https://doi.org/10.31449/inf.v44i2.3090 Informatica 44 (2020) 115–125 115
Privacy Preserving Visual Log Service with Temporal Interval Query using
Interval Tree-based Searchable Symmetric Encryption
Viet-An Pham, Dinh-Hieu Hoang, Huy-Hoang Chung-Nguyen, Mai-Khiem Tran and Minh-Triet Tran
Faculty of Information Technology - Software Engineering Lab - University of Science, VNU-HCM
E-mail: pvan@apcs.vn, hdhieu@apcs.vn, cnhhoang@apcs.vn, tmkhiem@selab.hcmus.edu.vn,
tmtriet@ﬁt.hcmus.edu.vn
Keywords: searchable symmetric encryption, temporal interval query, visual concept extraction
Received: March 15, 2020
Visual logs become widely available via personal cameras, visual sensors in smart environments, or surveil-
lance systems. Storing such data in public services is a common convenient solution, but it is essential to
devise a mechanism to encrypt such data to protect sensitive information while enabling the capability to
query visual content even in encrypted format at the services. More precisely, we need smart systems that
their security and practicality must be balanced against each other. As far as we know, in spite of their
importance in preserving personal privacy, such reliable systems have not gained sufﬁcient attention from
researchers. This motivates our proposal to develop a smart secure service for visual logs with a tempo-
ral interval query. In our system, visual log data are analyzed to generate high-level contents, including
entities, scenes, and activities happening in visual data. Then our system supports data owners to query
these high-level contents from their visual logs at the server-side in a temporal interval while the data are
still encrypted. Our searchable symmetric encryption scheme TIQSSE utilizes interval tree structure and
we prove that our scheme achieves efﬁcient search and update time while also maintaining all important
security properties such as forward privacy, backward privacy, and it does not leak information outside the
desired temporal range.
Povzetek: Problem uravnoteženja proizvodne poti je predstavljen odprto, brez omejitev npr. števila
delavcev, zato je izviren. Avtorji testirajo veˇ c algoritmov in predlagajo najboljšega.
1 Introduction
In daily activities, people usually take photos and record
video clips to capture moments and events in their lives.
Besides, with the booming trend of developing smart inter-
active environments, such as smart homes, ofﬁces, or even
cities, visual sensors are densely integrated to our habitats
to record then analyse external contexts, such as monitoring
users, objects, activities, etc. Consequently, visual lifelogs
become increasingly available and are usually uploaded to
store in online storage services.
In this paper, we target two challenging problems to bet-
ter develop an online storage service for private visual data:
(i) to search photos or video clips based on their content,
and (ii) to protect private data leakage at server-side acci-
dentally or intentionally.
First, we aim to bridge the gap between visual data and
their semantics by allowing data owners to search with key-
words. Each photo or frame in a video clip is processed
to extract high-level concepts, including entities, scene at-
tributes, activities, etc. Different types of high-level con-
cept extractors can be plugged into our framework to meet
speciﬁc requirements in real applications. Consequently, a
photo or video frame can be considered as a document or
a set of concepts, which are ready to be retrieved by key-
words. We also demonstrate a prototype smart edge cam-
era which can be re-conﬁgured remotely to generate visual
data with associated extracted concepts.
Second, a typical solution to protect data secrecy is to
encrypt before uploading data to an online storage server.
However, after encryption, data are no longer suitable to
be searched normally. Symmetric Searchable Encryption
(SSE), ﬁrst proposed by Song et al. [23], can be used as a
promising solution to privately save data while maintaining
the ability to search in a collection of encrypted records.
We adopt the approach of SSE in our proposed solution,
and carefully design it to ensure the property of a dynamic
SSE [13], i.e. to add, update, and delete data efﬁciently
without re-encrypting the whole database.
Besides, we also consider the forward and backward pri-
vacy criteria for SSE. Informally, the former means that
an update query does not leak information if a newly added
document contains keywords that were searched in the past,
while the latter is to make sure that it is impossible to re-
trieve data from deleted ﬁles. Forward privacy has been
receiving a lot of attention, while backward privacy is only
studied in recent years. Most of the existing schemes suf-
fer from key-size overgrowing after deletion queries [2, 4],
thus limits the practicality of these schemes.
Moreover, in particular cases, there are new security
116 Informatica 44 (2020) 115–125 V .-A. Pham et al.
properties that must be satisﬁed: search only in a tempo-
ral interval, and do not leak any information outside of the
requested range. For example, a police wants to check the
private security camera of a company from a range of time
for a criminal event. The company wants to provide the
information exactly from the requested range and not leak
any information from other temporal intervals. A similar
problem is when we want to search for some disease in a
medical database in a temporal interval, it is best to prevent
leaking information of patients in other time. This moti-
vates us to deﬁne Temporal Interval Query SSE (TIQSSE),
a new SSE problem to search by keywords for documents
in a particular temporal interval.
This work is the extension paper of previous TIQSSE
work [20], with more in-depth explanations and analysis.
This paper is also a signiﬁcantly enhanced version of [7].
Our previous work only guarantees a one-sided access pat-
tern. For more clarity, the one-sided access pattern means
that it can only preclude adversaries from extracting in-
formation about the documents that were added after the
queried interval, while still leaking information of doc-
uments that were added before the requested range. In
this paper, there is a great improvement on security since
our SSE scheme now guarantees two-sided access pattern,
which means it also prevents adversaries from gaining in-
formation of added documents.
Our newly deﬁned problem is different from the existing
range query SSE schemes [1, 14]. In a range query SSE
scheme, a server returns every document whose key/iden-
tiﬁer is in a queried range. In our temporal interval SSE
problem, the server only examines documents whose iden-
tiﬁers are inside the temporal interval to select the docu-
ments containing a query keywordw.
Our secure SSE scheme does not suffer from key-size
overgrowing after sufﬁcient deleting queries like previous
schemes. Our idea is based on   o’o& from Raphael Bost
et al. [2] in 2016 and modiﬁes it to match our problem. Al-
though there are many improved constructions later [4, 24],
these ideas are not suitable for our problems that the use
cases we target require efﬁcient deletion operations which
(1) have an acceptable time complexity and (2) do not in-
crease server-side usage.
Our main contributions in this paper are as follows.
– We propose a solution for a public visual data stor-
age service to assist data owners to search their pho-
tos and video clips with keywords, i.e. concepts ex-
tracted from visual content, and preserve data pri-
vacy in query and data manipulation (insert, update,
delete). We also develop a prototype smart edge cam-
era to handle concept extraction for recorded photos
or video clips.
