Abstract:
The traditional tendering process is a manual bidding system which involves
the principal advertising or issuing a request for tenders, various suppliers
then make offers, one of which is then accepted by the principal, forming a
contract between the supplier and the principal. Electronic tender (eTender)
management is the continuous usage of electronic means for the entire
tendering process. It enables suppliers in different geographic locations to be
notified of an opportunity to express an interest to download tender
documents and to submit a response. This promotes competition for the
tender and a selection process that is transparent to bidders. eTender
solutions are developed in the absence of the ability to authenticate people by
sight. This creates problems with authenticity and integrity of electronic
transactions as trust has been compromised. Improper use of electronic
communication systems could also increase the possibility of leaking of
tender information. Hence security mechanisms were carefully integrated
into the system to provide desirable security services for the processes
involved in an eTender management system. The focus of this research is to
develop a simple security protocol for electronic tender management that
confirms it met the security challenges such as authenticity, integrity,
confidentiality and non-repudiation, faced by such systems. It comprised of
developing methodologies for establishing security requirements,
constructing security protocols and security verification with a user friendly
interface. A security protocol was developed using generic symmetric key
cryptographic mechanisms with a random string as an additional security
measure. The validity of the protocol was tested progressively throughout the
design and development process to confirm that it provides sufficient
security measures against the challenges. In addition, it was also tested
against identified risk scenarios.