1. Information Security For Internet Bidding

    by Charles Engelke
    Chief Technology Officer

    Internet bid submission is a proven way to improve efficiency and eliminate errors in the sealed bidding process, making it an easy decision to adopt the process. Once your agency has decided to move forward with such a system, your next decision is finding the right vendor that will let you have faith in the security of the system. Any entity submitting or accepting bids via the Internet will have several security concerns. Chief among them are:

    1. Knowing who this bid is really from (forgery resistance)
    2. Ensuring that nobody can alter a bid (non-repudiation)
    3. Preventing the information in a bid from disclosure to unauthorized parties (secrecy)
    4. Ensuring that even authorized parties cannot access them prior to the public opening (sealing)

    A truly secure system addresses those concerns through use of public-key (also called asymmetric) encryption. Unlike traditional encryption, where a single key is used both to encrypt and decrypt data, or sign documents and verify signatures, asymmetric encryption uses a key pair. One of the keys in the pair, called the private key, is created, held, and controlled by the individual who creates the key pair. The other key in the pair, called the public key, is provided to anyone who needs to encrypt data or verify a signature.

    By separating the keys used for encrypting and decrypting, or signing and verifying, we can make sure that only the creator of the key pair can perform the sensitive operations of decrypting or signing, while allowing anyone to perform encrypting and verifying. This is an important change from traditional encryption, which requires all parties to any of those operations to share all keys with each other, which in turn means that any one of those parties could perform operations, such as signing a document, that only one party should be able to do.

    Bid Signing and Signature Verification
    Bids should be signed with the bidder’s private key, which was created by, and solely controlled by, the bidder. Signatures are verified using the bidder’s public key, which can be shared with anyone. Bidders provide their public keys to the bidding service, which verifies the identity of the holder of the key pair before accepting signed bids and other documents.

    Use of public key encryption for signing and verifying addresses two security concerns:

    • Forgery resistance. Verification of a signature with a specific public key mathematically guarantees that it was created using the corresponding private key. Since that private key was created by and always controlled by a single individual, whose identity has been verified by the bidding service, the signature cannot be forged by others.
    • Non-repudiation. Any change to a document after signing invalidates the digital signature, so verification of it will fail. Everyone can be certain that the document has not been changed in any way since it was signed.

    Bid Secrecy and Sealing
    Bids should be encrypted using the receiving entity’s (owner or agency) public key, which can be made available to anyone, including all bidders. However, they can only be decrypted using the matching private key, which was created and is controlled solely by the owner or agency. The bidding service should handle conveying the needed public key to bidders.

    Use of public key encryption when submitting a bid addresses the remaining two concerns:

    • Secrecy. Only the owner or agency has access to the private key needed to decrypt the bid, so unauthorized people cannot read the bid even if they were able to intercept it.
    • Sealing. The bidding service will not deliver a bid until the public opening deadline. Since the only authorized person is the owner or agency, and that person does not have access to the encrypted bid until the service delivers after the opening deadline, the bid remains sealed.

    Contrast with Traditional (Symmetric) Encryption
    Signing and sealing, and encryption and decryption, can be performed with traditional (symmetric) encryption instead of public key (asymmetric) encryption, too. However, only one of the four security concerns identified above are met if symmetric encryption is used. The following concerns are not met in this case:

    • No-repudiation. At the very least, both the signer and the receiving entity that verifies a digital signature must share the same key. The receiver can alter the document and then apply a new digital signature, since the receiver has access to the needed key.
    • Forgery resistance. Entities that receive bids can similarly create entirely new bids, and digitally sign them as if they were a specific bidder, since they share a single key.
    • Secrecy. Although only holders of the shared key can access encrypted information, restricting those holders to only authorized parties is extremely challenging. One party creates the key and then has to transmit it to the other parties using it, which carries a significant risk of disclosure of the key. Asymmetric cryptography never requires the private key to be provided to anyone other than the original creator of the key.

    The fourth concern, sealing a bid, can still be met with symmetric encryption, provided the bidding service does not have access to the shared key. Of course, that would preclude using that same bidding service to transmit the key between parties.

    Agencies should always seek a vendor offering asymmetric encryption for this mission-critical process. It is vital to successful, secure Internet bidding. Info Tech’s Bid Express service has employed asymmetric encryption since its inception in 1999. This is one reason why the service has been accepted by a plethora of public agencies and has grown exponentially over the years. Today, the Bid Express service is used by more than 100 public agencies and more than 10,000 bidders, and has processed over $1 trillion in bids. Visit the Bid Express web page to learn more about the service.