– We also deﬁne TIQSSE as a new SSE problem to
search with encrypted documents in a temporal in-
terval while preventing data leakage outside the re-
quested range. We then propose an efﬁcient solution
to search for a keyword in documents within a deter-
mined time range and achieves both forward and back-
ward privacy.
In Section 2, we brieﬂy review approaches and methods
related to the two main aspects of our work, visual retrieval
with concepts, and searchable symmetric encryption. We
propose a smart secure framework for visual data storage
service and smart edge camera in Section 3. in Section
4, We review the necessary preliminaries of cryptography,
then deﬁne the novel TIQSSE problem. Our scheme which
tackles this problem is introduced in Section 5. The secu-
rity analysis of our proposed scheme is presented in Section
6. In Section 7, we draw our conclusion and discuss some
fascinating directions for future works.
2 Related work
2.1 Visual retrieval with semantic concepts
Visual log retrieval is one of the important problems to
analyse and understand visual content. Different ap-
proaches have been proposed to provide users with var-
ious modalities to input queries and get retrieved results
[17, 18, 26]. Visual semantic concepts from images are
usually used as tags or keywords for interactive retrieval
systems[26, 25]. The concepts can be detected using avail-
able APIs, such as Google Cloud Vision API, or pre-trained
object detectors, such as Yolo [21], FasterRCNN [22], etc.
Besides, scene attributes and categories [30] can be ex-
tracted from images to augment further environmental in-
formation of visual data[25]. Some works also utilize cap-
tioning [27] or activity recognition to capture the dynamic
nature of an image or video clip[16, 15].
In this work, we propose to integrate different concept
extractors to create the associated metadata for each photo
or video clip stored in the smart visual service. We also
develop a prototype smart edge camera that can locally ex-
tract concepts in certain tasks before uploading visual data
to online storage service (see Section 2.1).
2.2 Searchable symmetric encryption
Song et al. [23] ﬁrst proposed a solution to Searchable
Symmetric Encryption in 2000. Although the ﬁrst SSE
scheme was not efﬁcient, it provided a solid foundation for
the problem. Many works were proposed [10, 6] to im-
prove search time and security. However, leakage problems
in SSE were not formally deﬁned. Curtmola et al. [8] were
the ﬁrst to explicitly deﬁne the general acceptable leakage
criteria for SSE problems, including search patterns and ac-
cess patterns that are frequently used several years later.
Although the previous schemes were optimal in search
time, there was no way to update a database without re-
encrypting the whole database. To remove this limitation,
in 2012, dynamic SSE was proposed by Kamara et al. [13].
Their scheme can efﬁciently add or remove ﬁles with the
trade-off by leaking some information when those queries
Privacy Preserving Visual Log Service with. . . Informatica 44 (2020) 115–125 117
are executed. In particular, forward privacy and backward
privacy are not fully satisﬁed.
SSE problem is continuously studied and improved.
Raphael Bost achieved forward privacy in 2016 [2], and
also achieved backward privacy one year later [4]. In 2018,
Sun et al. [24] proposed Puncturable Symmetric Encryp-
tion to construct and improve backward secure. Unfortu-
nately, all schemes mentioned above not only suffer from
key-size overgrowing after many deleting queries, but also
do not support range query property that we need.
Other than proposing new SSE constructions, many ef-
forts were made to attack the proposed security models.
Some notable works are inference attacks on deterministic
encryption (DTE) and order-preserving encryption (OPE)
[19, 11], leakage-abuse attacks [5, 3, 11, 12] and File-
Injection attacks [29, 12].
Before us, there are many works about range queries.
However, they all are different from ours. Their solution is
used for indexing in relational databases and return entities
that have acquired attributes within some range, while in
our scheme, we need to return all the ﬁles containing the
searched keyword in a period.
3 Smart secure framework for
visual data storage service
In this section, we present our proposal for a smart secure
framework for a visual data storage service. We are in-
spired by the idea of edge computing to shift the concept
extraction task toward the smart camera. There has been
an ongoing interest on this shift, particularly from privacy-
aware users due to recent breaches in data centers, where
sensitive user data is processed and may be used for ma-
licious purposes. If the process is on users’ premise, they
will have more control over the data that is generated.
3.1 Smart edge camera with concept
extraction
Figure 1 illustrates the process for concept extraction from
photos/clips in a smart edge camera before uploading vi-
sual data with their associated metadata to the secure vi-
sual service. Different modules for various concept types
can be deployed in the smart edge camera, such as object
detection, person recognition, action recognition, scene at-
tribute, category classiﬁcation, and image captioning.
In our prototype, we utilize NVIDIA Jetson Nano em-
bedded computers with dedicated 128 Maxwell CUDA
cores to handle various machine learning tasks. Our smart
edge camera prototype can be specialized for various spe-
ciﬁc tasks with different models to be deployed and up-
dated (see Figure 2). In our model repository, not only
there are existing pre-trained models, such as ResNet-50,
MobileNet-v2, SSD ResNet-18, SSD Mobilenet-V2, Tiny
YOLO V3, but we also prepare our own custom models for
other tasks, such as custom object detectors for contexts
Visual Content Analysis
Object Detection
Person 
Recognition
Scene 
Classification
Scene Attribute 
Extraction
Action 
Recognition
Image 
Captioning
Smart Edge Camera
Secure                       
Visual Service
Photo/
Clip
{Keyword}
Associated Concepts
………
Figure 1: Concept extraction from photos/clips in a smart
edge camera.
originated from Vietnam or image captioning with concept
augmentation [27].
Future custom models can also be created and further
optimized with various techniques such as quantization, fu-
sion, and scheduling available in NVIDIA TensorRT SDK,
then deployed to the smart camera. Due to its cloud nature,
the devices’ software can be remotely updated, and addi-
tional machine learning models can be added in a secure
manner.
Model Manager
Model 
Deployment
Pretrained Model
Repository
Pretrained Model
Retrieval
Custom Model
Uploader
Smart Edge Camera
Custom Model
Figure 2: Model update for an edge camera.
3.2 Components in a smart secure visual
system
We propose a scenario in which a system collects, pro-
cesses, and synchronizes the data from various cameras,
including the proposed smart edge ones, to a visual data
server that utilizes our proposed secure scheme for SSE.
Figure 3 illustrates the three key components of the sys-
tem: a storage and query processing server, camera nodes,
and query nodes.
Decrypt
User 
data
User 
data
Encrypt
Pre-shared 
key
Remote Node
Synchronize
Retrieve
User 
data
User 
data
Pre-shared 
key
Decrypt
User
Query Node
Storage 
Server
Administrator
User 
data
Search
Figure 3: Main components in smart secure visual system.
