Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Stop Stealing My Data: Sanitizing Stego Channels in 3D Printing Design Files

Aleksandr Dolgavin, Mark Yampolskiy, Moti Yung

TL;DR

This work addresses the security risk posed by steganographic channels in STL 3D printing design files, which can enable covert data exfiltration or malicious payloads in AM outsourcing. It proposes and evaluates a Content Threat Removal sanitizer that erases hidden content across STL stego channels while preserving the part's printability and quality. The sanitizer includes channel-specific modules for facet, vertex, and normal channels, and relies on re-saving the STL to implicitly neutralize non-functional ASCII and number-representation channels. Evaluation on a realistic model shows that the sanitizer disrupts embedded data across channels, with about half of encoded bits affected on average, and the authors release accompanying open-source tools to support adoption and further research. The work highlights the ongoing challenge of robust or legitimate stego uses and suggests future work on distinguishers and co-design of watermarks with sanitization mechanisms to enable trusted AM ecosystems.

Abstract

The increased adoption of additive manufacturing (AM) and the acceptance of AM outsourcing created an ecosystem in which the sending and receiving of digital designs by different actors became normal. It has recently been shown that the STL design files -- most commonly used in AM -- contain steganographic channels. Such channels can allow additional data to be embedded within the STL files without changing the printed model. These factors create a threat of misusing the design files as a covert communication channel to either exfiltrate stolen sensitive digital data from organizations or infiltrate malicious software into a secure environment. This paper addresses this security threat by designing and evaluating a \emph{sanitizer} that erases hidden content where steganographic channels might exist. The proposed sanitizer takes into account a set of specific constraints imposed by the application domain, such as not affecting the ability to manufacture part of the required quality using the sanitized design.

Stop Stealing My Data: Sanitizing Stego Channels in 3D Printing Design Files

TL;DR

This work addresses the security risk posed by steganographic channels in STL 3D printing design files, which can enable covert data exfiltration or malicious payloads in AM outsourcing. It proposes and evaluates a Content Threat Removal sanitizer that erases hidden content across STL stego channels while preserving the part's printability and quality. The sanitizer includes channel-specific modules for facet, vertex, and normal channels, and relies on re-saving the STL to implicitly neutralize non-functional ASCII and number-representation channels. Evaluation on a realistic model shows that the sanitizer disrupts embedded data across channels, with about half of encoded bits affected on average, and the authors release accompanying open-source tools to support adoption and further research. The work highlights the ongoing challenge of robust or legitimate stego uses and suggests future work on distinguishers and co-design of watermarks with sanitization mechanisms to enable trusted AM ecosystems.

Abstract

The increased adoption of additive manufacturing (AM) and the acceptance of AM outsourcing created an ecosystem in which the sending and receiving of digital designs by different actors became normal. It has recently been shown that the STL design files -- most commonly used in AM -- contain steganographic channels. Such channels can allow additional data to be embedded within the STL files without changing the printed model. These factors create a threat of misusing the design files as a covert communication channel to either exfiltrate stolen sensitive digital data from organizations or infiltrate malicious software into a secure environment. This paper addresses this security threat by designing and evaluating a \emph{sanitizer} that erases hidden content where steganographic channels might exist. The proposed sanitizer takes into account a set of specific constraints imposed by the application domain, such as not affecting the ability to manufacture part of the required quality using the sanitized design.
Paper Structure (31 sections, 9 figures, 1 table)

This paper contains 31 sections, 9 figures, 1 table.

Table of Contents

  1. Introduction
  2. Background & Related Work
  3. STereoLithography (STL) File Format
  4. Stego Channels in STL
  5. Related Work
  6. Analysis: Characteristics of STL Steganographic Channels & their Implications on Sanitizing
  7. Multitude of Encoding Strategies
  8. Consequences for Sanitizing:
  9. Orthogonality of STL Stego Channels & Existence of Robust Encoding Strategies
  10. Consequences for Sanitizing:
  11. Consequences for Sanitizing:
  12. 3D Printing Application Requirements: Printability and Print Quality
  13. Consequences for Sanitizing:
  14. Distinguisheability of Stego Data
  15. Consequences for Sanitizing:
  16. ...and 16 more sections

Figures (9)

  • Figure 1: Description of the 3D digital design model as STereoLithography (STL) file format yampolskiy2021what.
  • Figure 2: Possible definition of order in vertex stego channel.
  • Figure 3: Pseudo-code for sanitizing all STL stego channels by calling sanitizers for individual channels.
  • Figure 4: Pseudo-code for sanitizing Facet stego channel (based on Fisher-Yates algorithm durstenfeld1964algorithm).
  • Figure 5: Pseudo-code for sanitizing Vertex stego channel.
  • ...and 4 more figures