Data security in ODK

Hi All,

I'm a research scientist at Children's Hospital Boston and am working
with a group to develop mobile device-based neuropsychological
assessment tools for use in Africa. Initially the data will be input
through forms - ODK looks like it provides all of the basic pieces
that we need. Because the data we collect is considered sensitive,
we're governed by strict security standards through both Harvard
Medical School and the various teaching hospitals that are involved.
Basically, this means that all data saved on the device has to be
encrypted, and uploading data to a server must use SSL or some other
secure transfer method.

My question is simply whether there are mechanisms in the ODK that
would allow encryption of the data? If not, how difficult / long would
it take to implement (by us or one of your developers)? If this isn't
on the near horizon, any suggestions about appropriate toolkits would
be welcome.

Thanks,

Bill Bosl

··· =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ William J. Bosl, Ph.D. Instructor in Pediatrics, Harvard Medical School Research Scientist, Children's Hospital Informatics Program at Harvard-MIT Health Sciences and Technology (CHIP@HST)

Email: william.bosl@childrens.harvard.edu
Office: 617-919-2517
Cell: 209-518-3219
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~

These are not yet in ODK Collect but would be easy and quick for a competent
Java developer to add, if you can provide that developer, that would be
wonderful.

(1) The Android OS includes the javax.crypto libraries that encrypt/decrypt
data as they are written/read from the sdcard.

(2) Transmission to the server using https: is also feasible -- Android uses
the org.apache.http.conn.ssl libraries, which are the standard HTTPS
libraries in the industry.

(3) The upcoming Aggregate 1.0 release will support authentication and
authorization mechanisms to ensure that submissions are by authorized users
and that access to the form submissions is restricted (aiming for end of
September or early October, with some platform availability and feature
limitations for the authentication pieces).

(4) An upcoming Collect will have the changes needed to support the
authentication mechanism (aiming for October).

Mitch

··· On Fri, Sep 17, 2010 at 12:05 PM, Bill wrote:

Hi All,

I'm a research scientist at Children's Hospital Boston and am working
with a group to develop mobile device-based neuropsychological
assessment tools for use in Africa. Initially the data will be input
through forms - ODK looks like it provides all of the basic pieces
that we need. Because the data we collect is considered sensitive,
we're governed by strict security standards through both Harvard
Medical School and the various teaching hospitals that are involved.
Basically, this means that all data saved on the device has to be
encrypted, and uploading data to a server must use SSL or some other
secure transfer method.

My question is simply whether there are mechanisms in the ODK that
would allow encryption of the data? If not, how difficult / long would
it take to implement (by us or one of your developers)? If this isn't
on the near horizon, any suggestions about appropriate toolkits would
be welcome.

Thanks,

Bill Bosl

=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
William J. Bosl, Ph.D.
Instructor in Pediatrics, Harvard Medical School
Research Scientist, Children's Hospital Informatics Program
at Harvard-MIT Health Sciences and Technology (CHIP@HST)

Email: william.bosl@childrens.harvard.edu
Office: 617-919-2517
Cell: 209-518-3219
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.comopendatakit%2Bunsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Mitch Sundt
Software Engineer


University of Washington
mitchellsundt@gmail.com

This is an important step, and one that the HRC research group would
certainly make use of. We don't have time to work on the development right
now, but it's on the wish list and I am hoping to get into this after the
new year.

☞§※⌘:airplane::open_umbrella:
~Neil

··· On Fri, Sep 17, 2010 at 7:55 PM, Mitch Sundt wrote:

These are not yet in ODK Collect but would be easy and quick for a
competent Java developer to add, if you can provide that developer, that
would be wonderful.

(1) The Android OS includes the javax.crypto libraries that encrypt/decrypt
data as they are written/read from the sdcard.

(2) Transmission to the server using https: is also feasible -- Android
uses the org.apache.http.conn.ssl libraries, which are the standard HTTPS
libraries in the industry.

(3) The upcoming Aggregate 1.0 release will support authentication and
authorization mechanisms to ensure that submissions are by authorized users
and that access to the form submissions is restricted (aiming for end of
September or early October, with some platform availability and feature
limitations for the authentication pieces).

(4) An upcoming Collect will have the changes needed to support the
authentication mechanism (aiming for October).