118 Informatica 44 (2020) 115–125 V .-A. Pham et al.
In our system, the storage and query processing server
supports multiple users, and the server owner can be dif-
ferent from the data owners. The owners of the server can
fully examine the stored data, but are expected not to un-
derstand or to exploit useful information from stored data.
Thus, to ensure this crucial property of our visual system,
i.e. preserving data privacy for data owners, we deﬁne a
new problem of Temporal Interval Query SSE (in Section
4) and propose an efﬁcient solution for this problem (in
Section 5).
A user, after signing up, is provided a means to sub-
mit and retrieve data over commonly utilized protocols,
such as HTTP SSL, SMB, or SFTP. Querying is done over
an API with a common contract protocol implemented in
gRPC, a protocol buffer library that utilizes HTTP2 over
an SSL Channel. With gRPC’s wide adoption status across
numerous languages and libraries, the implementation is
relatively easy and open for everyone. Connections to the
server are secured with the server’s certiﬁcate by default.
We assume this certiﬁcate is self-signed and pre-installed
on every query node via personal trusted channels before-
hand. A user usually plays both roles as a generator party
at upload time from a camera node and a querying party
at retrieve time from a query node, which can be his or
her mobile device. Thanks to the loosely coupled architec-
ture, our proposed system allows new users to dynamically
join in without any interruptions on the server-side using a
streamlined user interface.
4 Temporal interval query
searchable symmetric encryption
In this section, we ﬁrst provide background knowledge that
includes several cryptographic primitives and the dynamic
SSE problem. Then we introduce the deﬁnition and secu-
rity properties for TIQSSE.
4.1 Preliminaries
For consistency in presentation, we denotes:
– x
$
  f 0; 1g
n
as randomizingn bits then store the re-
sult tox.
– n as the number of added ﬁles. F
n
as the n-th ﬁle.
EF
n
as the encrypted ﬁle corresponding toF
n
.
–? as null or empty.   as the security parame-
ter. Security parameter means that unless speciﬁed
explicitly, the keys used in SSE scheme is   -bit in
length, and the probability for an adversary to break
the scheme is 2
    .
We use several cryptographic primitives from Dan
Boneh and Victor Shoup [9] which includes: negligible
function, pseudo random generator (PRG), pseudo ran-
dom function (PRF), simulator, and symmetric encryp-
tion. For the symmetric encryption, we denote the encryp-
tion of plaintext m with secret key sk as SE:enc(sk;m),
and the decryption of ciphertext c with secret key sk as
SE:dec(sk;c).
We also inherit the idea of trapdoor permutation from
Bost et al. [2] and denote the function as   . For-
mally: One can compute  ofp
1
with the secret keyK
s
:
p
2
     (K
s
;p
1
). Givenp
2
in  ’s proper, one can derive
the original p
1
with the public key: p
1
       1
(K
p
;p
2
).
Finally, for all p we have p =   (K
s
;    1
(K
p
;p)) =
    1
(K
p
;  (K
s
;p)).
4.2 Dynamic symmetric searchable
encryption
In SSE, we view the database as an array of ﬁles
F = (f
1
;f
2
;:::;f
n
) where f
i
consists of multiple words
(w
1
;w
2
;:::;w
mi
). Later when the client request a search
on keywordw, the client obfuscate or encryptw into trap-
doorT and give it to server. The server when receivingT
must return a list of result identiﬁersR = (id
1
;id
2
;:::;id
r
)
such that when returned to the client, for everyi we have
w2 F
idi
. It is notable that the act of obfuscatingw into
T is essential because it hides the original keyword from
the server, in this paper we call this as trapdoor generation
procedure.
In other words, dynamic SSE consists of one algorithm
Setup and two protocolsSearch andUpdate.
– InSetup phase, the client creates some keys and key-
pairs that will be used in the other 2 protocols.
– TheSearch protocol consists of multiple interactions
between client and server when the client request a
search. For each client’s request, the server should
receive the trapdoorT and return a list of ﬁles as we
mentioned in the above paragraph.
– TheUpdate protocol is comprised of 2 types of up-
dates which is add a new ﬁle and delete an existed
ﬁle. Depending on which update protocol, the en-
crypted database on the untrusted server will be mod-
iﬁed based on the SSE scheme.
Correctness. An SSE iscorrect if the probability that
the search protocol returns the false results to client is neg-
ligible.
Security. The SSE scheme   is said to be adaptively
secure, if for any adversaryA who issues a polynomial
number of queries q(  ), there exist a polynomial-time sim-
ulatorS such that:
jP [SSEReal
  A
( ;q ) = 1]
  P [SSEIdeal
A;S;L
( ;q ) = 1]j<negl(  )
Privacy Preserving Visual Log Service with. . . Informatica 44 (2020) 115–125 119
Informally, the simulatorS can be thought of as an efﬁ-
cient probabilistic algorithm such that its output distribu-
tion is identical to the real scheme’s output distribution.
Then, the theorem above can be semantically understood
as: if we can prove there exists a simulatorS of SSE
scheme   , then it is very hard for the adversary to distin-
guish between the real case with a simulation case. Hence,
we achieve adaptive security for SSE.
4.3 Deﬁnition of temporal interval query
SSE
Temporal Interval Query SSE continues to use the model
of the original dynamic Symmetric Searchable Encryption
but modiﬁes theSearch protocol. When the client issues a
search request, ﬁrstly he chooses a range of interest [L;R],
then he chooses a keywordw he wants to search on, then
he generates the trapdoor vectorT that represents the key-
word w for that range [L;R], ﬁnally he gives (T;L;R)
to server. The server when receiving (T;L;R) must re-
turn a list of result identiﬁersR
w;L;R
= (id
1
;id
2
;:::;id
r
)
such that when returned to the client, for everyi we have
w2F
idi
andL  id
i
  R (see Figure 4).
4.4 Security
Forward privacy: Informally, a SSE scheme achieves for-
ward privacy if its Update query does not leak any infor-
mation about the newly added ﬁle even if it contains key-
words that are previously searched keywords. For example,
the client searched for a keywordw. Later, when the client
add a ﬁle F that contains w, the server should not know
that w exists inside F. Many researches [5] showed that
if a scheme does not attain forward privacy, the client’s
queries, or even the plaintext, can be revealed even with
small leakage. There also exist attacks [29] that can effec-
tively exploit the vulnerability of those schemes to break
query privacy. In addition, forward privacy can also im-
proves time and space performances [2].
