As an emerging technology, additive manufacturing (AM) is able to fabricate products with complex geometries using various materials. In particular, cyber-enabled AM systems have recently become widely applied in many real-world applications. It significantly improves the flexibility and productivity of AM but poses the system under high risks of cyber-physical attacks. For example, cyber-physical attack could maliciously tamper the product design and process parameters, which, in turn, leads to significant alteration of the desired properties in AM products. Therefore, there is an urgent need in incorporating advanced technologies to improve the cyber-physical security for the cyber-enabled AM systems. In this study, two common types of cyber-physical attacks regarding the G-code security were investigated, namely, unintended design modifications and intellectual property theft. To effectively secure the G-code against these two attacks, a new methodology is developed in this study, which consists of a novel blockchain-based data storage approach and an effective asymmetry encryption technique. The proposed method was also applied to a real-world AM case for ensuring the cyber-physical security of the face shield fabrication, which is critical during the COVID-19 pandemic. Based on the proposed methodology, malicious tampering can be accurately detected in time, and meanwhile, the risk of unauthorized access of the G-code file is greatly eliminated as well.
In recent decades, a collaboration between the Internet of things (IoT) and information technology is becoming a key technological and developmental trend for remodeling the manufacturing industries. As an emerging advanced manufacturing technology, additive manufacturing (AM), also known as 3D printing, has demonstrated its excellent capability to fabricate products with complex geometry using novel materials. AM refers to a family of manufacturing technologies that fabricate products in a layer-by-layer manner, which provides a great opportunity to improve the flexibility of design and reduce buy-to-fly ratio. This, in turn, facilitates the use of AM products in various mission-critical industries, such as aerospace and healthcare [1,2].
Cyber-attacks can pose tremendous losses to enterprises. For example, based on the report of IBM security in 2019, the global average cost of a cyber-attack is $3.92 million . Furthermore, with the dramatic increase in IoT devices on the network, it is reported that there was a 600% increase in IoT attacks from 2016 to 2017, posing new and significant challenges to the physical infrastructure connected to those devices. In 2018, there was a 29% increase in vulnerabilities related to Industrial Control Systems (ICS), which are core components in manufacturing operations [4,5]. These vulnerabilities can be potentially mapped into the physical world of manufacturing operations, leading to detrimental impacts from making non-conforming products to bringing the entire manufacturing line/supply chain to a halt. Even though AM has become cyber-enabled in order to further improve its flexibility and productivity in the cyber-physical systems, the potential risk in cyber-physical security is one of the critical concerns of cyber-enabled AM, leading to a significant threat to the product intellectual property and the physical AM process. The cyber-physical vulnerability assessment in the AM system has been discussed in the recent literature [6,7]. As shown in Fig. 1, the cyber-attack could alter the product design and change printing parameters by modifying the STL file or the G-code file, respectively. As a result, the quality and reliability of AM products are significantly impacted, which even leads to safety issues. In addition, since the STL file and G-code file contain all necessary information for printing, unauthorized access to these files may leak key information and even further lead to illegal counterfeiting.
Therefore, effective methodologies to improve the cyber-physical security of AM systems are of critical needs, particularly, in protecting STL and G-code files. Recent literature has reported several methodologies for detecting the attacks on the STL file [6,8]. However, investigations in the G-code file protection are still very limited in the literature. Thus, the objective of this study is to develop a powerful approach for the protection of the G-code file. However, there are three practical major challenges: (1) G-code commands are simple and with a fixed style, which could be easily decrypted and modified through cyber-attack in a relatively short time; (2) a small successful attack could have significant impacts on the fabrication process due to the layer-by-layer fashion; and (3) the codebook needs to be updated frequently for most regular symmetric encryption methods, which may lead to high maintenance cost.
To address these challenges, this study develops a novel methodology for the G-code file protection in AM using a blockchain-based structure with asymmetry encryption technique, which effectively improves the resistance against two cyber-physical attacks (i.e., unintended design modification and intellectual property theft) and thus reduces the potential security risk. As a newly developed technology, blockchain has been successfully applied to different areas, including cryptocurrencies, smart contracts, financial services, and supply chain . Due to its special structure design, blockchain is highly resistant to data modification. Without changing all subsequent blocks, any involved record in blockchain cannot be altered retroactively. Notably, this sequential structure of blocks perfectly aligns with the layer-by-layer fashion of any AM process. In addition, the application of asymmetry encryption techniques can significantly reduce the risk of leaking key information of AM products. Thus, this paper will present an approach incorporating the blockchain technology with effective asymmetry encryption for AM.
