Home
Conducting large online studies that target a wide variety of devices and capture sensitive information in a secure manner poses significant challenges. While the recent deluge of portable, Internet-connected devices (e.g., smartphones and tablets) has opened new opportunities for reaching study participants, these devices also introduce serious risks and other impedances such as potential data loss, sporadic Internet connectivity, and theft. To facilitate the requirements of the user community, we sought to address the mobile, open-source and secure hosting use case.
Survana has been designed from the ground up to be a secure, scalable, cross-platform solution, with a distributed and modular architecture. Users are able to create, share, and manage surveys via a modern HTML5 dashboard. Surveys are published to one or more Survana web-servers, which make use of the jQuery Mobile framework to ensure a consistent user experience across all devices. Survana mitigates the risk of survey delivery on untrusted clients by using public key cryptography and assigning each client a random key from a per-survey pool of 1024-bit RSA key pairs that are used to encrypt data locally on the client.
With each page of the questionnaire, the client generates a random 32 character password used to encrypt responses with 256-bit AES symmetric encryption. The password itself is then encrypted using the previously assigned RSA key. The encrypted payload is stored on the device in HTML5 local storage and the participant is allowed to continue with subsequent questionnaires while responses are sent to a Survana database over an SSL-encrypted channel. If the server is unavailable, the responses will remain encrypted on the client until connectivity is restored. Each questionnaire can be configured to send responses to a different database server - a feature which may be useful under IRB restrictions whereby confidential information must be kept in separate locations. Only entities holding the survey’s private RSA keys can retrieve and decrypt data in order to gain access to a participant’s responses.
Survana is licensed under the New BSD License and is hosted on GitHub at https://github.com/vpetrov/survana.