Data Integrity Audit based on Data Blinding for Cloud and Fog Environment

Cloud-fog computing is a novel computing model that expands the functionality of cloud computing, which provides various services through fog nodes. The issue of traditional data integrity auditing are low data security, slow data processing speed and low communication efficiency. To solve these problems, this paper proposes a data integrity audit scheme based on data blinding. This scheme uses the edge devices in the transmission node to establish a fog computing layer between the cloud service provider and the data owner to reduce transmission delay. The subordinate distribution relationship and weight between fog nodes dynamically allocate the optimal path and transmit the data to reduce transmission delay. At the same time, a blind factor is added to the integrity audit in the evidence generation process to avoid data leakage. This paper gives a security model and security proof based on computational Diffie-Hellman (CDH) assumptions. The experimental results show that the fog computing layer and blind factor are introduced into the data integrity audit process, which can reduce the data communication delay effectively and improving the security of data audit.


I. INTRODUCTION
I N recent years, as the abundance of information has grown, the storage and computing requirements on mobile phones, computers, and other terminal devices have increased. To reduce the storage pressure on terminal devices, some users store their data in the cloud [1]. However, some cloud service providers could delete some infrequently used data to reduce server overhead. Deleted data may not be retrieved, resulting in cloud data loss. As users upload data, the data is stored on the cloud server instead of the local device [2]. Remotely checking the integrity of the data uploaded by users has become an urgent problem.
In response to the above problems, the concept of Remote Data Possession Checking (RDPC) is proposed, which includes proof of retrievability (POR) and provable data procession (PDP) [3]- [5]. However, from the perspective of data audit, it can be divided into private and public audits. The auditor of the private audit is the data owner, while the auditor of the public audit can be any authorized thirdparty audit. Due to the higher flexibility of public auditing methods, most of them will choose public auditing [6].
As the internet has found its way into people's lives, cloud computing enjoys rising popularity among individuals of all stripes. More and more users store their data in the cloud for easy use anytime, anywhere. However, in the traditional cloud storage model, the cloud service provider needs to establish a connection with each user, which invisibly increases the load pressure on the cloud service provider [7]. Therefore, how to reduce the computing and load pressure of cloud service providers has become an urgent problem to be solved.
In the context of data integrity audits, cloud servers are usually far away from the user end [8]. Long-distance data transmission would occupy network bandwidth and increase transmission delay [9]. To solve this problem, the concept of fog computing is proposed [10]. Fog computing expands the concept of cloud computing. Compared with cloud computing, it is closer to the data owner. In data transmission, the fog node layer is added to reduce the delay and bandwidth [11], [12]. Hu et al. [13] proposed a security and privacy protection scheme based on the fog computing framework, which did not consider the data transmission model in the fog computing framework. For the remote data ownership audit scheme proposed by Yan [14], the document label aggregation scheme in the evidence generation stage of the scheme refers to the information and coefficients of the included files. Malicious attackers can use the disclosed coefficients to calculate information by requesting file labels multiple times, resulting in information leakage. Therefore, this paper introduces a blinding factor, adds random coefficients in the evidence generation process, and discloses the public key of the random coefficients to ensure the security of the evidence generation stage. At the same time, in order to reduce the transmission delay, the data transmission model in the cloudmist network is given and a data integrity audit scheme based on the cloud-mist architecture is proposed.

