Secure electronic tendering

Du, Rong (2007) Secure electronic tendering. PhD thesis, Queensland University of Technology.

Abstract

Tendering is a method for entering into a sales contract. Numerous electronic

tendering systems have been established with the intent of improving the efficiency

of the tendering process. Although providing adequate security services

is a desired feature in an e-tendering system, current e-tendering systems are

usually designed with little consideration of security and legal compliance.

This research focuses on designing secure protocols for e-tendering systems.

It involves developing methodologies for establishing security requirements, constructing

security protocols and using formal methods in protocol security verification.

The implication is that it may prove suitable for developing secure

protocols in other electronic business domains.

In depth investigations are conducted into a range of issues in relation to establishing

generic security requirements for e-tendering systems. The outcomes are

presented in a form of basic and advanced security requirements for e-tendering

process. This analysis shows that advanced security services are required to secure

e-tender negotiation integrity and the submission process.

Two generic issues discovered in the course of this research, functional difference

and functional limitations, are fundamental in constructing secure protocols

for tender negotiation and submission processes. Functional difference identification

derives advanced security requirements. Functional limitation assessment

defines how the logic of generic security mechanisms should be constructed. These

principles form a proactive analysis applied prior to the construction of security

protocols.

Security protocols have been successfully constructed using generic cryptographic

security mechanisms. These protocols are secure e-tender negotiation

integrity protocol suite, and secure e-tender submission protocols. Their security

has been verified progressively during the design. Verification results show that

protocols are secure against common threat scenarios. The primary contribution of this stage are the procedures developed for the complex e-business protocol

analysis using formal methods. The research shows that proactive analysis has

made this formal security verification possible and practical for complex protocols.

These primary outcomes have raised awareness of security issues in e-tendering.

The security solutions proposed in the protocol format are the first in e-tendering

with verifiable security against common threat scenarios, and which are also practical

for implementation. The procedures developed for securing the e-tendering

process are generic and can be applied to other business domains. The study

has made improvements in: establishing adequate security for a business process;

applying proactive analysis prior to secure protocol construction; and verifying

security of complex e-business protocols using tool aided formal methods.

Impact and interest:

Search Google Scholar™

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

Full-text downloads:

2,581 since deposited on 03 Dec 2008
142 in the past twelve months

Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.

ID Code: 16606
Item Type: QUT Thesis (PhD)
Supervisor: Foo, Ernest, Boyd, Colin, & Christensen, Sharon
Keywords: e-tendering, e-procurement, e-auction, e-commerce, e-business, business process, e-tender negotiation, e-tender submission, security, security requirements, secure protocol, security functions, integrity, confidentiality, threat, threat scenario, cryptology, cryptography, generic securitymechanism, cryptographic hash function, digital signature, commitment scheme, identity based encryption, formal method, shvt, model checking, threat modeling, verification elements, verification process
Divisions: Current > QUT Faculties and Divisions > Division of Research and Commercialisation
Past > Institutes > Information Security Institute
Department: Cross-Faculty Collaboration
Institution: Queensland University of Technology
Copyright Owner: Copyright Rong Du
Deposited On: 03 Dec 2008 04:06
Last Modified: 28 Oct 2011 19:50

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page