Backward privacy: To have backward privacy in dy-
namic SSE, we must prevent the adversary from gaining
knowledge of deleted ﬁles from new queries. For example,
if there exists a deleted ﬁleF that contains a wordw and
has never been queried, in the future when client search for
Time instant t
1
{Keyword}
Photo/
Clip
Time instant L
{Keyword}
Photo/
Clip
Time instant R
{Keyword}
Photo/
Clip
Time instant t
n
{Keyword}
Photo/
Clip
… … …
timeline
Search for keywordw in “documents” 
only from time instant L to R
Figure 4: An example of temporal interval query.
wordw, it is expected to prevent the server from knowing
w2F.
In order to have searchable property over encrypted data,
there must be some leaking information throughout the
process. We follow many previous works [2, 4, 24] and
call this as leakage functionL = (L
Stp
;L
Srch
;L
Updt
).
The leakage functionL is used to express the information
learned by the untrusted server from 3 protocols Setup,
Search,Update.
Setup leakage: In the setup algorithm, the client gener-
ates some keys and keypairs for later usage inSearch and
Update protocol. Because of that, the leakage of setup
phase is the public keys (if there is any) that the client wants
to share with the serverL
Stp
=PK.
Search leakage: Firstly, letQ as the search requests of
the client where Q
i
= (T
i
;L
i
;R
i
); R as the results re-
turned by the untrusted server;R
i
as the result ofQ
i
where
its content is (id
i;1
;id
i;2
;:::;id
i;ri
); H as the history of
previous searches from the client that H = (Q;R). We
deﬁne the allowed leakage of search protocol is comprised
of search pattern  (H) and access pattern  (H).
The access pattern  (H) indicates the leakage of the re-
turned values of the queries. That is for each query we want
to only leak the existence of keywordw within the existed
ﬁles within the interval [L;R] and non elsewhere.
The search pattern   (H) represents the leakage of the
query parameters from the client. The search pattern con-
sists of 2 levels of security:
– Perfect security: when analyzing 2 different queriesi
andj with common keywordw, it is very hard for the
server to deduceT
i
andT
j
to be the same keyword
w. Because of that in this setup, the client perfectly
hide the search pattern and can secure against many
inference attack types [19, 11].
– Weak security: when analyzing 2 different queries i
andj with common keywordw, the server can easily
deduceQ
i
andQ
j
has the same search keywordw if
and only if the queried range [L
i
;R
i
] intersects with
[L
j
;R
j
] at some point.
Update leakage: The update leakage consists of the
leakage of add new ﬁle protocol and delete ﬁle protocol.
The add new ﬁle protocol leaksn as the number of added
ﬁles and the size of all the ﬁles. The delete ﬁle protocol
leaks the identiﬁer of deleted ﬁles.
5 Proposed scheme for TIQSSE
In this section, the parts are arranged as the followings.
Firstly, we outline our scheme at the ﬁrst part, the remain-
ing parts describe how our scheme works in setup protocol,
add new ﬁle protocol, search protocol and delete ﬁle proto-
col.
120 Informatica 44 (2020) 115–125 V .-A. Pham et al.
5.1 Scheme outline
There are 7 polynomial-time algorithms in total. The ﬁrst
6 algorithms are executed by the client, while the last algo-
rithm is done by the server.
– (sk;K)   KeyGen(1
  ): is a probabilistic algorithm
that uses the security parameter  to setup the secret
keysk for encryption/decryption and a vector of key-
pairsK for trapdoor generation procedure.
– EF
n
   Enc(sk;F
n
): is a probabilistic algorithm
that encryptF
n
intoEF
n
.
– F
n
   Dec(sk;EF
n
): is the reverse algorithm of
Enc.
– t
n
   Trpdr(sk;K;n;w): is a deterministic algo-
rithm that illustrates the process of generating trap-
door value of keywordw in ﬁleF
n
into trapdoor value
t
n
.
– I
n
   CreateIndex(sk;n;F
n
): is a deterministic al-
gorithm that illustrates the process of creating an in-
dex ﬁleI
n
. This index ﬁle acts as a look up table for
the untrusted server to search on in the search proto-
col.
– T   SearchToken(sk;K;w;L;R): is a determin-
istic algorithm that illustrates the process when the
client prepare the search request. Using the keys and
(w, L, R) it outputs trapdoor T and give it to the
server.
– R
w;L;R
   Search(T;I
L;:::;R
;L;R): be a determin-
istic algorithm that illustrates how the untrusted server
uses the trapdoorsT and the range of interest [L;R]
to return the appropriate ﬁles back to the client.
5.2 Setup protocol
The client runs KeyGen algorithm: (sk;K)   KeyGen(1
  ) to generate sk and K. For sk, the client
can randomize  bits and store it insk as: sk
$
  f 0; 1g
  .
For K which consists of 2 trapdoor permutation keypairs
(K
ul
;K
ur
), the client can generate these keypairs by gen-
erating trapdoor permutation keypair on  bits.
A side note here is the client must assure that theid of
each ﬁles given to the server are incremental. Thus, id
starts from -1 and n starts from 0 when no ﬁle has been
added.
5.3 Add new ﬁle protocol
In the following algorithms, letn be the number of added
ﬁles,F
n
be the new ﬁle that client wants to add,EF
n
be
the encrypted ﬁle ofF
n
,I
n
be the encrypted index ofF
n
.
The main idea for the add new ﬁle protocol is for each
ﬁleF
i
, the client encryptsF
i
intoEF
i
and generates the
encrypted index I
i
. Finally, the client gives EF
i
and I
i
to the server. The usage of encrypted index I
i
is for the
server to indicate whether wordw is contained inside the
corresponding encrypted ﬁleEF
i
or not.
5.3.1 Encrypt ﬁle
With the above idea, because the searching step at the
server-side only requires the encrypted index, it is trivial
to encrypt the ﬁleF
n
using popular symmetric encryption
algorithm like AES. Plus, the decryption algorithm is the
reverse function of encryption. Let SE be the symmetric
encryption algorithm:
– Enc :EF
n
 SE:enc(sk;F
n
)
– Dec :F
n
 SE:dec(sk;EF
n
)
5.3.2 Create encrypted index
In this section we use a data structure calledmap for the
encrypted index. Firstly, we initializeI
n
as an empty map.
Then for each word w in F
n
we create the trapdoor and
store it insideI
n
as following procedure:
1. t
n
   Trpdr(sk;K;n;w).