A. RELATED WORKS
In 2007, Ateniese G et al. [15] proposed a PDP model, which allows a client storing data on an untrusted server to verify whether the server with the original data. Subsequently, Juels A et al. [16] defined a POR model, which can generate concise proof that the user can retrieve the target file by archiving or backing up large files and allows the user to restore the entire file data. In 2008, Ateniese G [17] constructed a provably secure PDP technology based entirely on symmetric key encryption and effectively supports block modification, deletion, and append operations. Shacham H et al. [18] proposed the first retrievability proof scheme, which allows anyone to act as a verifier, not just the file owner, and proposed a scheme that only allows private verification. Both schemes rely on the same state attribute aggregates the proof into a validator value. Wang et al. [19] studied the proxy provable data possession (PPDP) when the client cannot perform remote data possession checks in the public cloud. Ren Y et al. [20] proposed the designated verifier provable data possession (DV-PDP) when the client cannot perform remote data possession inspection. Yan et al. [14] propose a new RDPC scheme with a designated validator, in which the data owner designates a unique validator to check data integrity.
Cisco proposed the concept of fog computing in 2014. In this model, data and its processing are concentrated in devices at the edge of the network. Subsequently, Mohammed LA et al. [21] proposed an authentication protocol in the fog computing environment to ensure data integrity. Alzubi et al. [22] proposed a novel chaotic map image secret writing formula, which applied the security of enhancing the metric of cryptosystems to pixel-level and bit level permutations. Tian et al. [23] proposed a data audit scheme based on the Internet of Things (IoT) and cloud-fog computing, in which the private key is separated into the fog center and held by the user. Then proposed a two-time signature method, which divides the signature process into two stages: original signature and final signature. Gu K [24] introduced a secure data query framework for cloud and fog computing. When the fog network provides query data to users, cloud services are used to check the query data from the fog network. At the same time, Xu S et al. [25] introduced a cloud-fog-device data sharing system with data confidentiality and data source identification based on matching attribute encryption primitives (MABE) through extended matching encryption. Alzubi et al. [26] designed a robust cryptosystem that is based on Hermite curves and is more suitable for IoT devices with limited processing and storage power. In the same year, Alzubi et al. [27] proposed Hashed Needham Schroeder Cost Optimized Deep Machine Learning (HNS-CODML) method, which improves the security of data sent from the cloud. Noura et al. [28] proposed a new encryption solution to protect data in fog computing, which provides data confidentiality, integrity and availability, and source authentication.

B. MOTIVATION AND CONTRIBUTION
This paper proposes a data integrity audit scheme based on the cloud and fog architecture, mean while, provides a data transmission model in the cloud and fog network. In this model, the data is transmitted and calculated by fog nodes to find the lowest communication channel, thereby reducing communication overhead. At the same time, a blind factor is introduced in the evidence generation stage of the integrity audit to prevent the adversary from calculating the ciphertext in the two interrogations and improve the security of the integrity audit.
The main contributions of this paper are as follows. 1) This paper proposes a data integrity audit model in a cloud and fog environment, which can effectively reduce the communication overhead in the transmission process and reduce the computing pressure of the cloud service provider. 2) In the data integrity audit, a blind factor is introduced to avoid data leakage caused by repeated submissions of malicious auditors when challenging data. 3) Under the given security model, this article proved the security of this scheme. Experimental results show that this scheme has better performance and feasibility.

C. OUTLINE
The second section introduces the preliminary work of our proposed scheme. The third section defines the specific structure of the data blinding for cloud and fog (DBCF) system model and main steps. Section IV displays the safety analysis of DBCF. In the fifth section, the paper presents performance analysis, which includes theoretical complexity analysis and experimental performance. Section VI concludes the article.

A. NOTATIONS
Let k be a safety parameter, and q is a large prime number which's order is k. G 1 and G 2 are multiplicative cyclic groups, and their order is k. g is the generator of G 1 , and u is a random element of the multiplicative cyclic group. e is the bilinear mapping G 1 × G 1 → G 2 , H is a secure hash functions, and φ, ϕ are pseudo-random permutation and pseudo-random function. Besides, some frequently used notations are given in Table 1. Notations Description k a security parameter q a large prime G 1 , G 2 the multiplicative cyclic groups of order q g a generator of multiplicative cyclic group G 1 u a random group element of G 1 H a secure hash function {0, f nm a fog node device m the number of fog node devices D = (V, E) the undirected graph with vertex set V and edge set E w f n i ,f n j the delay between nodes {f n i , f n j } com f n i ,f n j the communication delay between nodes {f n i , f n j } pro f n i ,f n j the processing delay between nodes {f n i , f n j } que f n i ,f n j the queuing delay between nodes {f n i , f n j } tran f n i the transmission speed of each fog node device f n i z i the divided sub-transmission data dist f n i ,f n j the relationship between {f n i , f n j }

B. BILINEAR MAPS
Specify that the multiplicative cyclic groups G 1 and G 2 have the same prime order q, g is a generator of G 1 . e is the mapping of G 1 × G 1 → G 2 , which has the following properties: here 1 G2 represents the identity element of the G 2 group. 3) Computability: for ∀u, v ∈ G 1 , there is an algorithm that calculates the mapping e(u, v).

