. In this paper, we present a side-channel attack on manufacturing equipment that reveals both the form of a product and its manufacturing process, i.e., exactly how it is made. In the attack, a human deliberately or accidentally places an attack-enabled phone close to the equipment or makes or receives a phone call on any phone nearby. The phone executing the attack records audio and, optionally, magnetometer data. We present a method of reconstructing the product's form and manufacturing process from the captured data, based on machine learning, signal processing, and human assistance. We demonstrate the attack on a 3D printer and a CNC mill, each with its own acoustic signature, and discuss the commonalities in the sensor data captured for these two different machines. We compare the quality of the data captured with a variety of smartphone models. Capturing data from the 3D printer, we reproduce the form and process information of objects previously unknown to the reconstructors. On average, our accuracy is within 1 mm in reconstructing the length of a line segment in a fabricated object's shape and within 1 degree in determining an angle in a fabricated object's shape. We conclude with recommendations for defending against these attacks.
KW - Cyber-physical systems
KW - Data security for manufacturing
KW - Side channels
UR - http://www.scopus.com/inward/record.url?scp=84995404237&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84995404237&partnerID=8YFLogxK
U2 - 10.1145/2976749.2978323
DO - 10.1145/2976749.2978323
M3 - Conference contribution
AN - SCOPUS:84995404237
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 883
EP - 894
BT - CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
PB - Association for Computing Machinery
Y2 - 24 October 2016 through 28 October 2016
ER -