The rest of this paper is structured as follows. A brief review of the related works from literature is provided in Sec. 2. The proposed research methodology is presented in detail in Sec. 3. Subsequently, Sec. 4 further demonstrates the effectiveness of the proposed method based on an actual AM case. Finally, conclusions and future work are discussed in Sec. 5.
2 Literature Review
The methodological development of this study is inspired by the cyber-physical security assurance in AM and blockchain technology. The relevant existing studies regarding AM design information security are briefly reviewed first in Sec. 2.1, and subsequently, the applications of blockchain in manufacturing systems are summarized in Sec. 2.2. Meanwhile, the research gaps are identified as well.
2.1 Additive Manufacturing Design Information Security.
Based on the attacking intent, cyber-attacks to the AM processes can be categorized into three generic groups [10,11]: (1) Sabotage refers to the operations to modify design/process files, including computer-aided design (CAD) model, material property, process parameters, etc.; (2) intellectual property theft makes a copy of the original product design to fabricate unauthorized products; and (3) criminal operations can gain unauthorized access to system data and withhold it for ransom. In practice, if the intellectual property theft can be well prevented, the risk for ransom can be significantly reduced as well.
In general, the AM process chain is composed of three major phases, namely, design, manufacturing, and testing/inspection [6,11]. Therefore, current cyber-physical security analysis in AM can be briefly categorized based on their implementation during those three phases in the AM process chain. Notably, most cyber-physical security analyses are performed during and/or after manufacturing. For example, during the manufacturing process, some process changes result from unintended process/part alteration of cyber-physical attacks, and sensors that measure various process variables are referred as side channels, which can be exploited to detect those process changes [12,13]. In addition, recent studies have proposed post-manufacturing schemes for part authentication by applying sensing techniques such as impedance analysis [14–16] and chemical taggants .
However, the cyber-physical attack may occur at any time of the AM process. The in situ and post-process detection on the cyber-attack has high time uncertainty and may take a long time. In addition, detection at an early stage contributes to reducing manufacturing cost since there is less or no material waste compared with in situ and post-process methods. Therefore, it is rewarding to detect cyber-attack before manufacturing, which can significantly save both time and energy. The state-of-the-art methods to secure the AM product during the design phase are summarized as below.
Even though the design files can be encrypted and protected by passwords, the security during the design phase is still not ensured if the network security is breached. Therefore, new design features or other embedding mechanisms have been proposed to add an extra layer of security to the AM process chain. For example, various security features have been developed to incorporate into the CAD design, including the Physical Unclonable Function comprised of ordered quantum dots , curvatures/internal surfaces [19,20], dissimilar tagging material , and various authentication codes embedding [22–27]. Most of those security features embedding schemes are incorporated with an in situ or post-process part authentication mechanism to secure the AM design. For example, Brandman et al.  developed a physical hash in the format of a quick response (QR) code to conduct in situ process authentication by comparing the predefined QR code with the generated code from the in situ measurements. In addition, reverse engineering schemes have been applied to create the building structure based on the G-code, and finite element models can be subsequently used to validate the structure and mechanical properties of the finished part before the manufacturing starts . Although these security features can be designed in the design phase, they still need to be testified during or after manufacturing. Also, the finite element models may become extremely time-consuming as product complexity increases. By contrast, a pre-process G-code protection which is purely implemented before the manufacturing process is effective to authenticate the product without any cyber-physical attack being transferred into the physical domain of manufacturing. Therefore, there is an urgent need to develop an effective approach to detect malicious tampering before manufacturing. In Sec. 2.2, the applications of blockchain in manufacturing systems reported in the literature will be summarized.
