80 Copyright © 2009 Open Geospatial Consortium, Inc.
Potential NA
Reason Espionage
Requirement Confidentiality
Table 77: Record GetObservationById requestresponse
9.6.7 GetResult operation
Asset: Observation offering
Cause Man-In-The-Middle
Effect SOS will receive fraudulent GetResult request.
Result User will get wrong observation based on the modified parameters from the request.
Scope Application specific knowledge is required. In particular, the adversary has to know
the ObservationTemplateId that was created by the SOS as a result of an earlier GetObservation request.
Example Likelihood
Low Impact on Asset
None Impact on User
Direct affect on asset if the ObservationTemplateId is valid but not associated to the actual request effective to active client.
Impact on User Direct effect for calling client
Potential NA
Reason Sabotage, Espionage
Requirement Integrity
Table 78: Modify GetResult request
Cause Man-In-The-Middle
Effect User client will receive fraudulent observation data.
Result User will receive observation data that is associated with request but tampered.
Copyright © 2009 Open Geospatial Consortium, Inc. 81
Scope Application specific knowledge is required.
Example Likelihood
Medium Impact on Asset
None Impact on User
Direct affect on asset effective to active client. Potential
NA Reason
Sabotage Requirement
Integrity
Table 79: Modify GetResult response
Cause Adversary is able to execute SOS
Effect GetResult operation of the SOS is invoked.
Result The adversary might receive observation data from the SOS if the
ObservationTemplateId is valid. Scope
Application specific knowledge. In particular, the attacker needs to know a valid OberservationTemplateId served by
the SOS Example
Likelihood Low
Impact on Asset No affect on asset but its unveiling.
Impact on User None
Potential NA
Reason Espionage
Requirement Access Control to prevent unauthorized access.
Table 80: Create GetResult request
Cause Eavesdropping
Effect Adversary’s client will send recorded GetResult requests to SOS.
82 Copyright © 2009 Open Geospatial Consortium, Inc.
Result Adversary receives updated observation data associated to the
ObservationTemplateId. Scope
No application specific knowledge required. Example
Likelihood High
Impact on Asset None
Impact on User None
Potential NA
Reason Espionage
Requirement Unique request id and time-stamp to detect replay.
Table 81: Replay GetResult request
Cause ARP spoofing
Effect User client GetResult request is send to the adversary’s SOS.
Result Adversary’s SOS will receive the request and return fictitious observation data.
Scope Application specific knowledge required.
Example Likelihood
Medium Impact on Asset
None Impact on User
Impact on the user of the active client as the response will come from the adversary’s SOS.
Reason Sabotage
Requirement Service authentication and authenticity on the response.
Table 82: Redirect GetResult request
Cause Eavesdropping
Effect NA
Result Adversary receives observation data and obtains a valid ObservationTemplateID.
Copyright © 2009 Open Geospatial Consortium, Inc. 83
Scope Application specific knowledge required.
Example Likelihood
Medium Impact on Asset
None Impact on User
None Potential
Adversary can use the ObservationTemplateId to request updates of the observation based on the template.
Reason Sabotage
Requirement Service authentication and authenticity on the response.
Table 83: Record GetResult requestresponse
9.6.8 Summary of the Attacks