2. Check whethert
n
already exists inI
n
as: t
n
2 I
n
, if
yes, then repeatedly randomizingt
n
as:t
n
$
  f 0; 1g
  untilt
n
62I
n
. After this step, we callt
n
garbage data
ift
n
6= Trpdr(sk;K;n;w).
3. Storet
n
intoI
n
.
With the algorithm above, there will not have any word
duplication within an index ﬁleI because whenever a word
already exists inside, it will be substituted as a garbage
word by randomization. Furthermore, when provided a
trapdoort, the server can easily check whethert exists in-
side an encrypted indexI, which enables searchability.
5.3.3 Trapdoor generation
The interval tree model is mainly for this step and is quite
complicated. Brieﬂy, Interval tree (or Segment tree) is a
binary tree where each node contains information about
a speciﬁc range [L;R]. Every none-leaf node also has
two child node to manages [L;M] and [M + 1;R] where
M =b
L+R
2
c. The complexity of search and update query
isO(log
2
n).
Firstly, we visualize how interval tree trapdoor genera-
tion works, then we give an example of it in practice. We
also provide graphical Figure 5 that is easier for readers to
visualize the appearance of interval tree in our model.
– We view the ﬁles as nodes at level 0 and is arranged
from left to right with incremental id starting from 0
ton  1.
Privacy Preserving Visual Log Service with. . . Informatica 44 (2020) 115–125 121
L 3,0
L
2,0
L
2,1
L
1,0
L
1,1
L
1,2
L
1,3
0 5 4 3 2 1 6 7 Level 0
Level 3
Level 2
Level 1
sk w PRF(sk,w)
Figure 5: Interval Tree for Trapdoor generation visualiza-
tion and trapdoor transformation in practice.
– The nodes at higher levels are treated as interval
nodes, that is it will cover an interval of continuous
ﬁles. For example in Figure 5, nodeL
2;1
covers ﬁles
from 4 to 7 and nodeL
1;1
covers ﬁles 2 and 3.
– From any word w, client can generate trapdoor for
ﬁle 0 by: t
0
 PRF(sk;w). And from any node,
the client can "move" the trapdoor at that node onto
theUp-Right node by using trapdoor permutation on
secret component of K
ur
as: t
ur
   (K
urs
;t).
And from any node, we can "move" trapdoor to the
Down-Left node by applying reverse trapdoor per-
mutation using public component of K
ur
as: t
dl
 
    1
(K
urp
;t). In case of moving Up-Left and
Down-Right, we just need to apply  and    1
on
K
ul
like above steps.
The important point here is the public key of K
ur
and
K
ul
is available for both client and server but only the
client holds the secret component ofK
ur
andK
ul
. Hence,
for any node L
i;j
, the server can only move the trapdoor
value to nodes in sub-tree ofL
i;j
. However, the client can
move anywhere he wants because he holds the secret key.
We denotet
i;j
to be the trapdoor value at nodeL
i;j
; t
i
andt
0;i
to be the trapdoor value atF
i
. Below we show an
example of generatingt
2
from keywordw. Figure 5 also
demonstrates the process.
1. t
0;0
 PRF(sk;w)
2. t
1;0
   (K
urs
;t
0;0
)
3. t
2;0
   (K
urs
;t
1;0
)
4. t
1;1
     1
(K
ulp
;t
2;0
)
5. t
0;2
     1
(K
urp
;t
1;1
)
5.4 Search protocol
To search for the existence of keyword w within range
[L;R], the client runs SearchToken algorithm to create
trapdoor vector T then give it to the server. The server
will use the range [L;R] and T to run Search algorithm
and return the appropriate encrypted ﬁles to the client.
L 3,0
L
2,0
L
2,1
L
1,0
L
1,1
L
1,2
L
1,3
0 5 4 3 2 1 6 7 Level 0
Level 3
Level 2
Level 1
Figure 6: Client issue SearchToken from ﬁle 2 to ﬁle 7,
sendingt
1;1
andt
2;1
to query the server.
5.4.1 SearchToken algorithm
Previously we mentioned that given a trapdoort
i;j
at some
nodeL
i;j
, the server can easily compute all trapdoor values
at nodes inside sub-tree ofL
i;j
. With this special charac-
teristic, the client only needs to compute trapdoor value at
nodes such that it covers only in range [L;R]. To optimize
the computational complexity, the client needs to ﬁnd as a
minimal number of interval nodes as possible.
The algorithm is simple. Iterates fromL toR, letL
0;i
be
our current node, while there exists an up-right parent node
and the parent node still covers within the range [L;R],
traverse to the parent node and repeat the process. After
ﬁnding the appropriate parent ofL
0;i
, letk be the level of
that parent node, we can skip the next 2
k
nodes and repeat
the process until we cover all nodes from [L;R].
In Figure 6, we demonstrate SearchToken when issuing
query from ﬁle 2 to ﬁle 7, the red nodes L
1;1
and L
2;1
is sufﬁcient to cover the range [2; 7]. After ﬁnding the
interval nodes that cover [L;R], the client can use trap-
door generation procedure mentioned earlier to calculate
T = (t
1;1
;t
2;1
) and send it to server.
5.4.2 Search algorithm
For each value t
i;j
in the received trapdoor vectorT, the
server can use    1
with the public key ofK
ur
andK
ul
to
traverse down to any nodes in sub-tree oft
i;j
. After travers-
ing down to the level 0 nodes, the server can easily check
whether trapdoort
0;i
exists inside the encrypted indexI
i
.
Finally, the server returns all the encrypted ﬁle EF
i
that
satisﬁes above conditions.
5.5 Delete protocol
To delete a ﬁle, the client sends a single variablek to the
server to indicates that he wants to deleteEF
k
andI
k
. Af-
ter that, the server deletesEF
k
andI
k
in its database/hard
drive. Later when Search algorithm occurs, without the
data of I
k
, the server cannot check trapdoor t exists in
I
k
or not because I
k
has already been deleted. However,
only deletingEF
k
andI
k
is not efﬁcient because the server
122 Informatica 44 (2020) 115–125 V .-A. Pham et al.
must iterate through every ﬁle at level 0, even the deleted
ones, which would result inO(R  L).
We can optimize the runtime by storing an additional
boolean isDeleted in each node L
i;j
. The isDeleted
boolean indicates whether the entire sub-tree of L
i;j
has
been deleted or not. Then we ﬁx the deletion algorithm as
following: when deleting thek-th ﬁle, markL
0;k
.isDeleted
as True. Then iterate to the parent ofL
0;k
, if the 2 children
of that current parent are also deleted, then mark that parent
as deleted and continues to move onto its parent and repeat
the process.