C. CDH ASSUMPTION
The CDH assumption is a standard cryptographic hypothesis, and many cryptographic schemes are constructed on this CDH assumption, such as public-key encryption, digital signature, and authentication key exchange [29]. Moreover, complex agreements, such as cloud storage, refusing authentication agreements are also built on this assumption. Specifically, the CDH assumption on a cyclic group G with generator g refers to that it is hard to compute g ab for any polynomial-time adversary A when given the items g, g a , and g b , which can be defined as:

D. SYSTEM MODEL
The data integrity audit model based on data blinding in the cloud and fog environment includes four entities: data owners, fog computing nodes, cloud service providers, and third-party auditors. Figure devices with precise computing capabilities, such as gateways, switches and routers. In this model, the data is preprocessed and transmitted through the fog computing node, thereby reducing the computing and communication pressure of the cloud service provider. 3) Cloud service providers (CSP) have massive storage capacity and robust computing power. Cloud service providers receive data uploaded by users through fog nodes, provide cloud storage and computing services to data owners, and return data integrity certificates to third-party auditors after receiving data challenges. In particular, the cloud service provider divides users into blocks and stores tagged data. When proofs are needed, they only need to aggregate and generate proofs through tags [30]. 4) The third-party auditor (TPA) will review the integrity of the outsourced data for the data owner. And TPA is trusted by the data owner and the cloud storage server. The third-party auditor will send the audit results to the data owner in the subsequent data integrity audit process. The DBCF model includes the five polynomial time algorithms.
1) Setup(1 k ) → (sk, pk): This algorithm is used to initialize the system and generates the user's public and private key pair. Enters the security parameter k, and output the corresponding public key and private key. 2) T agGen(F, x) → T : The data owner executes this algorithm to generate the tag set of the uploaded file, and the data owner uploads the tag set and data block to the cloud accordingly. 3) Challenge(cb) → chal: This algorithm is executed by a third-party auditor, inputs the number of blocks to be challenged, and outputs challenge information to the cloud service provider. 4) P roof Gen(F, T, chal) → P : This algorithm is executed by the cloud service provider and generates evidence. According to the challenge information, read the files stored in the cloud and the corresponding tag information to calculate the evidence and return it to the VOLUME 4, 2016 third-party auditor. 5) V erif y(X, chal, P ) → {0, 1}: The third-party auditor executes this algorithm and judges whether the data is entirely based on the evidence returned by the cloud service provider. If it is completed, outputs 1 to indicate.

E. SECURITY MODEL
In this subsection, the security model of DBCF is defined. This scheme is characterized by indistinguishability the under chosen-plaintext attack (IND-CPA) game in plaintext attack in the random oracle model [31]. The specific steps are as follows. 1) Initialization. Challenger B generates the system environment and initializes public parameters, and the adversary (denoted as A) obtains these parameters. 2) Query. The adversary A can make the following query in the bounded order of the polynomial. a) H-Query: Challenger B establishes a hash query table to record and answer the adversary's hash query. b) Tag-Query: Adversary A submits file information to challenger B, and the challenger runs the following formula and returns the result to adversary A.
T agGen(F, x) → T c) Verify-Query: The audit query is based on the tag query in the previous step. Challenger B runs Challenge(cb) → chal and sends the challenge block information chal to adversary. The adversary A calculates the evidence P by running P roof Gen(F, T, chal) → P . Then, the adversary A returns the result. Challenger A calculates V erif y(X, chal, P ) → {0, 1} after receiving evidence P , and the final result will be returned to adversary A. 3) Final phase. At this stage, challenger B submits challenge information chal * to adversary A, then adversary A returns evidence P * . If V erif y(X, chal, P ) → 1, the following conditions hold.
1) If the challenge information chal/chal * is submitted, the challenge file block has previously calculated the tag T .
2) The returned evidence P * is not equal to P , and P * will be calculated by P roof Gen(F, T, chal * ) → P * .

