80 Copyright © 2009 Open Geospatial Consortium, Inc. Potential NA Reason Espionage Requirement Confidentiality Table 77: Record GetObservationById requestresponse

9.6.7 GetResult operation

Asset: Observation offering Cause Man-In-The-Middle Effect SOS will receive fraudulent GetResult request. Result User will get wrong observation based on the modified parameters from the request. Scope Application specific knowledge is required. In particular, the adversary has to know the ObservationTemplateId that was created by the SOS as a result of an earlier GetObservation request. Example Likelihood Low Impact on Asset None Impact on User Direct affect on asset if the ObservationTemplateId is valid but not associated to the actual request effective to active client. Impact on User Direct effect for calling client Potential NA Reason Sabotage, Espionage Requirement Integrity Table 78: Modify GetResult request Cause Man-In-The-Middle Effect User client will receive fraudulent observation data. Result User will receive observation data that is associated with request but tampered. Copyright © 2009 Open Geospatial Consortium, Inc. 81 Scope Application specific knowledge is required. Example Likelihood Medium Impact on Asset None Impact on User Direct affect on asset effective to active client. Potential NA Reason Sabotage Requirement Integrity Table 79: Modify GetResult response Cause Adversary is able to execute SOS Effect GetResult operation of the SOS is invoked. Result The adversary might receive observation data from the SOS if the ObservationTemplateId is valid. Scope Application specific knowledge. In particular, the attacker needs to know a valid OberservationTemplateId served by the SOS Example Likelihood Low Impact on Asset No affect on asset but its unveiling. Impact on User None Potential NA Reason Espionage Requirement Access Control to prevent unauthorized access. Table 80: Create GetResult request Cause Eavesdropping Effect Adversary’s client will send recorded GetResult requests to SOS. 82 Copyright © 2009 Open Geospatial Consortium, Inc. Result Adversary receives updated observation data associated to the ObservationTemplateId. Scope No application specific knowledge required. Example Likelihood High Impact on Asset None Impact on User None Potential NA Reason Espionage Requirement Unique request id and time-stamp to detect replay. Table 81: Replay GetResult request Cause ARP spoofing Effect User client GetResult request is send to the adversary’s SOS. Result Adversary’s SOS will receive the request and return fictitious observation data. Scope Application specific knowledge required. Example Likelihood Medium Impact on Asset None Impact on User Impact on the user of the active client as the response will come from the adversary’s SOS. Reason Sabotage Requirement Service authentication and authenticity on the response. Table 82: Redirect GetResult request Cause Eavesdropping Effect NA Result Adversary receives observation data and obtains a valid ObservationTemplateID. Copyright © 2009 Open Geospatial Consortium, Inc. 83 Scope Application specific knowledge required. Example Likelihood Medium Impact on Asset None Impact on User None Potential Adversary can use the ObservationTemplateId to request updates of the observation based on the template. Reason Sabotage Requirement Service authentication and authenticity on the response. Table 83: Record GetResult requestresponse

9.6.8 Summary of the Attacks