2.2 Application of Blockchain in Manufacturing Systems.
While it is largely involved in trading and financial areas, the blockchain also has been introduced into the manufacturing industry. In recent years, manufacturers are implementing blockchain technologies in asset tracking, quality assurance, counterfeit detection, and supply chain monitoring . In the literature, some pioneering works have been done to design blockchain-based decentralized manufacturing systems for data sharing and information processing. Such infrastructures are essential, in particular, to facilitate cyber-physical manufacturing in the era of the IoT and 5G. For example, a security and trust mechanism was developed by Zhang et al.  to integrate components of digital information in IoT-based manufacturing into a blockchain. Instead of using any trusted party or central hub that requires high “trust taxes,” manufacturers could share transactional data across a network of untrusted nodes, which realized the trust through interactions of network nodes. Yu et al.  proposed a blockchain-based architecture to enhance the decentralization and information transparency in cloud manufacturing. Based on the unique property of the blockchain, smart contracts were extended to handle manufacturing services in the cloud. Also, a quality-of-service aware model was developed to select optimal service composition for manufacturing tasks. Lee et al.  thoroughly discussed the impact of blockchain on cyber-physical production systems (CPPSs). A three-level blockchain architecture (i.e., connection net, cyber net, and management net) was proposed to improve the communication and data flow of current CPPSs to guarantee the safety and reliability of manufacturing systems. Mandolla et al.  focused on metal additive manufacturing and created a digital twin of it with blockchain. By exploring the hash algorithm and digital signature of blockchain, information security and data accuracy were guaranteed at each phase of the additive manufacturing. Angrish et al.  developed a peer-to-peer manufacturing network based on the smart contracts mechanism managed by blockchain. Critical information of a participant was decentralized and made available on the network to improve information transparency and data provenance. The efficiency of the proposed network was demonstrated using a miniature hardware platform. Kennedy et al.  proposed an anti-counterfeiting method for additive manufacturing. They incorporated a QR code with a 3D printed part, which included its designed features and forms a digital twin of the physical part on a blockchain ledger to improve the part security. Yu et al.  employed blockchain to improve the attack resistance of shared manufacturing. By constructing the resource operation blockchain, a smart contract network was used to increase the security and effectiveness of the P2P-based resource sharing. Also, consensus mechanisms of proof-of-participation were incorporated to ensure the stability and sustainability of the blockchain-based shared manufacturing system. Zhu et al.  extended cloud manufacturing to embrace both centralization and decentralization features by incorporating a consortium blockchain. Consensus-oriented mechanisms were employed to guide operations in the cloud manufacturing systems. In addition, studies on adopting blockchain technologies to improve sustainable manufacturing can be found in the review .
Although incorporating blockchain in manufacturing has been investigated in the literature, the application of blockchain in AM systems is still limited. More importantly, these existing studies mainly focus on the macro-scale operations (i.e., enterprise level) of manufacturing systems such as anti-counterfeiting and decentralization on manufacturers, rather than on the micro-scale operations (i.e., production level) such as protection of CAD files and G-code from cyber-physical attacks. The blockchain is also capable of protecting the fundamentals of the AM system such as the protection of G-code. This gap can be potentially addressed by the proposed blockchain-based approach, which is discussed in Sec. 3.
3 Proposed Research Methodology
This study investigated the use of blockchain in dealing with two types of cyber-physical attacks in AM systems. The first one is the unintended design modifications on G-code, which maliciously tampers the G-code to alter AM product property. The second one is intellectual property theft, which illegally accesses to G-code and further leads to the unauthorized copy of AM products. To handle these two attacks, as summarized in Fig. 2, the overall framework of the proposed methodology consists of three steps:
A blockchain-based approach for G-code storage: in Sec. 3.1, a novel layer-wise G-code storage approach based on the structure of blockchain is proposed, which is capable of detecting the unintended G-code modification in time.
An asymmetry cryptography framework for G-code encryption: in Sec. 3.2, based on the blockchain-based G-code storage approach proposed in Sec. 3.1, an asymmetry cryptography framework is developed to further reduce the risk of intellectual property theft.
Application of the proposed methodology for cyber-physical security assurance in AM: in Sec. 3.3, the detailed paradigm of the proposed approach to prevent G-code from both unintended design modification and intellectual property theft is illustrated.
3.1 Blockchain-Based Data Storage Approach for G-Code
3.1.1 G-Code for Additive Manufacturing.
G-code is a common type of machine-readable language for many manufacturing applications. In AM, the machine's firmware can convert the G-code to the corresponding control signals to actuate the different physical components . Essentially, G-code manages the operations of the AM machine during fabrication processes. Notably, G-code is strictly layer-ordered as AM fabricates parts in a layer-by-layer manner. That is, without the printing of previous layers, the following layers cannot be successfully printed.
As discussed in Secs. 1 and 2, cyber-physical attacks may maliciously manipulate the G-code and thus result in altered design and changed machine parameters. Even a minor modification in G-code could lead to significant alterations in the properties and accuracy of printed parts . Although existing approaches can implement online anomaly monitoring , most of them only work during or after product fabrication, which brings up unnecessary costs in time and materials. Therefore, it is of great significance to detect cyber-physical attacks at an early stage (e.g., before manufacturing). To achieve this goal, a blockchain-based G-code storage approach is developed, which is presented in Sec. 3.1.2.
