Designing Secure E-Tendering Systems

  • Rong Du
  • Ernest Foo
  • Juan González Nieto
  • Colin Boyd
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3592)

Abstract

Security requirements for e-tendering systems have not been closely scrutinised in the literature. This paper identifies key issues to be addressed in the design of secure e-tendering systems. In particular, the issues of secure timing and record keeping are raised. This paper also classifies existing e-tendering system designs by presenting common e-tendering architectures. A new e-tendering architecture, using distributed trusted third parties is proposed which may be suitable for secure large scale operations.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    UN/CEFACT-tbg6: Electronic Tendering International Standardization - Business Requirement Specification. Technical Report ETP020 6.0, UN/CEFACT (2005), http://www.etendering-tbg6.net/doc_specification_01.html
  2. 2.
    Carter, C., Hassan, T., Mangini, M., Valikangas, P., Ott, E.: User Requirements for Legal Support. Technical Report IST-1999-20570, Information Society Technology-European Community (2001), http://cic.vtt.fi/projects/elegal/public.html
  3. 3.
    Du, R., Foo, E., Boyd, C., Fitzgerald, B.: Defining security services for electronic tendering. In: The Australasian Information Security Workshop (AISW 2004), vol. 32, pp. 43–52. Australian Computer Society Inc. and ACM (2004)Google Scholar
  4. 4.
    Du, R., Foo, E., Boyd, C., Fitzgerald, B.: Secure communication protocol for preserving e-tendering integrity. In: Fifth Asia-Pacific Industrial Engineering and Management Systems Conference (APIEMS 2004), vol. 14, pp. 16.1–16.15, Asian Pacific Industrial Engineering and Management Society (2004)Google Scholar
  5. 5.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory IT-22, 644–654 (1976)CrossRefMathSciNetGoogle Scholar
  6. 6.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31(4), 469–472 (1985)MATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21, 120–126 (1978)MATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Haber, S., Stornetta, W.S.: How to time-stamp a digital document. Journal of Cryptology 3(2), 99–111 (1991)CrossRefGoogle Scholar
  9. 9.
    Buldas, A., Laud, P., Lipmaa, H., Villemson, J.: Time-stamping with binary linking schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 486–501. Springer, Heidelberg (1998)Google Scholar
  10. 10.
    The Internet Engineering Task Force: Internet x.509 public key infrastructure time stamp protocols (tsp) (rfc 3161) (2001), http://www.ietf.org/rfc/rfc3161.txt
  11. 11.
    The Internet Engineering Task Force: Electronic signature formats for long term electronic signatures (rfc 3126) (2001), http://www.ietf.org/rfc/rfc3126.txt
  12. 12.
    The Internet Engineering Task Force: Network time protocol (version 3) (rfc 1305) (1992), http://www.ietf.org/rfc/rfc1305.txt
  13. 13.
    Casassa, M., Harrison, K., Sadler, M.: The HP time vault service: exploiting IBE for timed release of confidential information. In: Proceedings of the twelfth international conference on World Wide Web, Budapest, Hungary, pp. 160–169. ACM, New York (2003)Google Scholar
  14. 14.
    Commission of the European Communities ITSEC: Information technology security evaluation criteria version 1.2. (1991), http://www.ssi.gouv.fr/en/confidence/methodology.html
  15. 15.
    International Standards Organisation, International Electrotechnical Commission: Standard iso/iec 15408: Evaluation criteria for information technology (1999), http://www.iso-standards-international.com/iso-5725-kit70.htm

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Rong Du
    • 1
  • Ernest Foo
    • 1
  • Juan González Nieto
    • 1
  • Colin Boyd
    • 1
  1. 1.Information Security Institute (ISI) 

Personalised recommendations