HOME
NEWS

Digital Signatures: Making e-Procurements Safer


By VARINDIA - 2018-11-12
Digital Signatures: Making e-Procurements Safer

In today’s times, technology evolves real fast… the flip side, so do hackers. Armed with a deviously brilliant mind and superior knowledge of the latest technologies, hackers are breaching organisation’s cybersecurity with such surprising ease that’s it’s worrisome.

 

The latest victim of a sophisticated cyber fraud has been the Madhya Pradesh (MP) government. Dubbed as the ‘e-tender scam’, the fraud involved large-scale manipulation of the government’s e-procurement platform to rig the bids in favour of a select few private companies. Fraudsters breached the e-procurement platform to check the bids quoted by various vendors and modified the bids of the companies of their choice to the lowest.

 

How did this happen?

 

The scam came to light in March this year, when the Madhya Pradesh Jal Nigam (MPJNL) was notified by an internal report that the bidding data submitted by vendors was being modified in collusion with some insiders and a few private companies.

 

The internal inquiry revealed that the bids for rural water supply schemes had been altered to make three favoured companies the lowest bidders. The bids of other vendors were illegally made available to these bidders so they could lower their bids and seal the deal.

 

How was the scam unearthed?

 

Investigators conclude that the use of Digital Signatures (also known as Digital Signature Certificates or DSCs) and Encryption Keys played a pivotal role in unearthing the scam.

 

To ensure optimal security and transparency in the bidding process, the MP government’s e-procurement platform mandated that a vendor’s bidding data should be encrypted using the DSC of the Tender Opening Authority (TOA) and decrypted using the TOA’s encryption certificate keys.

 

When the bids of the submitted tenders were opened, the platform instantly highlighted a mismatch in the One-Way Hash (OWH) value of the vendor’s bid document. This, in turn, resulted in the ‘signature verification’ page showing an error in ‘signature and certificate validation status’, thereby indicating that the original bid data was modified at a later stage by an unauthorized person.

 

The OWH (a mathematical algorithm that indexes data of arbitrary size) that was generated at the time of submitting the bid was different from the tampered OWH, which indicated that the document content had been altered.

 

How Digital Signatures make e-Procurements safer

 

In today’s times, many organisations strive to transform into a paperless office to improve their efficiency and reduce operational costs.

 

In a paperless environment like this where most documents -especially confidential documents like tender bids, contracts, etc., are stored in an electronic format, adopting a Digital Signatures-based approach can help organisations in many ways. Below are three significant benefits:

 

Authentication

 

When it comes to submitting bids for e-tenders, prospective vendors submit a lot of confidential information like their company’s financial information, personal information of the directors and other senior personnel, name and contact details of their clients for reference checks, bid amount, etc.

 

To get an undue advantage over others, competing vendors would definitely like to access such confidential information. They usually obtain this information in connivance with insiders who have a direct access to it. As seen in the MP e-tender scam, once such information is accessed, the original bid documents can be modified to get an upper hand in the bidding process.

 

The use of Digital Signatures is perhaps the most certain way to prevent such manipulations. Since the ownership of a Digital Signature Key is bound to a specific user only, a ‘valid signature’ notification guarantees that the document was sent by that user only.

 

Integrity

 

In many scenarios, the sender and receiver of a document need assurance that the document has not been altered in any way during transmission. Digital Signatures provide this feature by using cryptographic ‘message digest’ functions that contain a string of digits created by a one-way hashing formula.

 

As seen in the case of the MP e-tender scam, any alteration in the original document gets instantly highlighted due to a mismatch in the OWH value of the original document and its altered version.

 

Non-repudiation

 

Digital Signatures ensure that the sender who has signed any document cannot at a later stage deny signing it. For e-tenders, this feature plays a crucial role, as a prospective vendor cannot at a later stage deny submitting a bid with certain prices or submitting certain information during the prequalification stage.

 

Conclusion

 

As organisations shun paper-based processes and embrace digital practices like e-procurements, it is crucial that they implement robust cybersecurity measures to avoid breaches.

 

With an increasing number of procurement teams storing a chunk of proposals, contracts and other commercial documents in the digital format for ease of access, the need of the hour to prevent cyber frauds, is to adopt digital signing to verify the authenticity of such documents and use HSMs to ensure zero-compromise of the sensitive digital signatures.

 

Ved Prakash
Senior Business Development Manager
Banking Identity & Data Protection Enterprise & Cybersecurity; Gemalto

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA