Copyright © 2009 Open Geospatial Consortium, Inc. 53 Assuming that the user client will issue a GetFeasibilityRequest prior to submitting an assignment request for tasking of a complex sensor e.g. a satellite, the user client might never actually issue the Submit request, if the response of the feasibility request is permanently negative. Requirement Authentication for the SPS and Authenticity of the response so that the user client can determine that the response came from the attacker’s SPS. Table 29: Redirect GetFeasibility request Cause Eavesdropping Effect NA Result The adversary might obtain a large set of assignment parameters for sensor. The adversary is able to determine the kind of sensor and its operation based on the obtained information. Scope No application specific knowledge is required to exercise this attack. Example Likelihood High Impact on Asset None Impact on User None Potential The adversary can obtain information such as assignment parameters that can be used for exercising other attacks. Reason Espionage Requirement Confidentiality Table 30: Record GetFeasibility requestresponse

9.5.7 GetStatus operation

Asset: sensor assignment task Cause Man-In-The-Middle Effect SPS will receive fraudulent GetStatus request. Result User client will receive fictitious status on any assignment but the one requested. Scope Adversary has to have application specific knowledge. 54 Copyright © 2009 Open Geospatial Consortium, Inc. Example Likelihood Medium Impact on Asset None Impact on User Affect on use of asset effective to the active client as the wrong status information might prevent actually requesting of the production data the status request was tampered such that the taskID refers to a running task. Potential NA Reason Sabotage, as the user will receive the status for a different taskID. Requirement Integrity on the request. Table 31: Modify GetStatus request Cause Man-In-The-Middle Effect User client will receive fraudulent status information. Result User will not know the status about his request. Scope Adversary has to have application specific knowledge. Example Likelihood Medium Impact on Asset None Impact on User Direct affect on use of asset as the user will never receive a task completion notification and therefore never try to obtain the production data. Potential NA Reason Sabotage Requirement Integrity on the response. Table 32: Modify GetStatus response Cause Adversary’s is able to execute SPS Effect GetStatus operation of the SPS is invoked. Result The adversary might receive status information about the task if the GetStatus request contained a valid taskID. Copyright © 2009 Open Geospatial Consortium, Inc. 55 Scope Adversary has to have application specific knowledge. In addition, the attacker has to know a valid taskID. Example Likelihood Low Impact on Asset None Impact on User None Potential NA Reason Espionage Requirement Access Control to prevent unveiling of task status information to other entities than the owner. Table 33: Create GetStatus request Cause Eavesdropping Effect Adversary’s client will send recorded GetStatus requests to SPS. Result SPS returns the status for the requested task to adversary’s client. Scope No application specific knowledge required. Example Likelihood High Impact on Asset None Impact on User None Potential NA Reason Espionage It is important to note that the adversary can only obtain status information as long as the task is active. Requirement Unique request ID and time stamp as well as integrity Table 34: Replay GetStatus request Cause Eavesdropping 56 Copyright © 2009 Open Geospatial Consortium, Inc. Effect NA Result The adversary obtains information about taskID and status. Scope No application specific knowledge required. Example Likelihood Medium Impact on Asset None Impact on User None Potential The adversary can use the obtained taskIDs to update or even cancel the task. Reason Sabotage Requirement Confidentiality on the taskID in the request. Table 35: Record GetStatus requestresponse

9.5.8 Update operation