Skip to main content
SpringerLink
Log in

Designing a secure e-tender submission protocol

  • Published:
Electronic Commerce Research Aims and scope Submit manuscript

Abstract

This paper investigates the fundamental difference between a simple e-tender box and a traditional physical tender box, and highlights a series of security traps created by the functional differences. Based on our findings, we have defined the security requirements for an e-tender submission protocol. We also discuss functional limitations of cryptographic technologies. As a result, two secure e-tender submission protocols are proposed which enable a secure e-tender submission. Protocols are assumed to run under the condition that all tendering parties (principal and tenderers) are dishonest players. Our informal and formal security analysis show that these protocols meet their security goals under well known collusion scenarios. Because security is a process not a product, our approach will have broad industry application for developing secure electronic business processes in areas other than e-tendering.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Hughes Aircraft Systems International v Airservices Australis (1997). 558 FCA (Technical Report). Federal Court of Australia, June 1997.

  2. Abe, M., & Suzuki, K. (2002). M+1-st price auction using homomorphic encryption. In Lecture notes in computer science : Vol. 2288. Public key cryptology 2002 (pp. 115–124). Berlin: Springer.

    Chapter  Google Scholar 

  3. Boneh, D., & Franklin, M. (2001). Identity-based encryption from the Weil pairing. In LNCS : Vol. 2139. Advances in cryptology—CRYPTO 2001: 21st annual international cryptology conference (pp. 213–229). Santa Barbara, California, USA, August 19–23, 2001. Berlin: Springer.

    Google Scholar 

  4. Boyd, C., & Kearney, P. (2000). Exploring fair exchange protocol using specification animation. In E. Okamoto, J. Pieprzyk, & J. Seberry (Eds.), LNCS : Vol. 1975. Information security—ISW 2000 (pp. 209–223). Berlin: Springer.

    Chapter  Google Scholar 

  5. Brandt, F. (2002). Secure and private auctions without auctioneers (Technical Report FKI-245-02). http://wwwbrauer.in.tum.de/~brandtf/studies.html.

  6. Brandt, F., & Sandholm, T. (2004). (Im)possibility of unconditionally privacy-preserving auctions. In Proceedings of the third international joint conference on autonomous agents and multiagent systems AAMAS’04. New York, July 19–23, 2004. New York: Assoc. Comput. Mach.

    Google Scholar 

  7. Buldas, A., & Laud, P. (1998). New linking schemes for digital time-stamping. In Information security and cryptology (pp. 3–13). Berlin: Springer.

    Google Scholar 

  8. Buldas, A., Laud, P., Lipmaa, H., & Villemson, J. (1998). Time-stamping with binary linking schemes. In H. Krawczyk (Ed.), Lecture notes in computer science : Vol. 1462. Advances on cryptology—CRYPTO’98 (pp. 486–501). Santa Barbara, USA, August 1998. Berlin: Springer.

    Google Scholar 

  9. Casassa, M., Harrison, K., & Sadler, M. (2003). The HP time vault service: exploiting IBE for timed release of confidential information. In Proceedings of the twelfth international conference on World Wide Web (pp. 160–169). Budapest, Hungary, May 2004. New York: Assoc. Comput. Mach.

    Google Scholar 

  10. Christensen, S., & Duncan, W. (2006). Maintaining the integrity of electronic tendering—reflections on the capacity of the Australian legal framework to meet this challenge. eLaw Journal, Murdoch University Electronic Journal of Law, 13(2), 8–36.

    Google Scholar 

  11. Cocks, C. (2001). An identity based encryption scheme based on quadratic residues. In Proceedings of the 8th IMA international conference on cryptography and coding (pp. 360–363). London, UK. Berlin: Springer.

    Google Scholar 

  12. Damgard, I. (1999). Commitment schemes and zero-knowledge protocols. In Lecture notes in computer science (Vol. 1561, pp. 63–86). Berlin: Springer.

    Google Scholar 

  13. Dawson, E., Christensen, S., Duncan, B., Foo, E., Du, R., Nieto, J. G., & Black, P. (2006). eTendering—security and legal issues (Technical Report). CRC Construction Innovation, www.construction-innovation.info

  14. Du, R., Foo, E., Boyd, C., & Choo, K.-K.R. (2006). Formal analysis of secure contracting protocol for e-tendering. In R. Safavi-Naini, C. Steketee, & W. Susilo (Eds.), CRPIT : Vol. 54. Fourth Australasian information security workshop (network security) (AISW 2006) (pp. 155–164). Hobart, Australia. Adelaide: Australian Computer Society.

    Google Scholar 

  15. Du, R., Foo, E., Boyd, C., & Fitzgerald, B. (2004). Defining security services for electronic tendering. In The Australasian information security workshop (AISW2004) (Vol. 32, pp. 43–52). Adelaide: Australian Computer Society.

    Google Scholar 

  16. Du, R., Foo, E., Boyd, C., & Fitzgerald, B. (2004). Secure communication protocol for preserving e-tendering integrity. In Fifth Asia-Pacific industrial engineering and management systems conference (APIEMS’2004) (Vol. 14, pp. 16.1–16.15). Brisbane: Asian Pacific Industrial Engineering and Management Society.

