Title: Preserving Confidentiality and Privacy of Sensitive Data in e-Procurement System

Issue Number: Vol. 6, No. 4
Year of Publication: Nov - 2017
Page Numbers: 186-197
Authors: Rajesh Narang, Tanmay Narang
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong
DOI:  http://dx.doi.org/10.17781/P002305

Abstract:


With the inclusion of direct purchases by Government in e-Procurement System, several security agencies are joining it but they expect their sensitive data to remain hidden. So they expect such system to comply not only to the confidentiality, authenticity and non repudiation guidelines given by World Bank related to Price quotation for e-procurement system, but also to comply with maintaining confidentiality of data related to Government buyer departments. The Security Model proposed here studies threats, vulnerabilities and risks to e- Procurement System, evaluates the suitability of Tokenization, Masking and Encryption techniques by applying them to ensure confidentiality, privacy and integrity of data related to bids, and security agencies. The study finds out that masking need to be applied to ensure confidentiality of data of security agencies, Public Key Infrastructure (PKI) to maintain confidentiality and authorization of price quotation and bid, e-sign to bind both buyers and suppliers to the actions taken by them in life cycle of e- Procurement process. Database security controls need also to be implemented so that data related to security Agencies and keys used to encrypt/ decrypt price quote are put in different tables/vault accessible only to authorized users excluding Data Base Administrator. Current approaches focus only on PKI.