70 Copyright © 2009 Open Geospatial Consortium, Inc.
Table 58: Replay GetObservation request
Cause Man-In-The-Middle
Effect User client’s GetObservation request will be send to adversary’s SOS.
Result User receives fraudulent observation data from adversary’s SOS.
Scope Application specific knowledge is required as the adversary’s SOS has to response
―properly‖. Example
Likelihood Medium
Impact on Asset None
Impact on User Direct affect on asset.
Potential NA
Reason Sabotage
Requirement Authentication for SOS and Authenticity on the response so that the user client can
determine that the result came from another service.
Table 59: Redirect GetObservation request
9.6.4 RegisterSensor operation
Asset: Observation offerings
Cause Man-In-The-Middle
Effect SOS will receive fraudulent RegisterSensor request
Result SOS will trust fraudulent sensor provided by the attacker and provide offerings
based on the sensor. Scope
Application specific knowledge required. Example
Likelihood Medium
Impact on Asset Direct affect on asset.
Impact on User Impact to the user of the active client exists as the response is not associated to the
originally request.
Copyright © 2009 Open Geospatial Consortium, Inc. 71
Potential NA
Reason Sabotage
Requirement Integrity
Table 60: Modify RegisterSensor request
Cause Man-In-The-Middle
Effect User client will receive fraudulent RegisterSensor response.
In particular, the response might contain a fraudulent AssignedSensorId URI. Result
User might use wrong AssignedSensorId URI to insert observation data via InsertObservation request.
The correct AssignedSensorId can be misused by the adversary to send fraudulentfictitious observation data.
Scope Application specific knowledge required.
Example Likelihood
Medium Impact on Asset
None Impact on User
Direct affect on asset. Potential
NA Reason
Sabotage Requirement
Integrity
Table 61: Modify RegisterSensor response
Cause Adversary’s client is able to execute SOS.
Effect RegisterSensor operation of the SOS is invoked.
Result Theoretically, infinite sensors can get registered with SOS. This can be used by the
adversary as InsertOffering requests can be issued for all the fraudulent sensors. Also, these fraudulent sensors can be used by clientsusers.
Scope Application specific knowledge required.
Example
72 Copyright © 2009 Open Geospatial Consortium, Inc.
Likelihood Low
Impact on Asset Direct affect on the asset as the sensor can be used to create offerings which are then
based on the sensors of the adversary. Impact on User
Direct impact to all users of the SOS exist as they can use the fictitiousfraudulent sensor.
Reason Sabotage
Requirement Access Control to prevent unauthorized registration of sensors.
Table 62: Create RegisterSensor request
Cause Eavesdropping
Effect Adversary’s client will send recorded RegisterSensor request to SOS.
Result SOS RegisterSensor operation is invoked. This should not affect the registration
table as the request was already processed earlier and should result in an error. Scope
No application specific knowledge required. Example
Likelihood High
Impact on Asset None
Impact on User None
Reason Sabotage
Requirement None
Table 63: Replay RegisterSensor request
Cause Man-In-The-Middle
Effect User client RegisterSensor request will be send to adversary’s SOS.
Result The user will receive a fraudulent response indicating that the registration was
successful. All subsequent InsertObservation requests to the actual SOS will result in a processing error, as the sensor is not registered.
Scope Application specific knowledge is required.
Example
Copyright © 2009 Open Geospatial Consortium, Inc. 73
Likelihood Medium
Impact on Asset None
Impact on User Direct affect on asset.
Potential NA
Reason Sabotage
Requirement Authenticity of the response to allow the user client to determine that the response
came from another service. Service Authentication.
Table 64: Redirect RegisterSensor request
Cause Eavesdropping
Effect NA
Result Adversary obtains detailed information about a sensor and the AssignedSensorId.
Scope No application specific knowledge is required to exercise this attack.
Example Likelihood
Medium Impact on Asset
None Impact on User
None Potential
The adversary can use the AssignedSensorId to inject fictitious observations to the SOS.
Reason Espionage
Requirement Confidentiality
Table 65: Record RegisterSensor requestresponse
9.6.5 InsertObservation operation