We want to model an intruder as a process that can mimic any attack a real-world intruder can perform. Thus our intruder process shall be able to:
The intruder merely replaces communication channels linking principals involved in the protocol. He behaves in such a way that neither the receiver of a fake message, nor the sender of an intercepted message can notice the intrusion.
The LOTOS process that models the intruder manages a knowledge base. Each time the intruder catches a message, he tries to decrypt its encrypted parts. Then he stores each part of the message in separate sets of values. These sets constitute the intruder's knowledge base that increases each time a message is received. The intruder tries to collect as much information as he can with the intercepted messages. His behaviour is simple and repetitive. He does not deduce anything from his knowledge base. He just stores information for future use.
When one of the trusted principals is ready to receive a message, the intruder analyze his knowledge base to determine the messages he can create. He builds them with values stored in his sets. As he tries every combination of these values, the intruder tries to send every message he can create with his knowledge.
The intruder is parameterized with some initial knowledge which gives him a certain amount of power. Remember that all principals except the intruder are considered trusted. Thus as we want to cover cases where regular principals are untrusted, the intruder must be able to act as these principals. So his initial knowledge must comprise enough information to allow this behaviour. For instance, in a protocol where a user must register with a trusted authority. The intruder must be able to act as a valid user from the point of view of the trusted autority. But he must also be able to act as a valid trusted autority from the point of view of the user. This example will be explained in more details with the example of section 4.
The key point is the power given to the intruder. Security protocols are based on some assumptions provided by the mathematical background of cryptographic operations. As we want to be realistic, our intruder will not be powerful enough to break a cryptosystem. As LOTOS provides processes that trangress this rule, it would be easy to define an intruder that tries a brute force attack to guess a private key or a random number. The intruder's behaviour is thus deliberately limited in this respect.