Skip to content

ENOTTY/surver

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

47 Commits
c
c
 
 
html
html
 
 
ingest
ingest
 
 
python
python
 
 
.gitignore
.gitignore
 
 
README.mediawiki
README.mediawiki
 
 

Repository files navigation

Table of Contents

Problem statement

Suppose you wish to conduct a survey of users on a private network that has no access to the network on which you intend to perform analysis of the survey results.

How would you collect data while trying to preserve the properties necessary for a successful survey? For instance,

  • confidentiality - users can be confident their answers will be anonymized
  • integrity - you can be confident the answers will not be modified by an unauthorized user

Possible solution

Surver implements the following system:

In order to minimize duplicate entries, surver send a session cookie to the client. Surver also collects client's MAC address, IP address, and other metadata in order to fingerprint the client.

Survey data is collected via HTML forms, which is POSTed to the server.

Metadata and survey data is printed to standard out, which should be piped into a text file (or a line printer). Pushing the data into a text file that is accesible only by local users of the surver is intended to provide integrity against remote users.

This text file is later printed, scanned, and OCRed into the analysis network. Duplicate entries can be minimized on the "safe" analysis network as a pre-processing step.

Extensions

Obfuscate the survey data

Survey data could be obfuscated/encrypted to protect confidentiality in transit and in rest, as well as protect against changes to the text file made by local users.

surver could take a public key as input to use for encryption then print the base64 of the encrypted data. However, it's likely that a bad printer or a mis-read by the OCR software will corrupt the survey data.

Special thanks

TODOs

  • HTTPS
  • Server side munge of data
  • C
  • investigate obfuscative properties of gcc O0, O1, O2, O3, Os
  • OS compatibility
  • backend parser into CSV
  • block virtual macs
  • map transactions to computers for deduplication of submissions
    • unique cookie based on mac/ip/something
  • research other wyas browsers handle cookies
  • distribute LLVM interpreter + program in llvm bitcode -> more obfuscation
  • PKI to avoid instructor server spying
  • specify instructors on start
  • more complex mungers
  • checksumming / ecc
  • passing JSON objects by POST might make parsing easier

About

A simple Python HTTP server for conducting surveys.

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages