EUROMED-JAVA: Trusted Third Party Services for securing medical Java applets

Angelos Varvitsiotis¹,
Despina Polemi¹ &
Andy Marsh¹

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1485))

Included in the following conference series:

European Symposium on Research in Computer Security

286 Accesses
2 Citations

Abstract

EUROMED, a DG III project¹, aims to create the foundation of telemedical information society. EUROMED-ETS, an INFOSEC project, provided secure communications among EUROMED participants by establishing Trusted Third Party Services (TTPs) over the Web. Java technology plays an important role in EUROMED. In this paper, the threats that Java technology introduces to EUROMED are explored and security countermeasures are proposed, utilizing the TTP infrastructure.

Download to read the full chapter text

Chapter PDF

Keywords

References

Ahuja, V.: Network & Internet Security. Academic Press, NY 1996.
Google Scholar
Barber, B., Bakker A.R. and S. Bengtsson(eds.): Caring for Health Information: Safety, Security and Secrecy. Amsterdam: Elsevier Science, 1994.
Google Scholar
Blobel, B.: “Towards Security in Medical Telematics: Legal and Technical Aspects,” Open Information Systems and Data Security in Medicine. Barber B., Treacher A. and K. Louwerse (eds). pp.168–182. IOS Press, Amsterdam, Washington, Tokyo, 1996.
Google Scholar
Council of Europe Recommendation R(97)5: On The Protection of Medical Data. Council of Europe, Strasbourg, 13 February 1997.
Google Scholar
UK Dept. of Trade and Industry ref. URN 97/669: Licensing of Trusted Third Parties for the Provision of Encryption Services. London, March 1997.
Google Scholar
Menezes, van Oorschot and Vanstone.: Handbook of Applied Cryptography. CRC Press, 1996.
Google Scholar
Rothermel, K. and R. Popescu-Zeletin (eds).: Mobile Agents’97 — Proc. 1st International Workshop. LNCS 1219, Springer-Verlag, April 1997.
Google Scholar
Schneier, B.: Applied Cryptography, Protocols, Algorithms and Source Code in C. J. Wiley and Sons Inc, 2nd Ed, 1996.
Google Scholar
Camp L.J., Sirbu M.: “Critical Issues in Internet Commerce,” IEEE Communications Magazine. pp.58–62. IEEE Press, 1997.
Google Scholar
Yourdon E.: “Java, the Web and Software Development,” IEEE COMPUTER Magazine. pp.25–30, 1996.
Google Scholar
Hamilton M.: “Java and the Shift to Net-Centric Computing,”. IEEE COMPUTER Magazine. pp.31–39, 1996.
Google Scholar
Vigna G. (ed): Proc. Mobile Agents and Security. LNCS, Springer-Verlag, 1998 (forthcomming).
Google Scholar
Marsh A., Delibasis K., Mouravlianski N. and C. Michael: “EUROMED — A WWW-based multi-mediaTelemedical information system,” subm. in Transactions on Information Technology in Biomedicine.
Google Scholar
Marsh A.: “EUROMED — A WWW-based multi-media medical information system,” Proc. 19th Annual Intl. Conf. IEEE Engineering in Medicine and Biology Society. IEEE-EMBS, Chicago, 1997.
Google Scholar
McGraw G. and Ed Felton: Java Security: Hostile Applets, Holes, and Antidotes. J.Wiley, ISBN 0-471-17842-X.
Google Scholar
Venners, B.: “Java security: How to install the security manager and customize your security policy,” www.javaworld.com/javaworld/jw-11-1997/jw-11-hood.html
Google Scholar
Sun Microsystems Inc.: “Secure Computing with Java: Now and the Future,” (White Paper) Java One 1997 Conference. j ava.sun.com/marketing/collateral/security.html
Google Scholar
Sun Microsystems Inc.: “Security-related Java APIs,” j ava.sun.com/security
Google Scholar
Freier, P., Karlton and P. Kocher: “The SSL Protocol Version 3.0,” Internet Engineering Task Force: Internet Draft. ietf.org/internet-drafts/draft-ietf-tls-ssl-version3-00.txt
Google Scholar
Rescorla, A. and Schiffman: “The Secure HyperText Transfer Protocol,” Internet Engineering Task Force: Internet Draft. ietf.org/internet-drafts/draft-ietf-wts-shttp-03.txt
Google Scholar