3.1.2 Blockchain-Based G-Code Storage.
As a powerful distributed data structure (ledger), blockchain provides a secure and trustworthy platform for peer-to-peer communication platform, which can store various types of critical information that are shared and trackable, such as transaction records and healthcare data . Blockchain incorporates a cryptographic hash function, which is an effective tool to ensure cyber-security. A hash function is a one-way function that maps data to a hash value of fixed size . The hash value can be thought of as an encrypted value of the original text from which it is impossible to derive the original one . The hash function has two critical properties to ensure the data security. First, it is practically impossible to find collisions; i.e., two different original inputs x1 and x2 cannot generate the same hash value. Second, it is difficult to track back; i.e., given a hash value, the original input text cannot be derived. The commonly used hash functions are secure hash algorithms (SHA) such as SHA1 and SHA256, which take texts as input and always output a hexadecimal string representing the output number of the function .
In general, a blockchain consists of two major components, namely, block header and block body . The block body stores the critical information/data and the block header contains the unique identification of each block. To ensure uniqueness and security, the block header must contain the following three items:
Previous block hash: a hash value which points to the address of the previous block.
Current block hash: a hash value calculated from the previous hash, current block index, timestamp, and all the data stored in the current block.
Timestamp: current timestamps as seconds.
As demonstrated in Fig. 3, each block is identified by its cryptographic hash and chained with another block by the previous block hash. Owing to unique hash information, the connection between each pair of blocks is secured . Data stored in each block are strictly ordered since the latter block cannot be constructed without hash values of previous blocks. In addition, any changes in stored data will lead to an entirely different hash value due to the unique property of the hash function, which is demonstrated in Sec. 4. Therefore, data stored in the block body are immutable since even a slight unintended modification can be easily identified by verifying the hash value.
Similar to the blockchain, the G-code is also strictly ordered due to the layer-wise fabrication manner of AM. Without completing the former layer, the latter layers cannot be initiated. Figure 4(a) is a demonstration of the G-code in AM. In G-code, the printing path movement in fabrication is reflected by the change of three coordinates, namely, X, Y, and Z coordinates. An increment along the Z-axis corresponds to the completed fabrication of one layer (circled). Therefore, based on the increments in the Z-axis, the entire G-code can be segmented based on the layer index.
The G-code of each layer can be considered as the data stored in one block, and it connects the adjacent layers through the previous block's hash value. When storing in a blockchain structure, a unique hash value for each layer's G-code is generated, as Fig. 4(b) displays. Unintended design modification may happen after the G-code of AM products is generated. The adversary (e.g., the competitor who fabricates similar products) can change the G-code to alter the process parameter (e.g., layer thickness or infill percentage) and geometry design (e.g., change the dimension, insert a void) of AM products in order to deteriorate product property and accuracy. However, due to the uniqueness of the hash function, any malicious tampering in the G-code will result in a completely different hash value in the corresponding block. As such, the blockchain-based storage approach enhances the robustness against the unintended modification of G-code. Notably, the malicious tampering is detected before fabrication, which can protect the property and accuracy of AM products well with less time and no material waste. In addition, storing one layer's G-code in one block also enables the AM system to quickly locate the unintended change in the G-code and effectively shorten the time to fix issues. The details are provided in Sec. 3.3.
Notably, there are several differences between the proposed blockchain-based G-code storage and conventional blockchain structure. First, this study aims to provide effective protection on a single G-code file, where G-code only comes from a single source. Therefore, the proposed approach does not incorporate a distributed ledger. Second, mining is also a powerful feature of blockchain that keeps adding the new blocks to the end of the chain. However, for a single AM product design, the number of layers is determined, hence the number of blocks is fixed and there is no need to mine new blocks here. In addition, some other techniques such as the Merkle tree, although it is an efficient tool for the validation of data integrity by reducing the data scale , the ultimate goal in AM is to fabricate AM product accurately and the manufacturing process involves the participation of complete G-code, which means G-code should be fully stored and transmitted. Thus, it is not beneficial to reduce the scale of G-code. Also, the size of the G-code is not large in practice (see more details in Sec. 4), which implies the storage and transmission of complete G-code is not a big burden.
To summarize, the proposed blockchain-based G-code storage approach enables the system to quickly detect and locate the unintended modification on G-code, which significantly enhances the robustness against malicious tampering on G-code. In Sec. 3.2, incorporating the encryption approach in G-code stored in the blockchain to enhance the resistance against intellectual property theft will be discussed.
