ijetae_0713_35
TRANSCRIPT
![Page 1: IJETAE_0713_35](https://reader031.vdocument.in/reader031/viewer/2022021318/577cd2291a28ab9e789535e5/html5/thumbnails/1.jpg)
8/13/2019 IJETAE_0713_35
http://slidepdf.com/reader/full/ijetae071335 1/6
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 3, Issue 7, July 2013)
217
E-Tendering With Public Key Infrastructure – A Survey BasedImplementation
Mubina S Malik 1
1 Lecturer, CMPICA, CHARUSAT, Changa, Gujarat
Abstract - In current era, Security is always prime thing to
achieve in almost all aspects of business and organizations.
Most of the businesses are tending towards remote
transactions with the aid of web based computer systems. For
the remotely controlled business, e-Tendering becomes most
efficient and prominent approach. This process involves a
seller, a buyer and a mediator web based computer system. To
achieve this we must have a secure environment to maintain
integrity of data and the confidentiality of the concernbusiness. To achieve high security measures in e-Tendering,
Public Key Infrastructure is implemented for the robust
security. PKI is the process to provide secure web based
environment guarantees the reliability of the overall system.
PKI uses asymmetric encryption/decryption technique to offer
high shielded environment. This paper discusses this fact with
integration of e-Tendering with Public Key Infrastructure.
Keyword - E-Tendering, Buyer, Bidder/Supplier, PKI,
Encryption / Decryption, Public Key/Private Key,
Authentication.
I. I NTRODUCTION
A. E-Tendering
E-Tendering is done in electronic way B2B (or B2C or
B2G) sale and purchase of goods and services. The
medium used might be the Internet or any other media like
EDI (Electronic Data Interchange) and Enterprise
Integrations (formerly known as EAI). E-Tendering is
exchanging tender electronically. E-tendering will reduce
the burden for tender that will manage traditionally and
improve the efficiency and time taken to complete a
purchasing. E-Tendering Portal is a website specially set up
for exchange information, Tender document electronically
on internet. In E-Tendering the key role is Buyer and
Bidder. Buyer is a person who creates, manage and
transmit contract announcement electronically. Bidder is a person who will bid the tender for proposal.
B. Why Security in E-Tendering?
Similar to other electronic commerce systems like e-
payments, e-auctions etc., and an e-tendering is required to
address generic security requirements like confidentiality,
integrity, authentication and non-repudiation.
As tendering is carried over insecure networks, the e-
tendering system should provide communication security
which protects information that is sent, between all
participants. This is generally achieved by using a strong
encryption. It is also essential that an e-tendering system
provides strong storage security, as submissions are stored
in database.
In (Head, 2003), John Barnard refers to discrepancy inusage of e-tendering scheme. He observed that, although
more than 75% of tenders are electronically advertised, less
than 40% provide electronic documentation required by the
tender process and less than 20% make electronic tender
submissions. The prime security issue, that has been the
main obstacle in a wide adoption of e-tendering, is the lack
of fairness of the e-tendering process. A secure e-tendering
solution should support both fairness and transparency in
order to guarantee tenderers to see progress of their
submission processing. It is also important that when
disputes arise, an e-tendering system should be able to
provide a full history of the events leading up to contract
award which can be publicly verified withoutcompromising confidentiality or privacy.
C. PKI (Public Key infrastructure)
Public-key infrastructure a comprehensive system that
provides public-key encryption and digital signature
services to ensure confidentiality, access control, data
integrity, authentication and non-repudiation. A public-key
infrastructure is probably the most critical enterprise
security investment a company will make in the next few
years. This is mostly used in E-Business applications. PKI
Enable new business processes.
Some of the point that is covered by PKI for security is:
Identify users accessing sensitive information?
(Authentication)
control who accesses information (Access Control)
Be sure communication is private but carried over the
Internet? (Privacy)
Ensure data has not been tampered with? (Integrity)
Provide a digital method of signing information and
transactions? (Non-repudiation)
![Page 2: IJETAE_0713_35](https://reader031.vdocument.in/reader031/viewer/2022021318/577cd2291a28ab9e789535e5/html5/thumbnails/2.jpg)
8/13/2019 IJETAE_0713_35
http://slidepdf.com/reader/full/ijetae071335 2/6
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 3, Issue 7, July 2013)
218
In PKI pair of key is generated for user that is public and
private key, public key used for encryption where as private key is used for decryption this is called as an
asymmetric key. Public key is derived from private key so
it is infeasible to derive private key from public key. When
the sender of a message uses the public key of the recipient
to encrypt it, the sender can be sure that its contents can
only be read after being decrypted by the recipient and by
no one else.