III. OUR PROPOSED DBCF MODEL A. CLOUD AND FOG COMPUTING MODEL
The cloud and fog computing model in the DBCF model can be composed of a cloud service layer and a fog computing layer. The fog computing layer contains m fog node devices (f n 1 , f n 2 , · · · , f n m ), and its network structure is shown in Figure. 2. According to the above figure, it can be abstracted as a weighted undirected graph D = (V, E), V is a set of vertices in the graph D, representing the fog node device, and E is a set of edges represents the communication link between nodes. w f ni,f nj represents the delay between nodes {f n i , f n j }, including communication delay, processing delay and queuing delay. The weighted undirected graph is shown in Figure. 3.

FIGURE 3. Weighted undirected graph
Assuming that the transmission speed of each fog node device f n i is tran f ni , during the data transmission process, the data owner divides the transmission data Z into z i = λ i Z, and z i represents the divided sub-transmission data. The transmission time of the entire transmission data Z at the fog computing layer can be expressed as: Among them, λ i Z/tran f ni indicates the time for the fog node to process the subtask z i , w f ni,f nj dist f ni,f nj indicates the delay between {f n i , f n j }, dist f ni,f nj indicates whether there is a subordinate allocation relationship between {f n i , f n j }, and dist f ni,f nj = 1 indicates an allocation relationship existing, and vice versa.
Since the total transmission time in the fog calculation is equal to the most extensive transmission delay among all transmission times, in order to achieve the minimum delay, a set of optimal λ i is required to minimize the objective function. The fog node calculation optimization model can be established as follows: The task processed on each fog node is z i = λ i Z, then the task to be processed on each node can be constructed into a m dimensional vector z = [z 1 , z 2 , · · · , z m ] T . Then the total time from node f n r to transmit data Z at the fog computing layer can be expressed as: , Z min and Z max represent the maximum and minimum values that the subtask z i can take. Solving the corresponding transmission task z i of each node on the fog node can be transformed into the following optimization problem:

B. MAIN STEPS OF INTEGRITY AUDIT
This section give a data integrity audit model based on data blinding. This model prevents anyone other than the data owner from knowing the original data. First, given the security parameter k, randomly select a large prime number q, where the order of q is k. G 1 and G 2 are two multiplicative cyclic groups. The length of the groups is q, and g is the generator, u is the random group element of G 1 . e is a bilinear mapping G 1 × G 1 → G 2 , H is a safe hash function. φ and ϕ is a pseudo-random function and a pseudo-random permutation. Public parameters are (q, g, u, G 1 , G 2 , e, H, φ, ϕ). Setup(1 k ) → (sk, pk): The data owner randomly selects a number x as the private key, where x ∈ Z * q . Calculate X = g x , and the data owner publishes X as the public key.
T agGen(F, x) → T : First, before uploading the file F , the data owner divides the file F into n small pieces, denoted as F = (f 1 , f 2 , · · · , f n ). The data owner calculates the label T i for each small file, and the calculation label equation is: Among the equation, F id represents a specific file identifier. Finally, the data owner calculates the tag set T of the file F , in which T = (T 1 , T 2 , . . . , T n ). Then, uploads the pairs {(T i , f i |i ∈ [i, n]}) to the cloud service provider (CSP).
Challenge(cb) → chal: The third-party auditor randomly selects two numbers (k 1 , k 2 ), where k 1 , k 2 are the seeds of pseudo-random permutation and pseudo-random function. The third-party auditor sends the total challenge block count cb ∈ [1, n] together with the pseudo-random seeds as a challenge to the CSP, where challenge denotes chal = (k 1 , k 2 , cb). P roof Gen(F, T, chal) → P : After receiving the challenge information, the cloud service provider calculates the indexs of challenge blocks according to k 1 , the challenge blocks index v i = φ(k 1 , i). Then uses k 2 to calculate the random parameter a i = ϕ(k 2 , i), where 1 ≤ i ≤ cb. At the same time, the cloud service provider randomly selects a number r, calculates R = u r , publishes R and saves r as a blinding factor. Then, the cloud service provider calculates T and F as follows: Finally, the CSP returns the proof P = (F , T ) to the thirdparty auditor as a response to the challenge.
V erif y(X, chal, P ) → {0, 1} : After receiving the evidence named P , the third-party auditor checks the equation e( cb i=1 (H(F id i) ai · u F , X) = e(T , g) · e(R, X). If it holds, outputs 1 to indicate that the challenged data block information is complete, otherwise, it outputs 0.
If the cloud service provider complies with the rules of this agreement, verifies the correctness of the data integrity equation as follows: =e(T , g) · e(R, X)