Mitch

On Fri, Sep 17, 2010 at 12:05 PM, Bill <william.bosl@childrens.harvard.edu wrote:

Hi All,

I'm a research scientist at Children's Hospital Boston and am working
with a group to develop mobile device-based neuropsychological
assessment tools for use in Africa. Initially the data will be input
through forms - ODK looks like it provides all of the basic pieces
that we need. Because the data we collect is considered sensitive,
we're governed by strict security standards through both Harvard
Medical School and the various teaching hospitals that are involved.
Basically, this means that all data saved on the device has to be
encrypted, and uploading data to a server must use SSL or some other
secure transfer method.

My question is simply whether there are mechanisms in the ODK that
would allow encryption of the data? If not, how difficult / long would
it take to implement (by us or one of your developers)? If this isn't
on the near horizon, any suggestions about appropriate toolkits would
be welcome.

Thanks,

Bill Bosl

=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
William J. Bosl, Ph.D.
Instructor in Pediatrics, Harvard Medical School
Research Scientist, Children's Hospital Informatics Program
at Harvard-MIT Health Sciences and Technology (CHIP@HST)

Email: william.bosl@childrens.harvard.edu
Office: 617-919-2517
Cell: 209-518-3219
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.comopendatakit%2Bunsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Mitch Sundt
Software Engineer
http://www.OpenDataKit.org
University of Washington
mitchellsundt@gmail.com

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.comopendatakit%2Bunsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

at eMOCHA what we did is to move the data from the sdcard to an
internal SQLite database, which is not easily accessible from outside
(db created by an application can't be read from outside, unless you
have root permissions). That requires some modifications in ODK's code
(e.g: we deal with xml strings and not with files), and it's working
fine right now for ODK 1.1.4... although I'm still struggling with
some minor details..

the project is still in a development phase, but we also plan to
encrypt the data in the SQLite db. I thought on using these libraries:
http://www.zetetic.net/code/sqlcipher

but I still have to take a look at it. potential issues are the size
of the database (depending on the device, the internal storage space
is not very big) and might affect to the application's performance as
well.

data is sent to a backend using https connection without any problem.

pau.

··· 2010/9/19 Neil Hendrick : > This is an important step, and one that the HRC research group would > certainly make use of. We don't have time to work on the development right > now, but it's on the wish list and I am hoping to get into this after the > new year. > ☞§※⌘✈☂ > ~Neil > > > > On Fri, Sep 17, 2010 at 7:55 PM, Mitch Sundt wrote: >> >> These are not yet in ODK Collect but would be easy and quick for a >> competent Java developer to add, if you can provide that developer, that >> would be wonderful. >> >> (1) The Android OS includes the javax.crypto libraries that >> encrypt/decrypt data as they are written/read from the sdcard. >> >> (2) Transmission to the server using https: is also feasible -- Android >> uses the org.apache.http.conn.ssl libraries, which are the standard HTTPS >> libraries in the industry. >> >> (3) The upcoming Aggregate 1.0 release will support authentication and >> authorization mechanisms to ensure that submissions are by authorized users >> and that access to the form submissions is restricted (aiming for end of >> September or early October, with some platform availability and feature >> limitations for the authentication pieces). >> >> (4) An upcoming Collect will have the changes needed to support the >> authentication mechanism (aiming for October). >> >> Mitch >> >> On Fri, Sep 17, 2010 at 12:05 PM, Bill wrote: >>> >>> Hi All, >>> >>> I'm a research scientist at Children's Hospital Boston and am working >>> with a group to develop mobile device-based neuropsychological >>> assessment tools for use in Africa. Initially the data will be input >>> through forms - ODK looks like it provides all of the basic pieces >>> that we need. Because the data we collect is considered sensitive, >>> we're governed by strict security standards through both Harvard >>> Medical School and the various teaching hospitals that are involved. >>> Basically, this means that all data saved on the device has to be >>> encrypted, and uploading data to a server must use SSL or some other >>> secure transfer method. >>> >>> My question is simply whether there are mechanisms in the ODK that >>> would allow encryption of the data? If not, how difficult / long would >>> it take to implement (by us or one of your developers)? If this isn't >>> on the near horizon, any suggestions about appropriate toolkits would >>> be welcome. >>> >>> Thanks, >>> >>> Bill Bosl >>> >>> =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ >>> William J. Bosl, Ph.D. >>> Instructor in Pediatrics, Harvard Medical School >>> Research Scientist, Children's Hospital Informatics Program >>> at Harvard-MIT Health Sciences and Technology (CHIP@HST) >>> >>> Email: william.bosl@childrens.harvard.edu >>> Office: 617-919-2517 >>> Cell: 209-518-3219 >>> =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ >>> >>> -- >>> Post: opendatakit@googlegroups.com >>> Unsubscribe: opendatakit+unsubscribe@googlegroups.com >>> Options: http://groups.google.com/group/opendatakit?hl=en >> >> >> >> -- >> Mitch Sundt >> Software Engineer >> http://www.OpenDataKit.org >> University of Washington >> mitchellsundt@gmail.com >> >> -- >> Post: opendatakit@googlegroups.com >> Unsubscribe: opendatakit+unsubscribe@googlegroups.com >> Options: http://groups.google.com/group/opendatakit?hl=en > > -- > Post: opendatakit@googlegroups.com > Unsubscribe: opendatakit+unsubscribe@googlegroups.com > Options: http://groups.google.com/group/opendatakit?hl=en >