3.2 Encryption of G-Code Through Asymmetry Cryptography in Blockchain.
Storing G-code in the blockchain contributes to effectively detecting and locating malicious tampering, which enhances the cyber-physical attack resistance through timely detection for the unintended G-code modification. The transaction data in typical blockchain applications such as bitcoin  are open and accessible while G-code contains key information of AM products. Easy access to a third party may cause loss when the data are confidential and valuable. Therefore, in some cases, people may not want the stored G-code to be publicly accessible. Simply storing the G-code without encryption in the block may result in another type of cyber-attack, intellectual property theft . Intellectual property is generally characterized as non-physical property that is the product of original thought, which in this case is the G-code of AM products. Intellectual property theft means unauthorized access to G-code stored in the blockchain and further copies the original product design. G-code stored in blocks is simple and has a fixed format so that it can be used easily, which leads to the occurrence of intellectual property theft. Recently, the private blockchain framework, such as Hyperledger, is developed to eliminate this risk. It is based on permission and private model that does not allow a third party to participate . However, in various AM applications, third parties may be allowed to gain access to the G-code. For example, in the face shield headband fabrication (see more details in Sec. 4), in order to respond to the coronavirus disease 2019 (COVID-19) pandemic timely, a third party may be allowed to access the G-code, but unfortunately, it cannot be implemented by the Hyperledger. Therefore, it is needed to develop an approach that enables the sender to conveniently adjust the access permission (from private to public or from the public to private) based on the change of privacy requirement.
This goal can be achieved by adding a pluggable option of asymmetry encryption. When the stored G-code contains private or confidential information, it would be better to encrypt the G-code before storing them in the blocks, which could enhance the cyber-physical attack resistance against unauthorized access to the G-code.
In order to reduce the risk of intellectual property theft, the G-code will be encrypted with cryptography technology before storing it in the block, making them only visible to authorized users, as Fig. 5 displays. Generally, there are two types of cryptography approaches, namely, symmetric and asymmetric cryptography . Compared with symmetric cryptography, asymmetric cryptography does not require time synchronization among devices on the network and overhead for communication and temporary storage, which is less vulnerable to cyber-physical attacks . Therefore, asymmetric cryptography is adopted to encrypt the blockchain G-code in this study. In asymmetric cryptography, the pair-use of a public key and a private key can effectively reduce the risk of leaking key information, which prevents AM products from intellectual property theft . Figure 6 displays the working principles of asymmetric cryptography. A public key is used to encrypt the original text to ciphertext and a private key is used to implement the decryption task. Among the existing asymmetric cryptography techniques, a widely used approach, namely, Rivest–Shamir–Adleman (RSA) is incorporated in the proposed methodology which has a high resistance to most of the common cyber-attacks based on the investigation from the literature . It considers plaintext and ciphertext as integers between 0 and n − 1, where n is the modulus . RSA is a cryptosystem based on number theory whose security is guaranteed by the difficulty of a large number of prime factorization and more details are discussed in Ref. .
The overall procedure of the G-code encryption and decryption using RSA is demonstrated in Fig. 7. The RSA technique for G-code encryption consists of three major steps: (1) private and public key generation, (2) encryption using a public key, and (3) decryption using a private key. Before sharing the G-code, the receiver such as the manufacturer needs to generate a private key first and then derives a public key from the private key. Notably, this derivation from the private key to the public key is irreversible, which ensures the ciphertext can be only decrypted by the G-code receiver. Then, the receiver shares the public key with the G-code sender such as a product designer. The sender uses it to encrypt the G-code. Afterward, the sender provides the receiver with the encrypted G-code and the receiver can decrypt it using a private key. The encrypted G-code is only accessible for the private key owner, which effectively reduces the risk of leaking critical information of the AM products. Finally, the decrypted G-code is ready for the receiver to fabricate the AM products.
In addition, it is also necessary to compare the proposed RSA-based G-code encryption approach with the digital signature . The goal of both approaches is to confirm data authentication. However, there are two major limitations to directly apply the digital signature in the protection of G-code. First, the digital signature encrypts the hash value of the data while leaving the data unencrypted, which may lead to relatively high cyber risk and vulnerability. Second, in the application of the digital signature, the encrypted information can be decrypted by the public key, which may make the encrypted data vulnerable. Compared with a digital signature, in the proposed approach, G-code is encrypted directly instead of encrypting hash value. Besides, in the proposed approach, the G-code sender uses the public key to encrypt the G-code and the receiver uses the private key to decrypt the ciphertext, which makes the G-code only accessible to the receiver. Through these improvements, the proposed asymmetry encryption approach for G-code can significantly reduce the risk of intellectual property theft.
