Designing a secure e-tender submission protocol |
| |
| Authors: | Rong Du Ernest Foo Colin Boyd |
| |
| Affiliation: | (1) Information Security Institute, Faculty of Information Technology, Queensland University of Technology, Gardens Point Campus, P.O. Box 2434, Brisbane, QLD 4001, Australia |
| |
| Abstract: | This paper investigates the fundamental difference between a simple e-tender box and a traditional physical tender box, and highlights a series of security traps created by the functional differences. Based on our findings, we have defined the security requirements for an e-tender submission protocol. We also discuss functional limitations of cryptographic technologies. As a result, two secure e-tender submission protocols are proposed which enable a secure e-tender submission. Protocols are assumed to run under the condition that all tendering parties (principal and tenderers) are dishonest players. Our informal and formal security analysis show that these protocols meet their security goals under well known collusion scenarios. Because security is a process not a product, our approach will have broad industry application for developing secure electronic business processes in areas other than e-tendering. |
| |
| Keywords: | E-tendering Procurement Security Security analysis Cryptography SHVT |
| 本文献已被 SpringerLink 等数据库收录! |
|