clayton also has a fully encrypted solution for commcare on android.
commcare builds on odk and those who want security today can ping clayton
for more info. carl and i were planning to look at his codebase soonish and
see what we can move into the core.

··· On Tue, Sep 21, 2010 at 08:59, Pau Varela wrote:

at eMOCHA what we did is to move the data from the sdcard to an
internal SQLite database, which is not easily accessible from outside
(db created by an application can't be read from outside, unless you
have root permissions). That requires some modifications in ODK's code
(e.g: we deal with xml strings and not with files), and it's working
fine right now for ODK 1.1.4... although I'm still struggling with
some minor details..

the project is still in a development phase, but we also plan to
encrypt the data in the SQLite db. I thought on using these libraries:
http://www.zetetic.net/code/sqlcipher

but I still have to take a look at it. potential issues are the size
of the database (depending on the device, the internal storage space
is not very big) and might affect to the application's performance as
well.

data is sent to a backend using https connection without any problem.

pau.

2010/9/19 Neil Hendrick mojotexas@gmail.com:

This is an important step, and one that the HRC research group would
certainly make use of. We don't have time to work on the development
right
now, but it's on the wish list and I am hoping to get into this after the
new year.
☞§※⌘:airplane::open_umbrella:
~Neil

On Fri, Sep 17, 2010 at 7:55 PM, Mitch Sundt msundt@cs.washington.edu wrote:

These are not yet in ODK Collect but would be easy and quick for a
competent Java developer to add, if you can provide that developer, that
would be wonderful.

(1) The Android OS includes the javax.crypto libraries that
encrypt/decrypt data as they are written/read from the sdcard.

(2) Transmission to the server using https: is also feasible -- Android
uses the org.apache.http.conn.ssl libraries, which are the standard
HTTPS

libraries in the industry.

(3) The upcoming Aggregate 1.0 release will support authentication and
authorization mechanisms to ensure that submissions are by authorized
users

and that access to the form submissions is restricted (aiming for end of
September or early October, with some platform availability and feature
limitations for the authentication pieces).

(4) An upcoming Collect will have the changes needed to support the
authentication mechanism (aiming for October).

Mitch

On Fri, Sep 17, 2010 at 12:05 PM, Bill william.bosl@childrens.harvard.edu wrote:

Hi All,

I'm a research scientist at Children's Hospital Boston and am working
with a group to develop mobile device-based neuropsychological
assessment tools for use in Africa. Initially the data will be input
through forms - ODK looks like it provides all of the basic pieces
that we need. Because the data we collect is considered sensitive,
we're governed by strict security standards through both Harvard
Medical School and the various teaching hospitals that are involved.
Basically, this means that all data saved on the device has to be
encrypted, and uploading data to a server must use SSL or some other
secure transfer method.

My question is simply whether there are mechanisms in the ODK that
would allow encryption of the data? If not, how difficult / long would
it take to implement (by us or one of your developers)? If this isn't
on the near horizon, any suggestions about appropriate toolkits would
be welcome.

Thanks,

Bill Bosl

=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
William J. Bosl, Ph.D.
Instructor in Pediatrics, Harvard Medical School
Research Scientist, Children's Hospital Informatics Program
at Harvard-MIT Health Sciences and Technology (CHIP@HST)

Email: william.bosl@childrens.harvard.edu
Office: 617-919-2517
Cell: 209-518-3219
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.comopendatakit%2Bunsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Mitch Sundt
Software Engineer
http://www.OpenDataKit.org
University of Washington
mitchellsundt@gmail.com

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.comopendatakit%2Bunsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.comopendatakit%2Bunsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.comopendatakit%2Bunsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

Hey folks.