In practice, the adversary may want to access critical and confidential product design without the owner's permission. With the application of the RSA-based G-code encryption approach, even decrypting a single layer of encrypted G-code without a private key is very time-consuming . Thus, it becomes extremely difficult to decrypt the entire G-code of AM products in a short time since one AM product usually have hundreds or even thousands of layers, which can effectively prevent AM systems from intellectual property theft. Incorporating the blockchain-based storage with asymmetry encryption approach, the proposed blockchain-based G-code encryption system is able to resist unintended modification and intellectual property theft, which is discussed in Sec. 3.3.
3.3 Procedures to Apply the Proposed Blockchain-Based Approach.
In practice, when the number of receivers is relatively small, for convenience, it may not be necessary to upload the G-code to the cloud. The sender can verify the occurrence of unintended modifications on the G-code after the receiver makes a G-code request. However, with the rapid development of IoT and cloud manufacturing, the number of participants might be large. Thus, uploading the G-code to the cloud makes it much easier and more convenient for the receivers to access. The sender can perform the verification procedure with a high frequency in order to eliminate the risk of unintended modifications. The paradigm to apply the proposed blockchain-based cyber-physical assurance approach is shown in Fig. 8.
Step 1: Key generation and sharing. The G-code receiver generates a private key, derives the corresponding public key, and shares it with the G-code sender.
Step 2: G-code segmentation and encryption. The sender segments the G-code in a layer-wise manner and encrypts the file using the public key.
Step 3: Storage of the encrypted G-code in the blockchain. The sender stores the encrypted G-code in the block and obtains the hash value of each block as the original hash.
Step 4: File sharing on the cloud. The sender uploads the encrypted blockchain G-code to the cloud.
Step 5: Verification of the occurrence of cyber-attack. The sender recalculates the hash of each block and testifies whether there are mismatches in the hash value to verify the occurrence of unintended modification in a high frequency. If an unintended modification occurs, the sender locates the specific block through the mismatch of the hash value.
Step 6: G-code retrieval and product fabrication. The receiver accesses the encrypted G-code from the cloud server, decrypts the ciphertext using a private key, and starts fabrication.
There are different ways to verify the occurrence of unintended modification through the hash value according to different types of modification, which is introduced in the following paragraphs. When the hash value matches, it is verified that the G-code has not maliciously tampered and the receiver can use a private key to decrypt the encrypted content in the block and ready to fabricate AM products without concern. Otherwise, the mismatch in the block's hash value implies the G-code has suffered from unintended modification, and the attacked layer can be immediately located by finding the block where the hash value mismatches. The verification can be implemented automatically, and its computation cost is also relatively low (see more details in Sec. 4). Thus, the correctness of the G-code could be ensured through high-frequency automatic verification.
In the proposed framework, it is difficult for hackers to decrypt the encrypted G-code in a manageable time frame due to two main reasons. First, the theoretical foundation of asymmetry cryptography makes it extremely challenging to find an efficient way to decrypt the encrypted G-code without a private key . On the other hand, G-code for common AM parts contains hundreds even thousands of layers, which becomes extremely time-consuming to decrypt the entire G-code of AM products. Therefore, with the help of the asymmetry encryption technique, the proposed blockchain-based encryption approach reduces the risk of intellectual property theft. Besides, the timestamp could be also incorporated in the proposed approach in order to further enhance the robustness against intellectual property theft. For example, if the encrypted G-code is decrypted by the adversary, then the adversary can access the AM design and even declares ownership over it. Under this situation, it is helpful for the owner to prove the ownership by tracing the timestamp in the block since it records the time when the G-code is generated and the records cannot be modified.
Even though hackers cannot decrypt the entire content, it is still possible that they may maliciously tamper with part of the encrypted G-code to alter the designed products. Unintended modification can be divided into two categories: (1) deletion/addition of blocks on the blockchain, and (2) slight/severe malicious tampering on several parts of ciphertext stored in the block. Both of these modifications on G-code can be quickly detected by the G-code sender in the proposed framework. In general, there are two practical ways to achieve the detection of deletion/addition on blocks. The first way is to do dimension comparison. This method directly detects the deletion/addition on blocks by comparing the current dimension of blocks, i.e., the number of layers, with the original dimension of blocks. When the dimension of block mismatches, it implies that unintended deletion/addition occurs. Although this approach is fast, it cannot detect which block has been maliciously deleted/added. To address this limitation, the second approach that can accurately detect the deleted/added layer is to do the benchmark comparison, which compares the original hash in the block (i.e., benchmark block) with the current hash in the corresponding block, as Fig. 9 displays. After the sender stores the encrypted G-code in the block, the original hash value for each block is generated. It is assumed that the original hash value is stored in a cyber-disabled environment (e.g., in a flash drive or a computer that is not connected to the Internet) so that it cannot be attacked by hackers and this original hash value can be seen as the benchmark. Notably, although the benchmark hash is stored in a cyber-disabled environment, the comparison (i.e., verification) can be implemented in a cyber-enabled environment after loading the benchmark from the cyber-disabled environment. The current hash in the block is calculated by the G-code sender after the sender uploads it to the cloud. If there is no deletion/addition of blocks, the current hash in blocks should be the same as the original hash. Exact deletion/addition of blocks can be detected by finding a hash value mismatch between the original hash of blocks and the current hash of blocks.
