1. Home
  2. Lainnya

RegisterSensor operation Sensor Observation Service

70 Copyright © 2009 Open Geospatial Consortium, Inc. Table 58: Replay GetObservation request Cause Man-In-The-Middle Effect User client’s GetObservation request will be send to adversary’s SOS. Result User receives fraudulent observation data from adversary’s SOS. Scope Application specific knowledge is required as the adversary’s SOS has to response ―properly‖. Example Likelihood Medium Impact on Asset None Impact on User Direct affect on asset. Potential NA Reason Sabotage Requirement Authentication for SOS and Authenticity on the response so that the user client can determine that the result came from another service. Table 59: Redirect GetObservation request

9.6.4 RegisterSensor operation

Asset: Observation offerings Cause Man-In-The-Middle Effect SOS will receive fraudulent RegisterSensor request Result SOS will trust fraudulent sensor provided by the attacker and provide offerings based on the sensor. Scope Application specific knowledge required. Example Likelihood Medium Impact on Asset Direct affect on asset. Impact on User Impact to the user of the active client exists as the response is not associated to the originally request. Copyright © 2009 Open Geospatial Consortium, Inc. 71 Potential NA Reason Sabotage Requirement Integrity Table 60: Modify RegisterSensor request Cause Man-In-The-Middle Effect User client will receive fraudulent RegisterSensor response. In particular, the response might contain a fraudulent AssignedSensorId URI. Result User might use wrong AssignedSensorId URI to insert observation data via InsertObservation request. The correct AssignedSensorId can be misused by the adversary to send fraudulentfictitious observation data. Scope Application specific knowledge required. Example Likelihood Medium Impact on Asset None Impact on User Direct affect on asset. Potential NA Reason Sabotage Requirement Integrity Table 61: Modify RegisterSensor response Cause Adversary’s client is able to execute SOS. Effect RegisterSensor operation of the SOS is invoked. Result Theoretically, infinite sensors can get registered with SOS. This can be used by the adversary as InsertOffering requests can be issued for all the fraudulent sensors. Also, these fraudulent sensors can be used by clientsusers. Scope Application specific knowledge required. Example 72 Copyright © 2009 Open Geospatial Consortium, Inc. Likelihood Low Impact on Asset Direct affect on the asset as the sensor can be used to create offerings which are then based on the sensors of the adversary. Impact on User Direct impact to all users of the SOS exist as they can use the fictitiousfraudulent sensor. Reason Sabotage Requirement Access Control to prevent unauthorized registration of sensors. Table 62: Create RegisterSensor request Cause Eavesdropping Effect Adversary’s client will send recorded RegisterSensor request to SOS. Result SOS RegisterSensor operation is invoked. This should not affect the registration table as the request was already processed earlier and should result in an error. Scope No application specific knowledge required. Example Likelihood High Impact on Asset None Impact on User None Reason Sabotage Requirement None Table 63: Replay RegisterSensor request Cause Man-In-The-Middle Effect User client RegisterSensor request will be send to adversary’s SOS. Result The user will receive a fraudulent response indicating that the registration was successful. All subsequent InsertObservation requests to the actual SOS will result in a processing error, as the sensor is not registered. Scope Application specific knowledge is required. Example Copyright © 2009 Open Geospatial Consortium, Inc. 73 Likelihood Medium Impact on Asset None Impact on User Direct affect on asset. Potential NA Reason Sabotage Requirement Authenticity of the response to allow the user client to determine that the response came from another service. Service Authentication. Table 64: Redirect RegisterSensor request Cause Eavesdropping Effect NA Result Adversary obtains detailed information about a sensor and the AssignedSensorId. Scope No application specific knowledge is required to exercise this attack. Example Likelihood Medium Impact on Asset None Impact on User None Potential The adversary can use the AssignedSensorId to inject fictitious observations to the SOS. Reason Espionage Requirement Confidentiality Table 65: Record RegisterSensor requestresponse

9.6.5 InsertObservation operation

Dokumen yang terkait

OWS-9 WCS Conformance Testing Engineering Report

0 0 21

OGC® OWS-9 - OWS Context evaluation IP Engineering Report

0 0 109

OGC® OWS 9 Data Quality and Web Mapping Engineering Report

0 0 26

OGC® OWS-9 Web Feature Service Temporality Extension Engineering Report

0 0 12

OWS-9 Aviation Architecture Engineering Report

0 1 147

OWS-9 Aviation Portrayal Engineering Report

0 0 42

OWS-8 Aviation - WXXM Engineering Report

0 1 68

OWS-8 Aviation Architecture Engineering Report

0 0 126

OWS-7 Event Architecture Engineering Report

0 0 197

OWS-6 Geoprocessing Workflow Architecture Engineering Report

0 0 80