    Google Scholar 

  17. Du, R., Foo, E., Nieto, J. G., & Boyd, C. (2005). Designing secure e-tendering systems. In S. Katsikas, J. Lopez, & G. Pernul (Eds.), LNCS : Vol. 3592. TrustBus 2005 (pp. 70–79). Berlin: Springer.

    Google Scholar 

  18. Gennaro, R., Jarecki, S., Krawczyk, H., & Rabin, T. (1999). Secure distributed key generation for discrete-log based cryptosystems. In LNCS : Vol. 1592. Advances in cryptology—Eurocrypt’99 (pp. 295–310). Berlin: Springer.

    Google Scholar 

  19. Gürgens, S., & Rudolph, C. (2002). Security analysis of (un-) fair non-repudiation protocols. In P. Ryan, A. E. Abdallah, & S. Schneider (Eds.), LNCS : Vol. 2629. Formal aspects of security 2002-BCS FASec 2002 (pp. 97–114). Berlin: Springer.

    Google Scholar 

  20. Haber, S., & Stornetta, W. S. (1991). How to time-stamp a digital document. Journal of Cryptology, 3(2), 99–111.

    Article  Google Scholar 

  21. Harkavy, M., Tygar, J.D., & Kikuchi, H. (1998). Electronic auctions with private bids. In 3rd Usenix workshop on electronic commerce (pp. 61–83).

  22. Kikuchi, H., Hotta, S., Abe, K., & Nakanishi, S. (2000). Distributed auction servers resolving winner and winning bid without revealing privacy of bids. In Proc. of international workshop on next generation internet (NGITA2000) (pp. 307–312). New York: IEEE Press.

    Google Scholar 

  23. Lopez, N., Nunez, M., Rodriguez, I., & Rubio, F. (2004). Improving privacy in Vickrey auctions. SIGecom Exchanges, 5(1), 1–12.

    Article  Google Scholar 

  24. Massias, H., Serret, X., & Quisquater, J.-J. (1999). Main issues on their use and implementation. In Infrastructure for collaborative enterprises—Fourth international workshop on enterprise security (pp. 178–183). IEEE 8th International Workshops on Enabling Technologies. New York: IEEE Press. ISBN 0-7695-0365-9.

    Google Scholar 

  25. Ochsenschläger, P., Repp, J., Rieke, R., & Nitsche, U. (1999). The SH-verification tool-abstraction-based verification of co-operating systems. Formal Aspects of Computing, 11, 1–24.

    Article  Google Scholar 

  26. Pedersen, T. (1991). A threshold cryptosystem without a trusted party (extended abstract). In D. W. Davies (Ed.), LNCS : Vol. 547. Advances in cryptology—EUROCRYPT’91 (pp. 522–526). Berlin: Springer.

    Google Scholar 

  27. Rodriguez, I., & Lopez, N. (2005). Implementing private Vickrey auctions. In SAC’05: Proceedings of the 2005 ACM symposium on applied computing (pp. 796–800). New York, NY, USA. New York: Assoc. Comput. Mach.

    Chapter  Google Scholar 

  28. Sako, S. (2000). An auction scheme which hides the bids of losers. In Lecture notes in computer science : Vol. 1880. Public key cryptology 2000 (pp. 422–432). Berlin: Springer.

    Google Scholar 

  29. Shamir, A. (1979). How to share a secret. Communications of ACM, 22(11), 612–613.

    Article  Google Scholar 

  30. Shamir, A. (1985). Identity-based cryptosystems and signature schemes. In Proceedings of CRYPTO 84 on advances in cryptology (pp. 47–53). New York: Springer.

    Google Scholar 

  31. Thorpe, C. P., & Bailey, J. C. L. (1996). Commercial contracts, a practical guide to deals, contracts, agreements and promises. Cambridge: Woodhead.

    Google Scholar 

  32. Une, M. (2001). The security evaluation of time stamping schemes: The present situation and studies. In IMES institute for monetary and economic studies, No. 2001-E-18 in IMES Discussion Paper Series. Bank of Japan, C.P.O. BOX 203 Tokyo 100-8630 Japan.

  33. Une, M., & Matsumoto, T. (2002). A framework to evaluate security and cost of time stamping schemes. IEICE Transactions on Fundamentals, E85-A, 125–139.

    Google Scholar 

  34. Zhou, J., & Gollmann, D. (1996). A fair non-repudiation protocol. In Proceedings of the IEEE symposium on research in security and privacy (pp. 55–61). Oakland, CA. Los Alamitos: IEEE Comput. Soc..

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Institute, Faculty of Information Technology, Queensland University of Technology, Gardens Point Campus, P.O. Box 2434, Brisbane, QLD 4001, Australia

    Rong Du, Ernest Foo & Colin Boyd

Authors
  1. Rong Du
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ernest Foo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Colin Boyd
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ernest Foo.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Du, R., Foo, E. & Boyd, C. Designing a secure e-tender submission protocol. Electron Commerce Res 8, 115–142 (2008). https://doi.org/10.1007/s10660-008-9017-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10660-008-9017-x

Keywords

Search

Navigation