50 Copyright © 2009 Open Geospatial Consortium, Inc.

9.5.6 GetFeasibility operation

Asset: service assignment request metadata Cause Man-In-The-Middle Effect User client will receive fraudulent feasibility information on the submitted assignment parameter. Result User client receives the feasibility that is fictitious and not associated to the intended request. This might prevent that the user is ever trying to task the sensor. Scope Adversary has to have application specific knowledge. Example Likelihood Medium Impact on Asset None Impact on User Direct affect if feasible request is tampered as not-feasible and user consequently doesnt issue submit requests Potential NA Reason Denial of Sensor – The user might never try to task the sensor with the assignment parameters, as the feasibility does not indicate that it is possible. Requirement Integrity Table 25: Modify GetFeasibility respone Cause Man-In-The-Middle Effect SPS will receive fraudulent GetFeasibility request. Result SPS will inform user client about the feasibility on its request but the answer was derived by the SPS on fraudulent information. Scope Adversary has to have application specific knowledge. Example Likelihood Medium Impact on Asset Direct affect on asset as tampered GetFeasibility request parameters can cause the SPS to undertake costly processing. And as the user might not task a sensor before the parameters are ―cleared‖ by the GetFeasibility operation, the tasking will either Copyright © 2009 Open Geospatial Consortium, Inc. 51 move into the future or actually never happen. Impact on User Direct affect on the use of the asset effective to the active client as the response is not associated to the actual request sent by the user. Potential NA Reason Denial of Sensor – The user might never try to task the sensor with the assignment parameters, as the feasibility does not indicate that it is possible. Requirement Integrity Table 26: Modify GetFeasibility request Cause Adversary’s client is able to execute SPS Effect Adversary ’s client sends a GetFeasibility request with fictitious assignment paramters to the SPS. Result The SPS will derive the feasibility of the assignment request that is part of the GetFeasibility request. Scope Adversary has to have application specific knowledge. In particular, he needs to know how to create a fictitious assignment request. Example Likelihood Low Impact on Asset None However, in cases where the fictitious assignment is extremely complex, the calculation of the feasibility might consume SPS resources and result in slower processing of other requests. Impact on User None Potential The adversary can submit concrete assignment parameters to test the feasibility for actually tasking the sensor. Reason DoS if the adversary submits extremely complex assignment parameters. Espionage if the adversary submits concrete assignment parameters prior to actually tasking the sensor. Requirement Sanity check on the request to detect fictitious complexity. Table 27: Create GetFeasibility request Cause Eavesdropping 52 Copyright © 2009 Open Geospatial Consortium, Inc. Effect Adversary’s client will send recorded GetFeasibility request messages to SPS. Result SPS is processing GetFeasibility requests Scope No application specific knowledge required as recorded messages are used. Example Likelihood High Impact on Asset None Impact on User None Potential Depending on the implementation, the continuous replay of GetFeasibility requests might prevent the acceptance of Submit requests by the SPS. Reason DoS In cases where the recorded request contains a complex assignment, sending this request in a bulk might cause the SPS to slower processing. Requirement Unique message ID and time-stamp as well as integrity to detect the replay. The implementation has to guarantee that continuous replay of GetFeasibility requests do not prevent the actual tasking of a sensor. Table 28: Replay GetFeasibility request Cause ARP spoofing Effect User client will send GetFeasibility request to fraudulent SPS. Result User client will receive a fictitious probably fraudulent feasibility that most likely is not associated to the original request. Scope No application specific knowledge is required. However, the attacker has to be able to set up a service that returns an appropriate result back to the user client. Example Likelihood Medium Impact on Asset None – As the processing of the feasibility will not take part for the actual sensor. Impact on User Direct affect on use of asset effective to the active client. Potential The adversary might obtain a large set of assignment parameters for sensor. The adversary is able to determine the kind of sensor and its operation based on the obtained information. Reason Sabotage Copyright © 2009 Open Geospatial Consortium, Inc. 53 Assuming that the user client will issue a GetFeasibilityRequest prior to submitting an assignment request for tasking of a complex sensor e.g. a satellite, the user client might never actually issue the Submit request, if the response of the feasibility request is permanently negative. Requirement Authentication for the SPS and Authenticity of the response so that the user client can determine that the response came from the attacker’s SPS. Table 29: Redirect GetFeasibility request Cause Eavesdropping Effect NA Result The adversary might obtain a large set of assignment parameters for sensor. The adversary is able to determine the kind of sensor and its operation based on the obtained information. Scope No application specific knowledge is required to exercise this attack. Example Likelihood High Impact on Asset None Impact on User None Potential The adversary can obtain information such as assignment parameters that can be used for exercising other attacks. Reason Espionage Requirement Confidentiality Table 30: Record GetFeasibility requestresponse

9.5.7 GetStatus operation