With the above optimization, the Search algorithm by
the server will be modiﬁed a little bit. At server-side while
traversing to the nodes of sub-tree ofL
i;j
, if server encoun-
ters a deleted node, the server can ignore all the nodes in
that sub-tree, which can optimize the computation.
6 Scheme analysis
6.1 Correctness
We will prove the correctness of our scheme based on the
correctness that we introduced in section 4.2. Our proof
has two parts:
The search result contains all documents having the
searched keyword w. Obviously, for each document
having the searched keywordw, the tree associated withw
must mark it containing this keyword. Thus, on executing
the searching protocol, server will see that the document is
included in the tree, which means that the document will
be listed in the result.
For any document which does not have the searched
keywordw, the probability that it is listed in the search
result is extremely small. We consider some arbitrary
document. Letm be the size of the output of trapdoor func-
tion which is used to encode the words,size the size of the
document,amtw the amount of valid distinct keywords of
that document, and dictsize the amount of valid distinct
keywords of the whole dataset.
Obviously, the probability that there does not exist any
garbage data that collides with a valid keyword is:
p =
  2
m
  dictsize  amtw
size  amtw
  .
  2
m
  amtw
size  amtw
  which is reduced as,
p =
size  amtw
Y
i=1
2
m
  dictsize  size +amtw +i
2
m
  size +i
By using a suitable trapdoor permutation whose output
size m is big enough, we make the probability that the
server falsely determines a searched keyword w exists in
a document, which equals (1  p), very small. The bigger
m is, the more precise the returned results are.
6.2 Formal adaptive security proof
We formally describe adaptive security proof of our scheme
based on section 4.2. We retrieve the following games from
the TIQSSE scheme:
GameG
0
. The ﬁrst gameG
0
is completely identical to
the real world game SSEReal
  A
( ;q ). Thus,
P [SSEReal
  A
( ;q ) = 1] =P [G
0
= 1]
GameG
1
. In this game, we replace the function PRF
by a truly random key generator. More precisely,G
1
will
get a random element in the domain of PRF whenever it
comes to a new wordw, and stores this element in a table
Key containing all key associated with each queried word
w. So in order to exist some adversary who can distinguish
between G
0
and G
1
, he must break the security of PRF.
Therefore we have:
P (G
0
= 1)  P (G
1
= 1)  Avd
PRF
B1
(  )
GameG
2
. G
2
does not use trapdoor permutation any-
more. Instead, it uses random oracles for  and programs
    1
such that  key
(    1
key
)(i) = i for any arbitrary key
and i. Obviously, the problem of distinguishing between
G
1
and G
2
can be reduced to the problem of cracking
the onewayness of  . Since our scheme uses two pair of
public-private keys, there exists an efﬁcient adversaryB
2
such that:
P (G
1
= 1)  P (G
2
= 1)  Avd
OW
B2
(  )
ThesimulatorS. We construct our simulatorS iden-
tical to gameG
2
which changes PRF and Trapdoor Permu-
tation as random oracles:
P (G
2
= 1) =P (SSEIdeal
  A;S;L  = 1)
Combining all above results, we conclude that we can
simulate the original scheme and achieve adaptive security
mentioned in Section 4.2:
P (SSEReal
  A
= 1)  P (SSEIdeal
  A;S;L  = 1)
  Avd
PRF
B1
(  ) + Avd
OW
B2
(  )
6.3 Informal adaptive security proof
To make it more understandable, we also provide an in-
formal proof for the adaptive security of SSE. From our
scheme we can derive several consequences:
Truly random encrypted ﬁle. The encrypted ﬁleEF is
obtained by encrypting the plain ﬁle with a secure sym-
metric encryption algorithm. So to break the randomness
ofEF the adversary must break the symmetric encryption
algorithm.
Privacy Preserving Visual Log Service with. . . Informatica 44 (2020) 115–125 123
Truly random encrypted index. Let us recall how we
create an encrypted index. Firstly from keywordw we ap-
ply PRF to generatet
0
. So if an adversary able to break the
randomness oft
0
, he must break PRF. After that, we apply
several trapdoor permutation  and    1
to generate other
t
i
values. Again, to break the randomness oft
i
, the adver-
sary must ﬁnd a way to crack trapdoor permutation. Hence,
we claim that we generate truly random encrypted indexes.
Conclusion. From the 2 above proofs, we say that our
scheme can use a random oracle to simulate the process
of generating encrypted ﬁle EF and encrypted index I
and therefore we achieve adaptive secure SSE mentioned
in section 4.4.
6.4 Access pattern security
Without knowing secret component ofK
ul
andK
ur
, when
receiving some trapdoort
i;j
of nodeL
i;j
, in order for the
adversary to ﬁgure out trapdoor value at parent node of
L
i;j
, he must ﬁnd a way to break the trapdoor permuta-
tion function. Furthermore in our scheme, the client only
gives server valuest
i;j
that cover the interval [L;R]. With
this, our scheme achieves access pattern security.
6.5 Search pattern security
Assume that the client has issued 2 queries Q
1
=
(T
1
;L
1
;R
1
) andQ
2
= (T
2
;L
2
;R
2
) whereT
1
andT
2
refers to the same keywordw. There are 2 cases:
1. If [L
1
;R
1
] intersects with [L
2
;R
2
]: letk be a number
wherek2 [L
1
;R
1
]\ [L
2
;R
2
], the server obviously
can checkT
1
andT
2
be the same search keyword be-
cause the trapdoor t
k
of the 2 search queries will be
the same.
2. If [L
1
;R
1
] does not intersect with [L
2
;R
2
]: it is im-
possible for the untrusted server to check T
1
and T
2
to be the same search keyword unless he can calculate
  and achieve trapdoor value at parent nodes of T,
which is very hard and the probability is negligible.
By analyzing the 2 above cases, we claim that our
scheme achieves weak search pattern security of TIQSSE.
6.6 Forward privacy
We already stated that our scheme achieves access pattern
security which prevents the server from gaining knowledge
of outside the interval query. Furthermore, it is obvious that
newly added ﬁles are outside of past search queries. To sum
up, we claim that our scheme obtains forward privacy.
6.7 Backward privacy
When receiving a deleting query, the server deletes the
encrypted ﬁle along with the encrypted index on the
database/hardware which prevents the server from gaining
more knowledge from it in future searches.
