A novel mechanism for secure e-tendering in an open electronic network

It is considered a good practice when traditional paper-based business documents and processes are migrated to digital systems. As evident from the past 3-4 decades of digital revolution, using available or new digital technology has plenty of advantages in achieving business objectives. Electronic Tendering (e-tendering), is one such application through which calls, proposals, bids and reviews are exchanged between interested parties for securing a project that is published via a tender management system. Few e-tendering systems exist that automate all the processes. Although, techniques have been developed to provide the basic exchange of documents and messaging service, very little research and application has been done in the area of authentication, secure exchange of data, and storage of tender applications in multi-user environments. Our work focuses on developing a holistic solution for meeting the security requirements of e-tendering system. We first investigate the main drawbacks of using SSL for such applications, and also highlight the threats, attacks and implementation issues encountered in implementing systems without SSL. In this paper we propose a novel mechanism to overcome the drawbacks, focusing on the e-tendering steps related to authentication, submission of bid proposal, data transmission and key exchange between trusted parties, and secure data storage. In each of these steps, we identify the possible attacks and propose novel ways to apply techniques so that the security needs are met. We believe that our application of techniques, use of key exchange in e-tendering, and other algorithms provides a practical mechanism for secure e-tendering in open electronic networks. The prototype we have developed shows that our framework is very usable, and could easily be adapted as a secure e-trading system in practice.