Server

COVID Alert is now retired: For more information, visit the Government of Canada COVID Alert home page.

The COVID Alert server is a software application that acts as a diagnosis server for the app. It handles generating one-time codes, claiming one-time codes, the submission and retrieval of diagnosis keys, and the collection and aggregation of app metrics. The server acts as the “connective tissue” that enables the app to work.

The product team responsible for the server also operates and maintains the cloud infrastructure that the service runs on.

Server technical overview

COVID Alert server is a Go application forked from the CovidShield server application which was developed by volunteers outside of the Canadian Digital Service. It acts as a diagnosis server for Apple/Google’s Exposure Notification framework and performs the following functions:

• generate one-time keys: creates a unique, random key that is given to a user with a positive COVID-19 diagnosis;
• claim one-time keys: users with a positive COVID-19 diagnosis submit the one-time key they were provided. This causes all other users that have been a close contact to be notified of a possible COVID-19 exposure;
• submit diagnosis keys: shares keys returned from the EN framework with the server;
• retrieve diagnosis keys: retrieves a list of all keys uploaded by other users.

The server resources are deployed on the Amazon Web Services (AWS) cloud platform and are managed with Terraform, which is a declarative way of managing infrastructure resources using code (Infrastructure-as-Code).

Related blog post: Keeping Canadians safe while protecting their privacy: COVID Alert app (AWS blog)

Source code repositories

The server code is managed in the following GitHub repositories:

• covid-alert-server Key submission and key retrieval server Go application;
• covid-alert-server-production-terraform Terraform used to manage the key submission and key retrieval server AWS infrastructure;
• covid-alert-metrics-terraform Terraform used to manage the Metrics API AWS infrastructure;
• covid-alert-metrics-etl Python modules used to aggregate the COVID Alert app’s metric payload data and generate the comma-separated values (CSV) files saved in the covid-alert-data repository.

Technology stack

Server

• Go
• Docker
• Google Protocol Buffers
• JavaScript
• Ruby
• AWS resources managed by Terraform:
  • Application Load Balancer
  • CloudFront
  • CloudWatch alarms, log groups and metrics
  • Elastic Container Service (Fargate) cluster
  • Relational Database Service (Aurora MySQL)
  • Route53
  • S3
  • Web Application Firewall

Metrics

• TypeScript
• Python
• Docker
• AWS resources managed by Terraform:
  • API Gateway;
  • CloudWatch alarms, log groups and metrics;
  • DynamoDB;
  • Elastic Container Service (Fargate) cluster;
  • Lambda;
  • Route53;
  • S3.

Security and privacy

Data security and privacy were paramount in the design and behaviour of the key server. As a result:

• no personally-identifiable information is ever stored;
• nothing other than an IP address is available to the server;
• no data is retained past 21 days; and
• all data is encrypted in transit and at rest using strong cryptographic algorithms and protocols.

To validate the server’s privacy and security stance, an assessment was performed by the following Government organizations:

• Canadian Digital Service (CDS);
• Cyber Security Division of the Treasury Board of Canada Secretariat (TBS); and
• Canadian Centre for Cyber Security (CCCS).

CCCS’s Security Assessment is available to read online.

The AWS tenant that hosts the server infrastructure was also assessed by Shared Services Canada (SSC) as being compliant with the 30-day GC Cloud Guardrails.

In addition to the GC security assessments, independent analysis and penetration testing was performed by the private sector, with all critical and high severity vulnerabilities being addressed.

To prevent data breaches during day-to-day operations, the server API endpoints use AWS Web Application Firewall (WAF) IP based allow-lists, AWS WAF rate limits, and managed rulesets to detect malicious traffic and inputs. All service logs are also captured and have alarms configured that detect unusual or unauthorized activity.

As a final measure, vulnerability scanning and security-focused static code analysis is performed by the Continuous Integration/Continuous Deployment (CI/CD) workflows for each code and configuration change made to the server code and infrastructure.

Metrics

A supporting service to the server is in-app metrics. This is anonymous usage data sent by the COVID Alert app. The metrics data is used to judge how effectively the app is working and is collected as follows:

1. The app sends metric data payloads to an AWS API Gateway endpoint called /save-metrics.
2. The API invokes a create metrics Lambda function to save the data payload to a DynamoDB table called raw_metrics. Items in this table only exist for 24 hours before being deleted (privacy requirement).
3. A DynamoDB event triggers an aggregate metrics Lambda function to process and load the new raw_metrics items into a DynamoDB table named aggregate_metrics. This will either result in a new item in aggregate_metrics or incrementing the metricCount field of an existing item.
4. Every evening, the covid-alert-metrics ETL code is run to generate CSV files from the aggregate_metrics table. These CSV files are then saved to the cds-snc/covid-alert-data repository.

You can learn more about the implementation of metrics on the app side.