Regarding the other category of unintended modification, i.e., slight/severe malicious tampering on ciphertext, slight malicious tampering refers to tampering on one block and severe malicious tampering refers to tampering from a certain block till the last block. Slight malicious tampering can be detected by chain detection, as Fig. 10(a) displays. When the encrypted G-code is maliciously tampered in one block, due to the uniqueness property of the hash function, it will produce an entirely different hash value so that the block cannot be chained correctly. By comparing block i's hash value (i.e., layer i) with the previous hash value in the next block i + 1 (i.e., layer i + 1), the exact tampered layer can be detected immediately. For severe malicious tampering, after a certain block (i.e., layer), all the following blocks have been maliciously tampered. In this situation, since all the following blocks have been modified, all the corresponding hash values (i.e., the previous block's hash and this block's hash) have been modified so the chain detection cannot work here. In practice, this type of cyber-attack can be detected by benchmark comparison as well since the modified blocks generate a totally different hash value. Comparing the modified hash value in the current block with the hash value in the original block, the malicious tampering can be detected, as Fig. 10(b) displays. Thus, this approach can effectively detect both types of unintended modifications.
By storing encrypted G-code in the blockchain, the cyber-enabled AM system enhances the resistance against two types of cyber-attacks, namely, unintended modification and intellectual property theft. In the next section, a demonstration of the proposed method is presented.
4 A Real-World Case Study
Based on the approach presented in Sec. 3, a real-world case study is performed in this section to validate the feasibility of the proposed blockchain-based G-code storage method. The case study background is introduced in Sec. 4.1, the demonstration of G-code encryption and decryption is introduced in Sec. 4.2, and the demonstration of attack resistance is introduced in Sec. 4.3.
4.1 Case Study Background.
During the COVID-19 pandemic, the 3D printing community all over the world has responded to the pandemic by providing distributed manufacturing capacity for personal protective equipment (PPE) with maximal flexibility to respond to real-time demand . This type of rapid, crowd-sourced, design, and production calls for frequent file exchange between designers and manufacturers remotely all over the world. Furthermore, the unnoticed design changes in the manufactured PPEs may lead to compromised product life and functionality, causing significant operational hazards for healthcare professionals.
In this paper, the most widely printed PPE design, face shield headband, has been adopted to demonstrate the proposed methodology. The CAD model of the headband is illustrated in Fig. 11, and the slicing parameters used to generate the G-code are summarized in Table 1. More information about the design and use of this headband can be found in Ref. .
4.2 Demonstration of Encryption and Decryption.
After slicing the STL file, the G-code is generated. The G-code segmentation can be set in the following format: All the layers end up with the two lines highlighted (with the layer's z-axis increment), as Fig. 12 displays. In this demonstration, the face shield has 175 layers with a layer thickness of 0.3 mm. Thereby, the G-code is divided into 175 blocks according to the layer number.
Encryption and decryption operations are needed when the G-code is confidential. Using the asymmetry encryption method introduced in Sec. 3.2, a private key is generated by the G-code receiver and then a public key is derived from the private key. Afterward, the public key is shared to the G-code sender. Then, the layer-wise G-code is encrypted using a public key, as Fig. 13 displays, and the ciphertext cannot be read directly. Decrypting these encrypted G-code directly without a private key takes a very long time, which protects G-code from potential intellectual property theft. In terms of the computational efficiency for the encryption, the face shield has 175 layers and 183,801 rows of G-code. The total encryption time is about 1.5 min. The overall fabrication time for the face shield is about 160 min. The fabrication time is related to the types of AM and design of the product. Since the G-code of each product varies when the design and process change, the ratio of encryption/decryption time to the product fabrication time is applied to evaluate the computational efficiency in this study. The ratio of encryption time to fabrication time is less than 0.01 in this case. Comparing with fabrication time, the encryption time is insignificant and is in an acceptable range. Besides, the data size of G-code is only 5MB, which is not a heavy burden for storage and transmission. This demo was performed on Intel Core i5-7400 (3.6 GHz) under python 3.7.
