EUROMED-JAVA: Trusted Third Party Services for securing medical Java applets

  • Angelos Varvitsiotis
  • Despina Polemi
  • Andy Marsh
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1485)


EUROMED, a DG III project1, aims to create the foundation of telemedical information society. EUROMED-ETS, an INFOSEC project, provided secure communications among EUROMED participants by establishing Trusted Third Party Services (TTPs) over the Web. Java technology plays an important role in EUROMED. In this paper, the threats that Java technology introduces to EUROMED are explored and security countermeasures are proposed, utilizing the TTP infrastructure.


Telemedical Applications Web Trusted Third Party Services Java EUROMED EUROMED-ETS 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    Ahuja, V.: Network & Internet Security. Academic Press, NY 1996.Google Scholar
  2. [2]
    Barber, B., Bakker A.R. and S. Bengtsson(eds.): Caring for Health Information: Safety, Security and Secrecy. Amsterdam: Elsevier Science, 1994.Google Scholar
  3. [3]
    Blobel, B.: “Towards Security in Medical Telematics: Legal and Technical Aspects,” Open Information Systems and Data Security in Medicine. Barber B., Treacher A. and K. Louwerse (eds). pp.168–182. IOS Press, Amsterdam, Washington, Tokyo, 1996.Google Scholar
  4. [4]
    Council of Europe Recommendation R(97)5: On The Protection of Medical Data. Council of Europe, Strasbourg, 13 February 1997.Google Scholar
  5. [5]
    UK Dept. of Trade and Industry ref. URN 97/669: Licensing of Trusted Third Parties for the Provision of Encryption Services. London, March 1997.Google Scholar
  6. [6]
    Menezes, van Oorschot and Vanstone.: Handbook of Applied Cryptography. CRC Press, 1996.Google Scholar
  7. [7]
    Rothermel, K. and R. Popescu-Zeletin (eds).: Mobile Agents’97 — Proc. 1st International Workshop. LNCS 1219, Springer-Verlag, April 1997.Google Scholar
  8. [8]
    Schneier, B.: Applied Cryptography, Protocols, Algorithms and Source Code in C. J. Wiley and Sons Inc, 2nd Ed, 1996.Google Scholar
  9. [9]
    Camp L.J., Sirbu M.: “Critical Issues in Internet Commerce,” IEEE Communications Magazine. pp.58–62. IEEE Press, 1997.Google Scholar
  10. [10]
    Yourdon E.: “Java, the Web and Software Development,” IEEE COMPUTER Magazine. pp.25–30, 1996.Google Scholar
  11. [11]
    Hamilton M.: “Java and the Shift to Net-Centric Computing,”. IEEE COMPUTER Magazine. pp.31–39, 1996.Google Scholar
  12. [12]
    Vigna G. (ed): Proc. Mobile Agents and Security. LNCS, Springer-Verlag, 1998 (forthcomming).Google Scholar
  13. [13]
    Marsh A., Delibasis K., Mouravlianski N. and C. Michael: “EUROMED — A WWW-based multi-mediaTelemedical information system,” subm. in Transactions on Information Technology in Biomedicine.Google Scholar
  14. [14]
    Marsh A.: “EUROMED — A WWW-based multi-media medical information system,” Proc. 19th Annual Intl. Conf. IEEE Engineering in Medicine and Biology Society. IEEE-EMBS, Chicago, 1997.Google Scholar
  15. [15]
    McGraw G. and Ed Felton: Java Security: Hostile Applets, Holes, and Antidotes. J.Wiley, ISBN 0-471-17842-X.Google Scholar
  16. [16]
    Venners, B.: “Java security: How to install the security manager and customize your security policy,” Scholar
  17. [17]
    Sun Microsystems Inc.: “Secure Computing with Java: Now and the Future,” (White Paper) Java One 1997 Conference. j Scholar
  18. [18]
    Sun Microsystems Inc.: “Security-related Java APIs,” j Scholar
  19. [19]
    Freier, P., Karlton and P. Kocher: “The SSL Protocol Version 3.0,” Internet Engineering Task Force: Internet Draft. Scholar
  20. [20]
    Rescorla, A. and Schiffman: “The Secure HyperText Transfer Protocol,” Internet Engineering Task Force: Internet Draft. Scholar
  21. [21]
    Rivest, R.: “The MD5 Message-Digest Algorithm,” MIT Laboratory for Computer Science and RSA Data Security, Inc., April 1992. Internet Engineering Task Force: Request For Comments RFC1321. Scholar
  22. [22]
    EUROMED, ISIS ’95, DG III programme, 1995–1998. euromed.iccs.ntua.grGoogle Scholar
  23. [23]
    EUROMED-ETS: Trusted Third Party Services for Health Care in Europe. INFOSEC programme, DG XIII, 1997. Scholar
  24. [24]
    NIST, FIPS PUB 180-1: Secure Hash Standard. National Institute of Standards and Technology, U.S. Dept. of Commerce, April 1995.Google Scholar
  25. [25]
    Krawczyk, H., Bellcare M. and R. Canetti: “HMAC: Keyed-Hashing for Message Authentication,” Internet Engineering Task Force: Request for Comments. Scholar
  26. [26]
    ANSI X3.106: American National Standard for Information Systems Data Link Encryption. American National Standards Institute, 1983.Google Scholar
  27. [27]
    Tuchman, W.: “Hellman Presents no Shortcut Solutions to DES,” IEEE Spectrum. 16:8, July 1979.Google Scholar
  28. [28]
    Thayer, R. and K. Kaukonen: “A Stream Cipher Encryption Algorithm,” Internet Engineering Task Force: Internet Draft, July 1997. Scholar
  29. [29]
    RSA Laboratories: “PKCS #12: Personal Information Exchange Syntax Standard,” (version 1.0 Draft), April 1997.Google Scholar
  30. [30]
    CEC COM (90) 314 final SYN 287: “On the Protection of Individuals in Relation to the Processing of Personal Data,” Commission of the European Communities, Brussels, September 1990.Google Scholar
  31. [31]
    CEC COM(90) 314 final SYN 288: “On the Protection of Personal Data and Privacy in the Context of Public Digital Telecommunication Networks,” Commission of the European Communities, Brussels, September 1990.Google Scholar
  32. [32]
    CE R(81)1: Recommendation R(81)1 on Automated Medical Data Banks, Council of Europe Convention 108, January 1981, ISBN 92-871-0022-5.Google Scholar
  33. [33]
    EU 95/46/EC: On the Protection of Individuals with regards to the Processing of Personal Data and on the Free Movement of Such Data, European Union Directive, OJ L281/31-50, October 1995.Google Scholar
  34. [34]
    Simitis, S.: “Reviewing Privacy in an Information Society,” Univ. Pennsylvania Law Review, V.135, pp.707–746, March 1987.CrossRefGoogle Scholar
  35. [35]
    Sun Microsystems Inc.: “Java Naming and Directory Interface,” Scholar
  36. [36]
    Wahl, M., Howes, T. and S. Kille: “Lightweight Directory Access Protocol (v3),” Internet Engineering Task Force: Request For Comments RFC2251. Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Angelos Varvitsiotis
    • 1
  • Despina Polemi
    • 1
  • Andy Marsh
    • 1
  1. 1.Institute of Communications and Computer Systems (ICCS)National Technical University of Athens (NTUA) Heroon Polytechniou 9AthensGreece

Personalised recommendations