However, if the attacker can clone the encrypted index to
elsewhere without the client’s knowledge, then our scheme
does not achieve backward privacy. Because of that, our
scheme can only guarantee backward privacy if we as-
sume that the system is honest-but-curious. The honest-
but-curious property implies that the system follows explic-
itly how the scheme is supposed to do, but still listens to the
client’s queries and try to exploit for vulnerabilities. This
is an important property that has been used widely in many
constructions [8, 13, 2, 4, 24].
6.8 Complexity analysis
Searchcomplexity: Letn
add
=R  L + 1 be the num-
ber of historically added documents, n be the number of
remaining documents, andm be the number of document-
deleted segments in the searching range [L;R], respec-
tively. For each valuet
i;j
received from client, server must
traverse all nodes of the sub-tree associated witht
i;j
. The
size of that sub-tree is equal to 2  n
leaf
  1 wheren
leaf
is the number of leaves of that sub-tree. However, we
don’t have to consider nodes which is assigned as deleted.
That means we do not traverse any sub-tree whose root is
deleted. In conclusion, the search complexity isO(n+m).
Adddocumentcomplexity: Obviously, the
server’s time complexity of Add operation isO(1). For the
client’s time complexity of Add operation: The ﬁrst step
(encrypt ﬁle) implementation time depends on which sym-
metric encryption is used. Letsize be the number of words
in ﬁle. Because the complexity of Trpdr isO(log(n))
where n is the identiﬁer of the ﬁle, the complexity of
creating encrypted index isO(log(n)  size).
Deletedocumentcomplexity: Trivially, the
client’s time complexity of deleting document isO(1).
On server, the complexity of deleting document is propor-
tional to the number of iterations which is not greater than
log(n) where n is the total number of historically added
documents.
Storagecomplexity: The client’s storage isO(1) be-
cause the user only needs to store the keys. About the
server’s storage, we can see that the size of encrypted in-
dexes is the same as that of encrypted data. Plus, each
node of the interval tree holds an isDeleted attribute that
totally costs the complexity storage as the number of ex-
isting nodes in the tree. Therefore, we can conclude that
the storage complexity of server isO(esize) whereesize
is the size of encrypted data.
7 Discussion and conclusion
In this paper, we ﬁrst introduce a smart secured multimedia
service to provide visual content analysis with smart edge
cameras while preserving the privacy of data owners. We
also deﬁne a new problem for range queries with search-
able symmetric encryption to prevent sensitive information
124 Informatica 44 (2020) 115–125 V .-A. Pham et al.
leakage to service provider. Finally, we propose a secured
scheme for the new problem.
It is impractical that our scheme only supports single
keyword search although there has been many previous
works toward multi keywords search [28]. To make our
scheme works for multi keywords search, we can combine
multiple keywords that is near each other into one single
word. For example, we can combinek consecutive words
into one and mark it as existed in the encrypted index. For
further versatile, we can even permute thesek words into
k!. With this approach, we have multi keywords search
property.
In order to achieve perfect secrecy in search pattern, we
can simply not searching for keywordw of the same range
[L;R] that has been issued before. Because the client has
already searched for word w within range [L;R], we can
store the result in our memory. Later when we want to
query the keywordw within other range [L
2
;R
2
], we ﬁrst
eliminate all the shared intersection on word w that has
been searched before, let the interval after elimination be
S. Then, we only query onS and merge the returned re-
sults with the solutions in our memory. With this approach,
we can achieve perfect secrecy of the search pattern be-
cause we never search for keywordw that intersects with
the previous search interval. However, the downside of this
is the client must have some mechanism to store previously
search queries, which makes it impractical.
Currently, we are improving our system to optimize its
performance, scalability, and reliability. We also analyse
other data structures to enhance the solution for SSE and
consider potential leakage via side-channel information.
8 Acknowledgement
This research is partially supported by research funding
from Advanced Program in Computer Science and Honors
Program, University of Science, Vietnam National Univer-
sity - Ho Chi Minh City. We also would like to express our
appreciation to AIOZ Pte Ltd and VINIF for supporting our
research team.
References
[1] Boelter, T., Poddar, R., Popa, R.A.: A secure one-
roundtrip index for range queries. IACR Cryptology
ePrint Archive 2016, 568 (2016)
[2] Bost, R.:   o’o&: Forward secure searchable
encryption. In: Proceedings of the 2016 ACM
SIGSAC Conference on Computer and Commu-
nications Security. pp. 1143–1154. ACM (2016).
https://doi.org/10.1145/2976749.2978303
[3] Bost, R., Fouque, P.A.: Thwarting leakage abuse
attacks against searchable encryption-a formal ap-
proach and applications to database padding. IACR
Cryptology ePrint Archive 2017, 1060 (2017)
[4] Bost, R., Minaud, B., Ohrimenko, O.: Forward and
backward private searchable encryption from con-
strained cryptographic primitives. In: Proceedings of
the 2017 ACM SIGSAC Conference on Computer
and Communications Security. pp. 1465–1482. ACM
(2017). https://doi.org/10.1145/3133956.3133980
[5] Cash, D., Grubbs, P., Perry, J., Ristenpart,
T.: Leakage-abuse attacks against searchable en-
cryption. In: Proceedings of the 22nd ACM
SIGSAC conference on computer and commu-
nications security. pp. 668–679. ACM (2015).
https://doi.org/10.1145/2810103.2813700
[6] Chang, Y .C., Mitzenmacher, M.: Privacy preserv-
ing keyword searches on remote encrypted data. In:
IACR Cryptology ePrint Archive (2004)
[7] Chung-Nguyen, H.H., Pham, V .A., Hoang, D.H.,
Tran, M.T.: Keyword-search interval-query dy-
namic symmetric searchable encryption. In: In-
ternational Conference on Future Data and Secu-
rity Engineering. pp. 673–680. Springer (2019).
https://doi.org/10.1007/978-3-030-35653-8_46
[8] Curtmola, R., Garay, J., Kamara, S., Ostro-
vsky, R.: Searchable symmetric encryption: im-
proved deﬁnitions and efﬁcient constructions. Jour-
nal of Computer Security 19(5), 895–934 (2011).
https://doi.org/10.3233/jcs-2011-0426
[9] Dan Boneh, V .S.: A Graduate Course in Applied
Cryptography (2017)
[10] Goh, E.J., et al.: Secure indexes. IACR Cryptology
ePrint Archive 2003, 216 (2003)
[11] Grubbs, P., Sekniqi, K., Bindschaedler, V ., Naveed,
M., Ristenpart, T.: Leakage-abuse attacks against
order-revealing encryption. In: 2017 IEEE Sympo-
sium on Security and Privacy (SP). pp. 655–672.
