Data Security

Since data is transfered to our server located in Michigan, a wide array of security measures are in force:

  • The complete interaction with the server is secured with HTTPS.
  • Input data is deleted from our servers as soon it is not needed anymore.
  • We only store the number of samples and markers analyzed, we don't ever "look" at your data in anyway.
  • All results are encrypted with a strong one-time password - thus, only you can read them.
  • After imputation is finished, the data uploader has 7 days to use an encrypted connection to get results back.
  • The complete source code is available in a public Github repository.

Who has access?

To upload and download data, users must register with a unique e-mail address and strong password. Each user can only download imputation results for samples that they have themselves uploaded; no other imputation server users will be able to access your data.

What security or firewalls protect access?

A wide array of security measures are in force on the imputation servers:

  • SSH login to the servers is restricted to only systems administrators.
  • Direct root login via SSH is not allowed from the public Internet.
  • The public-facing side of the servers sits behind the School of Public Health's Checkpoint virtual firewall instance where a default-deny policy is used on inbound traffic; only explicitly allowed TCP ports are passed.
  • The School of Public Health also makes use of NIDS technologies such as Snort and Peakflow on its network links for traffic analysis and threat detection.
  • On imputation server itself, updates are run regularly by systems administrators who follow several zero-day computer security announcement lists; the OSSEC HIDS is used for log analysis and anomaly detection; and Denyhosts is used to thwart brute-force SSH login attacks.

What encryption of the data is used while the data are present?

Imputation results are encrypted with a one-time password generated by the system. The password consists of lower characters, upper characters, special characters and numbers with max. 3 duplicates.