Copyright © 2009 Open Geospatial Consortium, Inc. 65 Example Likelihood High Impact on Asset None Impact on User None Potential Important for exercising other attacks, requiring sensor metadata and information about observation offerings as input. Reason Future Espionage, Sabotage, DoS Requirement Allow execution of GetCapabilities for authenticated users only and protect response with confidentiality to prevent unveiling of the metadata. Table 49: Record GetCapabilites requestresponse

9.6.2 DescribeSensor operation

Asset: Sensor Cause Man-In-The-Middle Effect User client will receive fraudulent metadata about a sensor and observation offerings served by the SOS. Result User gets fraudulent sensor metadata. Scope Application specific knowledge required. Example Likelihood Low Impact on Asset None Impact on User Direct impact on further use of the asset effective to the active client as it is based on the tampered metadata. Reason Sabotage Requirement Integrity Table 50: Modify DescribeSensor respone Cause Adversary’s client is able to execute SOS 66 Copyright © 2009 Open Geospatial Consortium, Inc. Effect Client will receive metadata about a sensor which observation offerings are served by the SOS. Result Adversary can obtain metadata information relevant for other attacks. Scope Application specific knowledge required. Example Likelihood Low Impact on Asset None Impact on User None Reason Espionage Possible intent to sabotage as the information from the response is the baseline for other attacks. Requirement None Table 51: Create DescribeSensor request Cause Eavesdropping Effect Adversary’s client will send recorded DescribeSensor request to SOS. Result Adversary will receive sensor metadata. Scope No application specific knowledge required. Example Likelihood High Impact on Asset None Impact on User None Potential NA Reason Espionage Requirement None Table 52: Replay DescribeSensor request Cause Eavesdropping Copyright © 2009 Open Geospatial Consortium, Inc. 67 Effect NA Result Adversary will receive sensor metadata. Scope No application specific knowledge required. Example Likelihood High Impact on Asset None Impact on User None Potential The adversary can obtain detailed information on a sensor encoded in SensorML or TML that can be used for future attacks. Reason Espionage Requirement None Table 53: Record DescribeSensor requestresponse

9.6.3 GetObservation operation

Asset: Observation data Cause Man-In-The-Middle Effect SOS will receive fraudulent GetObservation request. Result User receives observation data that is not associated to the actual request, if the request was modified in such a way that the SOS can still match the request to existing observations. User will receive error in all other cases. Scope Application specific knowledge required. In particular, the adversary has to know a valid taskID to have the SOS return associated observation data. Example Likelihood Medium Impact on Asset None Impact on User Direct affect on asset effective to the active client. Potential NA Reason Sabotage 68 Copyright © 2009 Open Geospatial Consortium, Inc. Requirement Integrity Table 54: Modify GetObservation request Cause Man-In-The-Middle Effect User client will receive fraudulent GetObservation response. Result User gets observation data that is not associated to the request. Scope Application specific knowledge required. Example Likelihood Medium Impact on Asset None Impact on User Immediate affect on asset Potential NA Reason Sabotage Requirement Integrity Table 55: Modify GetObservation response Cause Eavesdropping Effect None Result Adversary obtains observation data. Scope No application specific knowledge required. Example Likelihood High Impact on Asset None Impact on User None Potential The adversary can obtain observation data of other entities. Reason Espionage Requirement Confidentiality Copyright © 2009 Open Geospatial Consortium, Inc. 69 Table 56: Record GetObservation response Cause Attacker’s client can execute the SOS Effect Adversary’s client will receive observation data about an observation offerings, served by the SOS. Result Adversary gets the observation offerings of the SOS. Scope Application specific knowledge is required. In particular the offering URI and the URI referencing the phenomena. Example Likelihood Low Impact on Asset None Impact on User None Potential The adversary can obtain observation data for a particular phenomenon. Reason Espionage Requirement Access Control to prevent unauthorized access to observation data. Table 57: Create GetObservation request Cause Eavesdropping and adversary’s client can execute SOS. Effect Adversary’s client will send recorded GetObservation request to SOS. Result Adversary’s client will receive observation from the SOS. Scope No application specific knowledge required. Example Likelihood High Impact on Asset None Impact on User None Potential NA Reason Espionage Requirement Unique request ID and time-stamp to detect replay. 70 Copyright © 2009 Open Geospatial Consortium, Inc. Table 58: Replay GetObservation request Cause Man-In-The-Middle Effect User client’s GetObservation request will be send to adversary’s SOS. Result User receives fraudulent observation data from adversary’s SOS. Scope Application specific knowledge is required as the adversary’s SOS has to response ―properly‖. Example Likelihood Medium Impact on Asset None Impact on User Direct affect on asset. Potential NA Reason Sabotage Requirement Authentication for SOS and Authenticity on the response so that the user client can determine that the result came from another service. Table 59: Redirect GetObservation request

9.6.4 RegisterSensor operation