Versions Compared

Old Version 9

changes.mady.by.user David Doret

Saved on

compared with

New Version Current

changes.mady.by.user David Doret

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Page Properties

Contexts

Computer Science, IAM, Information Security

Term

Impersonation

Alternative Forms

To impersonate

Status
titleVerb

Definitions

The event switch of the security context of an entity that switches identity to make it appear as another entity to the system or organizational process with the identity of another entity.

Impersonation may be authorized (e.g. authorized security context switching) or unauthorized (e.g. impersonation attack).

Depending on context, impersonation may designate the act of impersonating, the event of impersonation or the ability to impersonate.

In cryptography, a formal and more restrictive definition may be used considering only the event when an adversary is given all public but no secret keys and convince the server he is an authorized user (Crescenzo, 2008).

Related Terms

  • AAL3

  • Authentication

  • Authenticator Assurance Level 3

  • Impersonation Attack

  • Impersonation Resistance

  • Impersonation Token

  • Security Context

  • Verifier Impersonation

  • Verifier Impersonation Resistance

...

(NIST SP 800-63A, 2020(2), p. 25)

As typically done in the literature on identification schemes, we study security against impersonation; that is, against an adversary that, given all public keys (but no secret key), tries to convince the server to be an authorized user.

(Crescenzo, 2008, p. 4-5)

impersonation

Ability of a process to run using a different security context than the one that owns the process.

Overview

Impersonation is a feature of operating systems and applications that allows them to respond to client requests. Typically, a server impersonates a client to allow the client to access resources on the server. For example, Internet Information Services (IIS) uses impersonation to provide a secure context for responding to anonymous requests from clients.

An impersonation token is an access token that contains the security information of a client process and allows the server to impersonate the client to access resources.

See Also: authentication

...