II. E NHANCEMENT OF TRADITIONAL TENDERING TO E-
TENDERING
Earlier Tendering process was done through Public
Service publisher (PSP) that was paper work and Tendering
process was done manually by a person when e-Tenderingconcept was not there. Traditional tender processes can be
long and cumbersome, often taking three months or longer,
which is costly for both buyer and supplier organizations.
In traditional, tendering process tendering was done
through envelop or paper which has many disadvantages
like wastage of time, paper, money, fraud in tendering,
human errors and fraudulent. The process of Tendering was
very tedious as all the work was done through a paper or
envelops. In this security was main concern as may be the
bid amount could be stolen or leaked. Hence to overcome
with these issues government and private industries had
found out the way for online tendering i.e. e-Tendering. In
e-Tendering the whole process is carried out online. Userneed to be authenticated and submit the bid electronically
so there is very little chance to breach that security. All the
work done through web portal and the data will be store
directly in to the database. No one has the access to the web
application and the database. But still there is a risk may be
someone hack bid data from that web portal. It may be
possible that the data or information stored in database is in
readable format so if hacker hack this data bidder can be
loose that entire bid. Hence again the concern was the same
i.e. security to avoid such malfunctioning.
Figure I: Enhancement of Traditional Tendering To e -Tendering
This can be avoided by implementing E-Tendering with
PKI. The data in the database will be stored in strongly
encrypted format in unreadable format and no one can read
that data without decrypt it. Public key infrastructure is
very helpful and highly secure in e-Tendering. In
Asymmetric PKI Implementation whole process carried out
at client end. Secure submission of bid from bidder
computer to the server should be done after the bid is
encrypted using PKI and further submitted to the server
through SSL encryption. Only the encrypted file submitted
by the bidder should be stored and decrypted at theTendering Opening Event (TOE) [3].
III. IMPLEMENTATION OF PKI I N E-TENDERING
E-Tendering system requires security like
confidentiality, integrity, Non-Repudiation as well as
Authentication [1]. Hence, for implementing e-tendering
system we need this requirement. This requirement will be
fulfilled with implementing PKI in system. PKI
Component includes digital Certificate, Public and Private
Key, Secure Socket Layer (SSL), Certificate Authority.
![Page 3: IJETAE_0713_35](https://reader031.vdocument.in/reader031/viewer/2022021318/577cd2291a28ab9e789535e5/html5/thumbnails/3.jpg)
8/13/2019 IJETAE_0713_35
http://slidepdf.com/reader/full/ijetae071335 3/6
![Page 4: IJETAE_0713_35](https://reader031.vdocument.in/reader031/viewer/2022021318/577cd2291a28ab9e789535e5/html5/thumbnails/4.jpg)
8/13/2019 IJETAE_0713_35
http://slidepdf.com/reader/full/ijetae071335 4/6
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 3, Issue 7, July 2013)
220
Hence, the data are completely secured it gets stored in
un-readable format, Also if someone tempers the data, itdoes not get decrypted. The data can be decrypted only
with the supplier’s private key only. Supplier, himself only
is the authorized person to view the bid. All the documents
uploaded also get encrypted & stored either in database
server
As, PKI uses asymmetric Encryption /Decryption, It is
impossible to decrypt the data after final bid submission,
Entire bid gets encrypted & stored in database. Private key
with which bid is decrypted is available with concerned
person/officer before the public tender opening event. An
Internet Standard Secure Protocol SSL is used in PKI that
will secure data by encrypting data at the time of
transmission. Before bid is submitted to the database serverthe computer are protected with SSL Encryption and
Database level Encryption. And it will be decrypted
accordingly and after reaching to the server the SSL
Encryption is removed and bid is again encrypted with
PKI. [2, 3]
Figure III: Bid Submission Process
C. Bid Evaluation
Bid evaluation process will be carried out at buyer end buyer will create the committee. This committee is
responsible for bid opening. After analysing the entire bid
will be evaluated and comparative report will be generated
and result will be shared and appropriate supplier will get
the award of contract (AOC).
Figure IV: Bid Evaluation Process
D. Tender Process Cycle
Buyer End: The supplier has to login in his account for
Tender creation & publishing the tender online. After
publishing of the tender, that tender is available for bid
submission. If any correction is done in the
information/requirement of the tender, then tender
Corrigendum is done. Hence, the tender is again available
for bid submission.
