Bridging and Fingerprinting: Epistemic Attacks on Route Selection
Users building routes through an anonymization network must discover the nodes comprising the network. Yet, it is potentially costly, or even infeasible, for everyone to know the entire network. The paper introduces a novel attack, the route bridging attack, which makes use of what route creators do not know of the network. The paper also presents new discussion and results concerning route fingerprinting attacks, which make use of what route creators do know of the network. The paper proves analytic bounds for both route fingerprinting and route bridging and describe the impact of these attacks on published anonymity-network designs. The paper also discusses implications for network scaling and client-server vs. peer-to-peer systems.