Copyright © 2009 Open Geospatial Consortium, Inc. 53
Assuming that the user client will issue a GetFeasibilityRequest prior to submitting an assignment request for tasking of a complex sensor e.g. a satellite,
the user client might never actually issue the Submit request, if the response of the feasibility request is permanently negative.
Requirement Authentication for the SPS and Authenticity of the response so that the user client
can determine that the response came from the attacker’s SPS.
Table 29: Redirect GetFeasibility request
Cause Eavesdropping
Effect NA
Result The adversary might obtain a large set of assignment parameters for sensor. The
adversary is able to determine the kind of sensor and its operation based on the obtained information.
Scope No application specific knowledge is required to exercise this attack.
Example Likelihood
High Impact on Asset
None Impact on User
None Potential
The adversary can obtain information such as assignment parameters that can be used for exercising other attacks.
Reason Espionage
Requirement Confidentiality
Table 30: Record GetFeasibility requestresponse
9.5.7 GetStatus operation
Asset: sensor assignment task
Cause Man-In-The-Middle
Effect SPS will receive fraudulent GetStatus request.
Result User client will receive fictitious status on any assignment but the one requested.
Scope Adversary has to have application specific knowledge.
54 Copyright © 2009 Open Geospatial Consortium, Inc.
Example Likelihood
Medium Impact on Asset
None Impact on User
Affect on use of asset effective to the active client as the wrong status information might prevent actually requesting of the production data the status request was
tampered such that the taskID refers to a running task.
Potential NA
Reason Sabotage, as the user will receive the status for a different taskID.
Requirement Integrity on the request.
Table 31: Modify GetStatus request
Cause Man-In-The-Middle
Effect User client will receive fraudulent status information.
Result User will not know the status about his request.
Scope Adversary has to have application specific knowledge.
Example Likelihood
Medium Impact on Asset
None Impact on User
Direct affect on use of asset as the user will never receive a task completion notification and therefore never try to obtain the production data.
Potential NA
Reason Sabotage
Requirement Integrity on the response.
Table 32: Modify GetStatus response
Cause Adversary’s is able to execute SPS
Effect GetStatus operation of the SPS is invoked.
Result The adversary might receive status information about the task if the GetStatus
request contained a valid taskID.
Copyright © 2009 Open Geospatial Consortium, Inc. 55
Scope Adversary has to have application specific knowledge.
In addition, the attacker has to know a valid taskID. Example
Likelihood Low
Impact on Asset None
Impact on User None
Potential NA
Reason Espionage
Requirement Access Control to prevent unveiling of task status information to other entities than
the owner.
Table 33: Create GetStatus request
Cause Eavesdropping
Effect Adversary’s client will send recorded GetStatus requests to SPS.
Result SPS returns the status for the requested task to adversary’s client.
Scope No application specific knowledge required.
Example Likelihood
High Impact on Asset
None Impact on User
None Potential
NA Reason
Espionage It is important to note that the adversary can only obtain status information as long
as the task is active. Requirement
Unique request ID and time stamp as well as integrity
Table 34: Replay GetStatus request
Cause Eavesdropping
56 Copyright © 2009 Open Geospatial Consortium, Inc.
Effect NA
Result The adversary obtains information about taskID and status.
Scope No application specific knowledge required.
Example Likelihood
Medium Impact on Asset
None Impact on User
None Potential
The adversary can use the obtained taskIDs to update or even cancel the task. Reason
Sabotage Requirement
Confidentiality on the taskID in the request.
Table 35: Record GetStatus requestresponse
9.5.8 Update operation