Rivest, R.: “The MD5 Message-Digest Algorithm,” MIT Laboratory for Computer Science and RSA Data Security, Inc., April 1992. Internet Engineering Task Force: Request For Comments RFC1321. ds.internic.net/rfc/rfc1321.txt
Google Scholar
EUROMED, ISIS ’95, DG III programme, 1995–1998. euromed.iccs.ntua.gr
Google Scholar
EUROMED-ETS: Trusted Third Party Services for Health Care in Europe. INFOSEC programme, DG XIII, 1997. narcisus.esd.ece.ntua.gr/www/ETS
Google Scholar
NIST, FIPS PUB 180-1: Secure Hash Standard. National Institute of Standards and Technology, U.S. Dept. of Commerce, April 1995.
Google Scholar
Krawczyk, H., Bellcare M. and R. Canetti: “HMAC: Keyed-Hashing for Message Authentication,” Internet Engineering Task Force: Request for Comments. ds.internic.net/rfc/rfc2104.txt
Google Scholar
ANSI X3.106: American National Standard for Information Systems Data Link Encryption. American National Standards Institute, 1983.
Google Scholar
Tuchman, W.: “Hellman Presents no Shortcut Solutions to DES,” IEEE Spectrum. 16:8, July 1979.
Google Scholar
Thayer, R. and K. Kaukonen: “A Stream Cipher Encryption Algorithm,” Internet Engineering Task Force: Internet Draft, July 1997. ietf.org/internet-drafts/draft-kaukonen-cipher-arcfour-01.txt
Google Scholar
RSA Laboratories: “PKCS #12: Personal Information Exchange Syntax Standard,” (version 1.0 Draft), April 1997.
Google Scholar
CEC COM (90) 314 final SYN 287: “On the Protection of Individuals in Relation to the Processing of Personal Data,” Commission of the European Communities, Brussels, September 1990.
Google Scholar
CEC COM(90) 314 final SYN 288: “On the Protection of Personal Data and Privacy in the Context of Public Digital Telecommunication Networks,” Commission of the European Communities, Brussels, September 1990.
Google Scholar
CE R(81)1: Recommendation R(81)1 on Automated Medical Data Banks, Council of Europe Convention 108, January 1981, ISBN 92-871-0022-5.
Google Scholar
EU 95/46/EC: On the Protection of Individuals with regards to the Processing of Personal Data and on the Free Movement of Such Data, European Union Directive, OJ L281/31-50, October 1995.
Google Scholar
Simitis, S.: “Reviewing Privacy in an Information Society,” Univ. Pennsylvania Law Review, V.135, pp.707–746, March 1987.
Article Google Scholar
Sun Microsystems Inc.: “Java Naming and Directory Interface,” java.sun.com/products/jndi
Google Scholar
Wahl, M., Howes, T. and S. Kille: “Lightweight Directory Access Protocol (v3),” Internet Engineering Task Force: Request For Comments RFC2251. ds.internic.net/rfc/rfc2251.txt
Google Scholar

Download references

Author information

Authors and Affiliations

Institute of Communications and Computer Systems (ICCS), National Technical University of Athens (NTUA) Heroon Polytechniou 9, Zografou, Athens, Greece
Angelos Varvitsiotis, Despina Polemi (Project Manager of EUROMED-ETS) & Andy Marsh (Project Manager of EUROMED)

Authors

Angelos Varvitsiotis
View author publications
You can also search for this author in PubMed Google Scholar
Despina Polemi
View author publications
You can also search for this author in PubMed Google Scholar
Andy Marsh
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Jean-Jacques Quisquater Yves Deswarte Catherine Meadows Dieter Gollmann

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Varvitsiotis, A., Polemi, D., Marsh, A. (1998). EUROMED-JAVA: Trusted Third Party Services for securing medical Java applets. In: Quisquater, JJ., Deswarte, Y., Meadows, C., Gollmann, D. (eds) Computer Security — ESORICS 98. ESORICS 1998. Lecture Notes in Computer Science, vol 1485. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0055865

Download citation

DOI: https://doi.org/10.1007/BFb0055865
Published: 28 May 2006
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65004-1
Online ISBN: 978-3-540-49784-4
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics