Impersonation

Threats

Entering a communications system requires the input of a user ID and password on the PC (authentication). If this dialog introduction is monitored then the ensuing data encryption is of little avail against misuse. Using the password the hacker can appear as an authorized user. This is known as Impersonation or "Man-in-the-Middle " it is basically simulating a false identity. Even computers can mask themselves against each other.

From the beginning of data transmission and during the entire course of the transmission it is necessary to verfiy that the individual data packets really originate from the designated sender and have not been modified en-route.
Knowledge of user ID and password must be supplemented with possession of an identification medium to ensure the authenticity. The identification medium could be a token or ideally a personal chipcard. Security is enhanced because the Personal Identification Number is supplemented by possession of a smartcard.