We implemented a full encryption scheme for our ODK based application which
uses symmetric key ciphers which are received from a central server and
secured by a PBE scheme on the phone. This lets us have fully secure data
storage on the phone secured by user credentials which can also be recovered
with the private secret on the server if need be.

On the ODK<->Commcare(our application) side, we implemented the full
Encrypted{FormData}-(cipher)>ODK-(cipher)>Encrypted{FormData} storage
element, but we manage our keys and our own column encrypted SQLite
database separately from ODK, since we only use its form entry engine.

The code for both schemes is available online if anyone's curious before it
makes it to ODK's public dev trunk.

-Clayton

··· On Tue, Sep 21, 2010 at 7:02 AM, Yaw Anokwa wrote:

clayton also has a fully encrypted solution for commcare on android.
commcare builds on odk and those who want security today can ping clayton
for more info. carl and i were planning to look at his codebase soonish and
see what we can move into the core.

On Tue, Sep 21, 2010 at 08:59, Pau Varela pau.varela@gmail.com wrote:

at eMOCHA what we did is to move the data from the sdcard to an
internal SQLite database, which is not easily accessible from outside
(db created by an application can't be read from outside, unless you
have root permissions). That requires some modifications in ODK's code
(e.g: we deal with xml strings and not with files), and it's working
fine right now for ODK 1.1.4... although I'm still struggling with
some minor details..

the project is still in a development phase, but we also plan to
encrypt the data in the SQLite db. I thought on using these libraries:
http://www.zetetic.net/code/sqlcipher

but I still have to take a look at it. potential issues are the size
of the database (depending on the device, the internal storage space
is not very big) and might affect to the application's performance as
well.

data is sent to a backend using https connection without any problem.

pau.

2010/9/19 Neil Hendrick mojotexas@gmail.com:

This is an important step, and one that the HRC research group would
certainly make use of. We don't have time to work on the development
right
now, but it's on the wish list and I am hoping to get into this after
the
new year.
☞§※⌘:airplane::open_umbrella:
~Neil

On Fri, Sep 17, 2010 at 7:55 PM, Mitch Sundt msundt@cs.washington.edu wrote:

These are not yet in ODK Collect but would be easy and quick for a
competent Java developer to add, if you can provide that developer,
that

would be wonderful.

(1) The Android OS includes the javax.crypto libraries that
encrypt/decrypt data as they are written/read from the sdcard.

(2) Transmission to the server using https: is also feasible -- Android
uses the org.apache.http.conn.ssl libraries, which are the standard
HTTPS

libraries in the industry.

(3) The upcoming Aggregate 1.0 release will support authentication and
authorization mechanisms to ensure that submissions are by authorized
users

and that access to the form submissions is restricted (aiming for end
of

September or early October, with some platform availability and feature
limitations for the authentication pieces).

(4) An upcoming Collect will have the changes needed to support the
authentication mechanism (aiming for October).

Mitch

On Fri, Sep 17, 2010 at 12:05 PM, Bill william.bosl@childrens.harvard.edu wrote:

Hi All,

I'm a research scientist at Children's Hospital Boston and am working
with a group to develop mobile device-based neuropsychological
assessment tools for use in Africa. Initially the data will be input
through forms - ODK looks like it provides all of the basic pieces
that we need. Because the data we collect is considered sensitive,
we're governed by strict security standards through both Harvard
Medical School and the various teaching hospitals that are involved.
Basically, this means that all data saved on the device has to be
encrypted, and uploading data to a server must use SSL or some other
secure transfer method.

My question is simply whether there are mechanisms in the ODK that
would allow encryption of the data? If not, how difficult / long would
it take to implement (by us or one of your developers)? If this isn't
on the near horizon, any suggestions about appropriate toolkits would
be welcome.

Thanks,

Bill Bosl

=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
William J. Bosl, Ph.D.
Instructor in Pediatrics, Harvard Medical School
Research Scientist, Children's Hospital Informatics Program
at Harvard-MIT Health Sciences and Technology (CHIP@HST)

Email: william.bosl@childrens.harvard.edu
Office: 617-919-2517
Cell: 209-518-3219
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.comopendatakit%2Bunsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Mitch Sundt
Software Engineer
http://www.OpenDataKit.org
University of Washington
mitchellsundt@gmail.com

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.comopendatakit%2Bunsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.comopendatakit%2Bunsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.comopendatakit%2Bunsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.comopendatakit%2Bunsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en