40 Copyright © 2009 Open Geospatial Consortium, Inc. Effect Adversary’s client will record GetCapabilities requestresponse to SPS. Result Adversary’s client receives SPS capabilities. Scope No application specific knowledge required to exercise this attack. Example Likelihood High Impact on Asset None Impact on User None Potential Important for exercising other attacks, requiring sensorID as input. Reason Future Espionage, Sabotage, DoS Requirement Allow execution of GetCapabilities for authenticated users only and protect response with confidentiality to prevent unveiling of the metadata. Table 9: Record GetCapabilites requestresponse

9.5.3 Identify the Threats for DescribeTasking operation

Asset: Sensor metadata Cause Man-In-The-Middle Effect User client will receive fraudulent metadata for a sensor assignment. Result User client might not be able to task the sensor due to the fraudulent information. Scope Attacker has to have application specific knowledge to tamper the response ―properly‖. Example Likelihood Low Impact on Asset None Impact on User There is a potential affect on the future use of the asset effective to the actual user in cases where the user client makes the actual tasking of a sensor dependent on the response from the DescribeTasking operations. Potential NA Reason Sabotage Copyright © 2009 Open Geospatial Consortium, Inc. 41 Requirement Integrity Table 10: Modify DescribeTasking response Cause Adversary’s client can execute SPS Effect Adversary’s client will receive sensor metadata about a sensor that is relevant for submitting an assignment request Submit operation. Result Adversary obtains sensor metadata. Scope Adversary has to have application specific knowledge and a valid sensor ID. But this is not problematic; it just requires to issue a GetCapabilities request first. Example Likelihood Low Impact on Asset None Impact on User None Potential The adversary gains all parameters of a sensor for tasking. Reason Espionage Requirement None Table 11: Create DescribeTasking request Cause E avesdropping and adversary’s client can execute SPS Effect Adversary’s client will send recorded DescribeSensor request to SPS. Result Adversary’s client will receive sensor metadata. Scope No application specific knowledge required. Example Likelihood High Impact on Asset None Impact on User None Potential The adversary gains all parameters of a sensor for tasking. Reason Espionage 42 Copyright © 2009 Open Geospatial Consortium, Inc. But the Shannon entropy of the information gained is probably zero unless the SPS is serving new sensors since the last attack. Requirement None Table 12: Replay DescribeTasking request Cause Eavesdropping Effect NA Result Adversary obtains sensorID and tasking parameter. Scope No application specific knowledge is required to exercise the attack. Example Likelihood High Impact on Asset None Impact on User None Potential The adversary gains all parameters of a sensor for tasking, including the sensor ID. Reason Fetch information required to exercise other attacks. Requirement Confidentiality of the sensorID and the tasking parameters as they are valuable for the attacker. Table 13: Record DescribeTasking requestresponse

9.5.4 Submit operation