IV. SECURITY ANALYSIS
Theorem 1. Suppose the CDH assumption holds in the group G 1 and the hash function is regarded as a random oracle. In that case, the advantage of all adversaries in DBCF model breaking at IND-CPA security within probabilistic polynomial time is negligible.
Proof. Suppose a probabilistic polynomial time (PPT) adversary A attacks the IND-CPA security of the DBCF encryption scheme, and challenger B is an attacker who breaks the CDH assumption. Challenger B knows (g, g a , h), use A as a subroutine, and the goal is to calculate h a . Challenger B regards g a as his public key, a is the secret key, but challenger B does not know the key a, then h a is the generation of a specific tag by challenger B. Since challenger B wants to hide the problem instance (g, g a , h), B needs to choose a random number o and sends it to A with (g a ) o as the public key. Take H(f i ) as the response to the query, and store (f i , H(f i ), b i ) in the table. b) Tag-Query: The adversary A submits the file F to the challenger B, and the challenger divides the file F into n blocks, F = {f 1 , f 2 , · · · , f n }). When adversary A requests file tag T i , challenger B calculates: And respond to adversary A with T i . Because of T i = ((g a ) o ) bi = g bi(ao) = H(f i ) ao , T i uses the key ao to label the file block. c) Verify-Query: In this step, the challenger B runs Challenge(cb) → chal, then the challenger sends the challenge block information chal to A. The adversary A calculates the proof P by running P roof Gen(F, T, chal) → P and returns the result to the challenger. Challenger B receives proof P and computes as follow, then the result {0, 1} will be returned to A.
V erif y(X, chal, P ) → {0, 1} 3) Final phase. In this stage, challenger B submits challenge information chal * = (k 1 , k 2 , cb) to adversary A, challenges part of the file block and checks the data integrity, adversary A returns forged proof: Let be the correct proof. The forged proof will be computed in P roof Gen(F * , T * , chal * ). Hence, (F , T ) = (F * , T * ). According to the proof P and P * , it holds that: (H(F id i) ai · u F , X) (15) and Divide (15) by (16): In the formula, since at least one f i −f * i is not equal to 0, the probability of denominator being zero is 1/q, which is negligible. Therefore, challenger B can calculate h a by the following formula: This proves up Theroem 1.

V. PERFORMANCE ANALYSIS
In this section, the communication overhead and computational overhead of the proposed dbcf scheme and experimental results are evaluated. In order to calculate the efficiency of this scheme, two schemes PPDP and RDPC are evaluated, which were proposed by documents [14] and [19].

A. COMMUNICATION COST
The communication cost in this protocol includes three parts: the data owner through the fog node uploads the data and the block tag T to the cloud server, the third-party auditor sends the challenge information chal, and the cloud server returns the challenge evidence. These three parts are respectively represented as DOtoCSP, TPAtoCSP, and CSPtoTPA. Since the cloud node is used for communication, when the transmitted data is Z, the saved communication overhead can be expressed as: Assume that the scheme has n data blocks and cb challenge blocks. In DOtoCSP, the data upload stage, the data owner uploads the data block and the data block tag to the cloud service provider, and the communication overhead is n elements of G 1 and file F . Since the cloud-fog node will be used to upload the data, the communication overhead is n|G 1 | + |F |. For transmission at the cloud-fog node, the actual communication overhead of this solution can be expressed as n|G 1 | + |F | − τ (n|G 1 | + |F |).
In the TPAtoCSP stage, the verifier submits challenge information to the cloud service provider, including the number of challenge blocks cb and two random numbers k 1 , k 2 , so the communication overhead is 3|Z * q |. Considering the actual communication overhead under the cloud-fog node is 3|Z * q | − τ (3|Z * q |). In the CSPtoTPA stage, the cloud service provider uses the number of challenge blocks and two random numbers to generate evidence. The communication cost is |G 1 | + |Z * q |, and the actual communication cost in the cloud and fog environment is |G 1 | + |Z * q | − τ (|G 1 | + |Z * q |). Table 2 compared the communication overhead of this scheme, PPDP and RDPC scheme. In the DOtoCSP stage, this scheme reduces the overhead of the warrant size compared with the PPDP scheme. At the same time, the overhead of the cloud-fog node (τ (n|G 1 | + |F |)) is less than that of the other two schemes. In the TPAtoCSP stage, compared with the other two schemes, the communication overhead of a challenge block and two random number seeds transmitted in the cloud-fog node is reduced, which is τ (3|Z * q |). Using this scheme only needs to pass the challenge block number and the random number seeds in the challenge stage, which reduces the communication overhead of the warrant size and signature size. In the CSPtoTPA stage, CSP returns the proof block and the proof label, therefore the communication overhead is |G 1 | + |Z * q |. Compared with the previous two schemes, this scheme reduces the transmission overhead in the cloud-fog node. This scheme considers the cloud-fog node and simplifies the amount of data required for communication, and the communication overhead in the three stages is smaller than that of the PPDP and RDPC schemes.

