Impersonation (Dictionary Entry)

Owned by David Doret, created
Last updated: 13-19-2020
2 min read

Contexts

Computer Science, IAM, Information Security

Term

Impersonation

Alternative Forms

To impersonate Verb

Definitions

The switch of the security context of an entity to make it appear as another entity to the system or organizational process.

Impersonation may be authorized (e.g. authorized security context switching) or unauthorized (e.g. impersonation attack).

Depending on context, impersonation may designate the act of impersonating, the event of impersonation or the ability to impersonate.

In cryptography, a formal and more restrictive definition may be used considering only the event when an adversary is given all public but no secret keys and convince the server he is an authorized user (Crescenzo, 2008).

Related Terms

  • AAL3

  • Authentication

  • Authenticator Assurance Level 3

  • Impersonation Attack

  • Impersonation Resistance

  • Impersonation Token

  • Security Context

  • Verifier Impersonation

  • Verifier Impersonation Resistance

Quotes

There are two general categories of threats to the enrollment process: impersonation, and either compromise or malfeasance of the infrastructure provider.

(NIST SP 800-63A, 2020(2), p. 25)

As typically done in the literature on identification schemes, we study security against impersonation; that is, against an adversary that, given all public keys (but no secret key), tries to convince the server to be an authorized user.

(Crescenzo, 2008, p. 4-5)

impersonation

Ability of a process to run using a different security context than the one that owns the process.

Overview

Impersonation is a feature of operating systems and applications that allows them to respond to client requests. Typically, a server impersonates a client to allow the client to access resources on the server. For example, Internet Information Services (IIS) uses impersonation to provide a secure context for responding to anonymous requests from clients.

An impersonation token is an access token that contains the security information of a client process and allows the server to impersonate the client to access resources.

See Also: authentication

(Tulloch, 2003, p. 141)

Bibliography

See Also

Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.

This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.