On the tender opening date i.e. BID EVALUATION; the
tender is evaluated with the digital certificate (private key)
of the buyer at buyer end. The supplier whose bid is
minimum is awarded the contract.
![Page 5: IJETAE_0713_35](https://reader031.vdocument.in/reader031/viewer/2022021318/577cd2291a28ab9e789535e5/html5/thumbnails/5.jpg)
8/13/2019 IJETAE_0713_35
http://slidepdf.com/reader/full/ijetae071335 5/6
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 3, Issue 7, July 2013)
221
Figure V: Tender Process Cycle
Supplier End: The supplier has to login in his account
for bidding for appropriate tender. Supplier has to plug-in
e-Token consisting of his valid CLASS III digital
certificates. After logging into the system supplier will be
allowed to bid for the tender. The tender data will be stored
in an encrypted format. Supplier will be able to edit his bid
until he has not done final bid submission. After final bid
submission, supplier cannot edit the bid. He can only view
the result of the bid.
TABLE I
COMPARISON OF E-TENDERING PROCESS WITHOUT PKI AND WITH
PKI IMPLEMENTATION
e-Tendering Process
Without PKI
e-Tendering Process With
PKI Component
Data is not Highly Secured Data is Highly secured by
Asymmetric key
Data is stored in plain text andhence it is vulnerable forcritical information
Data is stored in encryptedformat. Impossible to decryptthe encrypted data.
In Symmetric key Each
message has been encrypted
with the same key so attacker
can figure out the key that is
used for encryption anddecryption
In Asymmetric key Message
has been decrypted with
different key so there is no
possibility of hacker can
hack data
Does not provides
confidentiality, non-
repudiation
Provides true confidentiality
and non-repudiation
Does not follows security
norms set by govt. of India
Implementing PKI follows
all the security norms set by
govt. of India as per IT Act
2000
In simple e-Tendering,
maximum symmetric
encryption methodology can
be applied that provides
security up to some extent
In e-Tendering with PKI,
symmetric as well as
asymmetric encryption
methodologies can be applied
that provides maximum
security
Symmetric
Encryption/Decryption takes
place at server side if the key
is leaked data becomes
insecure
Asymmetric
Encryption/decryption
happens at the client end and
the data travels in an
encrypted format hence,
your data becomes secure
![Page 6: IJETAE_0713_35](https://reader031.vdocument.in/reader031/viewer/2022021318/577cd2291a28ab9e789535e5/html5/thumbnails/6.jpg)
8/13/2019 IJETAE_0713_35
http://slidepdf.com/reader/full/ijetae071335 6/6
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 3, Issue 7, July 2013)
222
IV. CONCLUSION
The article focuses the importance of e-Commerce through e-Tendering with high security implementation through PKI. Asdiscussed in paper, through PKI provides securities likeauthentication, privacy, integrity and non-repudiation in electronictendering process. The process proves reliable, secure and time
efficient with little human intervention. Complete automaticsystem can be achieved through precise implementation of
proposed architecture. The article concludes the advantages of e-Tendering with PKI than e-Tendering without PKI. The overall
system can be shielded more properly through combination of both private key and public key.
REFERENCES
[1] Vijayakrishnan Pasupathinathan, Josef Pieprzyk, “A Fair E-
Tendering Protocol” , ACAC, Department of Computing, Macquarie
University, Sydney, Australia
[2] Quality requirements of eProcurement System
[3] PKI Ensures Fair, Fast & Secure e-Procurement, TCS
[4] PKI and e-Procurement-An Indian Perspective, (n) Code Solutions[5] Ameera Damsika, Dulhan Ranasinghe, Dhananjay Kulkarni,”A
Novel Mechanism for Secure E-Tendering in an open electronic
tender”, Asia Pacific Institute of Information Technology – Sri
Lanka
[6] Haslina Mohd, Mlohd Afdhal Muhammad Robie, Fauziah Baharom,
Nazib Nordin, Norida muhd Darus,Mohamed AliSaip, Azman
Yasmi, Azida Zainol, Nor Laily hashim, “Misuse Case Modeling for
Secure E-Tendering System” ,2012
[7] Jitendra Kohli, “Red Flags In E-Procurement/ E-Tendering For
public Procurement and Some Remedial Measures”, IIT(Delhi)
[8] “Information Technology Act 2000 ”, Government of India
[9] Government of Gujarat Industries and Mines Department,“Introduction of E-Procurement System in all the Government
Departments and Heads of Department, Boards, Corporations of the
State Government, Nigams and Societies under the administrativecontrol of the State Government and which are funded by the
Government” , 2006