Afterward, the encrypted layer-wise G-code is stored in the blockchain. As presented in Sec. 3.1, each block stores one layer's ciphertext and generates a unique hash value, as Fig. 14 displays. The generated hash value is considered as the benchmark and stored in a cyber-disabled environment in order to testify the occurrence of unintended modification. Then, this blockchain will be uploaded to the cloud.
G-code sender testifies the occurrence of unintended modification using a hash of blockchain in a high frequency. When all blocks’ hash value matches, it is verified that there is no malicious tampering on the G-code. The total decryption time is about 8 min. Since the overall fabrication time is about 160 min, the ratio of decryption time to fabrication time is 0.05. Comparing with the fabrication time, the decryption time is insignificant and acceptable in practice.
4.3 Capability of Cyber-physical Attack Resistance.
With the application of asymmetry encryption, using the private key, the decryption takes about 8 min. Decryption on ciphertext without a private key needs to take a much longer time, which makes the G-code more difficult to be decrypted by the undesignated user and thus protects the information security.
As introduced in Sec. 3.3, unintended modification can be divided into two categories. For malicious deletion/addition operations on blocks, two approaches can be applied to implement detection. In this case, the number of layers is 175. It is assumed that block 3 has been maliciously deleted. To detect this change, the proposed methodology first compares the dimension of the current blockchain with the dimension of the original benchmark. After malicious deletion/addition, the number of blocks in the current blockchain is not equal to the dimension of the benchmark, which implies the occurrence of malicious tampering. Although dimension comparison is fast, it cannot locate which layer is maliciously deleted/added. The benchmark comparison can solve this problem with detection time increasing. By recalculating the hash value of each block and comparing the corresponding hash value with the original hash benchmark, malicious deletion/addition on the block can be identified, as Fig. 15 displays.
Considering the slight malicious tampering involves modification on ciphertext of one block, it can be directly detected by chain detection. For example, layer 3 totally has 2932 rows G-code and its original hash value is shown in Fig. 16. Simply changing one letter in one row of layer 3's ciphertext will generate a completely different hash value. In one row ciphertext of layer 3's G-code, slightly changing one part (the last number changed from 8 to 9), the hash value generated by the block varies greatly. As elaborated in Sec. 3.3, by finding the hash value mismatch between block i's hash value and block (i + 1)'s previous hash value, the malicious tampering on ciphertext can be localized. The detection of a changed design with 175 layers takes 0.40s, and thus the average detection time for each layer is about 2.3 ms.
For the severe malicious, the detection is implemented by the benchmark comparison, as Fig. 10(b) displays. In terms of computational efficiency, the detection of a changed design with 175 layers takes 0.45 s and the average detection time for one layer is about 2.5 ms. Compared with chain detection, the time cost of the second approach becomes higher once the number of layers increases but still acceptable.
Once the unintended modification is detected, there is no need to decrypt the tampered ciphertext, which avoids the unnecessary time and material waste. Compared with other in situ anomaly detection methods which work after several layers’ fabrication, the proposed blockchain-based G-code storage method is more effective and efficient, which reduces unnecessary time and material costs.
5 Conclusions and Future Work
This study presents a novel approach that extends the blockchain technology to enhance cyber-physical security in AM. With the developed methodology, two common potential attack risks can be addressed, namely, unintended design modification and intellectual property theft. As encrypted G-code is stored in the blockchain, any unintended design modification on G-code will be detected and located accurately due to the mismatch of the hash value in the corresponding block. In addition, using asymmetry encryption technology, the encrypted G-code is hard to be decrypted without the private key, which reduces the risk of intellectual property theft. The demonstration uses the G-code of a face shield headband as an example. The procedure of the G-code segment, encryption, decryption, and hash value generation is illustrated through this specific real-world case study. Correspondingly, various detection methods for different kinds of cyber-attacks are displayed. This paper is a preliminary work for the blockchain-based cyber-physical security assurance in cyber-enabled AM systems, and the preliminary application demonstrates that this research direction is very promising for significantly improving the cyber-physical security in AM.
The future work is mainly in the following three directions. First, other powerful features in blockchain, such as mining functionality and the distributed property, along with the receiver-involved real-time verification approaches will be further investigated to incorporate them into AM systems. Second, different encryption methodologies incorporated with the blockchain technology can be applied to cope with different types of cyber-physical attacks. Third, more real-world AM applications will be further explored and evaluated.
Conflict of Interest
There are no conflicts of interest.
Data Availability Statement
The data sets generated and supporting the findings of this article are obtainable from the corresponding author upon reasonable request.