IEEE (2017). https://doi.org/10.1109/sp.2017.44
[12] Islam, M.S., Kuzu, M., Kantarcioglu, M.: Access pat-
tern disclosure on searchable encryption: Ramiﬁca-
tion, attack and mitigation. In: Ndss. vol. 20, p. 12.
Citeseer (2012)
[13] Kamara, S., Papamanthou, C., Roeder, T.: Dy-
namic searchable symmetric encryption. In: Proceed-
ings of the 2012 ACM conference on Computer and
communications security. pp. 965–976. ACM (2012).
https://doi.org/10.1145/2382196.2382298
[14] Kerschbaum, F., Tueno, A.: An efﬁciently search-
able encrypted data structure for range queries.
In: Lecture Notes in Computer Science, pp.
344–364. Springer International Publishing (2019).
https://doi.org/10.1007/978-3-030-29962-0_17
Privacy Preserving Visual Log Service with. . . Informatica 44 (2020) 115–125 125
[15] Le, N., Nguyen, D., Hoang, T., Nguyen, T.,
Truong, T., Duy, T.D., Luong, Q., V o-Ho, V .,
Nguyen, V ., Tran, M.: Smart lifelog retrieval sys-
tem with habit-based concepts and moment visual-
ization. In: Proceedings of the ACM Workshop on
Lifelog Search Challenge, LSC@ICMR 2019, Ot-
tawa, ON, Canada, 10 June 2019. pp. 1–6 (2019).
https://doi.org/10.1145/3326460.3329155
[16] Le, N., Nguyen, D., Nguyen, V ., Tran, M.: Lifelog
moment retrieval with advanced semantic extraction
and ﬂexible moment visualization for exploration.
In: Working Notes of CLEF 2019 - Conference and
Labs of the Evaluation Forum, Lugano, Switzerland,
September 9-12, 2019. (2019)
[17] Le, T.K., Ninh, V .T., Dang-Nguyen, D.T., Tran,
M.T., Zhou, L., Redondo, P., Smyth, S., Gurrin,
C.: Lifeseeker - interactive lifelog search engine at
lsc 2019. In: Proceedings of the 2019 ACM Work-
shop on The Lifelog Search Challenge. ACM (2019).
https://doi.org/10.1145/3326460.3329162
[18] Münzer, B., Leibetseder, A., Kletz, S., Primus, M.J.,
Schoeffmann, K.: lifexplore at the lifelog search
challenge 2018. In: Proceedings of the 2018 ACM
Workshop on The Lifelog Search Challenge. pp. 3–8
(2018). https://doi.org/10.1145/3210539.3210541
[19] Naveed, M., Kamara, S., Wright, C.V .: In-
ference attacks on property-preserving encrypted
databases. In: Proceedings of the 22nd ACM
SIGSAC Conference on Computer and Commu-
nications Security. pp. 644–655. ACM (2015).
https://doi.org/10.1145/2810103.2813651
[20] Pham, V .A., Hoang, D.H., Chung-Nguyen, H.H.,
Tran, M.K., Tran, M.T.: Privacy preserving vi-
sual log service with temporal interval query
using interval tree-based searchable symmet-
ric encryption. In: Proceedings of the Tenth
International Symposium on Information and
Communication Technology. pp. 425–432 (2019).
https://doi.org/10.1145/3368926.3369701
[21] Redmon, J., Farhadi, A.: Yolov3: An incremental
improvement (2018),http://arxiv.org/abs/
1804.02767
[22] Ren, S., He, K., Girshick, R., Sun, J.: Faster r-
cnn: Towards real-time object detection with re-
gion proposal networks. In: Proceedings of the
28th International Conference on Neural Informa-
tion Processing Systems - V olume 1. pp. 91–99.
NIPS’15, MIT Press, Cambridge, MA, USA (2015).
https://doi.org/10.1109/tpami.2016.2577031
[23] Song, D.X., Wagner, D., Perrig, A.: Practi-
cal techniques for searches on encrypted data. In:
Proceeding 2000 IEEE Symposium on Security
and Privacy. S&P 2000. pp. 44–55. IEEE (2000).
https://doi.org/10.1109/secpri.2000.848445
[24] Sun, S.F., Yuan, X., Liu, J.K., Steinfeld, R.,
Sakzad, A., V o, V ., Nepal, S.: Practical backward-
secure searchable encryption from symmetric punc-
turable encryption. In: Proceedings of the 2018
ACM SIGSAC Conference on Computer and Com-
munications Security. pp. 763–780. ACM (2018).
https://doi.org/10.1145/3243734.3243782
[25] Tran, M., Truong, T., Duy, T.D., V o-Ho, V ., Luong,
Q., Nguyen, V .: Lifelog moment retrieval with visual
concept fusion and text-based query expansion. In:
Working Notes of CLEF 2018 - Conference and Labs
of the Evaluation Forum, France, September 2018.
(2018)
[26] Truong, T.D., Dinh-Duy, T., Nguyen, V .T.,
Tran, M.T.: Lifelogging retrieval based on se-
mantic concepts fusion. In: Proceedings of
the 2018 ACM Workshop on The Lifelog
Search Challenge. pp. 24–29. ACM (2018).
https://doi.org/10.1145/3210539.3210545
[27] V o-Ho, V .K., Luong, Q.A., Nguyen, D.T., Tran,
M.K., Tran, M.T.: Personal diary generation
from wearable cameras with concept augmented
image captioning and wide trail strategy. In:
Proceedings of the Ninth International Sympo-
sium on Information and Communication Tech-
nology. pp. 367–374. SoICT 2018, ACM (2018).
https://doi.org/10.1145/3287921.3287955
[28] Xia, Z., Wang, X., Sun, X., Wang, Q.: A secure
and dynamic multi-keyword ranked search scheme
over encrypted cloud data. IEEE transactions on par-
allel and distributed systems 27(2), 340–352 (2015).
https://doi.org/10.1109/tpds.2015.2401003
[29] Zhang, Y ., Katz, J., Papamanthou, C.: All your
queries are belong to us: The power of ﬁle-
injection attacks on searchable encryption. In: 25th
fUSENIXg Security Symposium (fUSENIXg Secu-
rity 16). pp. 707–720 (2016)
[30] Zhou, B., Lapedriza, A., Khosla, A., Oliva, A., Tor-
ralba, A.: Places: A 10 million image database
for scene recognition. IEEE Transactions on Pat-
tern Analysis and Machine Intelligence (2017).
https://doi.org/10.1109/tpami.2017.2723009
126 Informatica 44 (2020) 115–125 V .-A. Pham et al.