B. COMPUTATION COST
Let T p , T exp and T mul represent the bilinear mapping, multiplication and exponential operations on the multiplication cyclic group G 1 . Since the calculation cost of operations such as hashing and pseudo-random number generation is meager, they are ignored in calculating the overhead.
In the tag generation stage, the data owner runs the TagGen algorithm, and its computational cost is 2nT exp +nT mul . For the ProofGen algorithm, the computational cost of cbT exp + (cb − 1)T mul is required. However, in the verification stage, the verifier runs the Verify algorithm, and the computational cost is 3T p + (cb + 1)T exp + cbT mul . Table 3 compares the computation overhead of our scheme with PPDP and RDPC scheme.
According to Table 3, this scheme reduces the operation steps in the calculation and verification process without reducing the security. In the TagGen algorithm, this scheme reduces the computational cost of bilinear mapping, signature and multiplication compared with the PPDP scheme, and reduces the computational overhead of multiplication compared with the RDPC scheme. In the proof generation algorithm, this scheme reduces the computational cost of the verification part compared with the PPDP scheme. In terms of the computational cost of verification, the cost of this scheme is close to that of the PPDP and RDPC schemes.

C. EXPERIMENTAL RESULTS
In order to evaluate the performance of this scheme, experiments are carried out based on the Pairing-Based Cryptography Libarary (PBC) [32]. The data owner and auditor are simulated by HUAWEI Matebook 14, configured with Intel Core i5-10210U CPU @2.11 GHz and 16GB RAM. The cloud service provider is simulated by a server configured with Intel Core i9-9900KF CPU @3.60GH and 32GB RAM.
In this experiment, the file is divided into 100, 200, 300, 400, 500 blocks, and the file size of each block is 1MB. The time for label generation is shown in Figure 4. The |) * |ψ| and |Sign(ψ)| represent the warrant size and its signature size. Tp + (2n + 1)Texp + nT mul + Sign cbTexp + (cb − 1)T mul + V er 3Tp + (cb + 2)Texp + cbT mul RDPC (2n + 1)Texp + nT mul cbTexp + (cb − 1)T mul 2Tp + (cb + 2)Texp + cbT mul Ours 2nTexp + nT mul cbTexp + (cb − 1)T mul 3Tp + (cb + 1)Texp + cbT mul * Sign and V er represent the computational cost of the signature and verification method in PPDP. experimental results show that with the number of blocks that need to generate tags increases, the tag generation time gradually increases, and the tag generation speed of this scheme is close to that of the PPDP and RDPC schemes. However, this scheme generates less hash information than the previous two schemes when generating tags, generating tags will be slightly faster.
In the proof generation and verification stage, the number of challenge blocks is set to 20, 40, 60, 80, 100, and 120, respectively. The results are shown in Figure 5. It can be seen that this scheme is linearly related to the proof calculation time of the PPDP and RDPC schemes and the number of challenge blocks. This scheme is better than the PPDP scheme and is equal to the proof calculation time of the RDPC scheme. In the verification phase, the auditor verifies the integrity of the data through the Verify algorithm and conducts experiments on different numbers of challenge blocks. The experimental results are shown in Figure 6. Since the calculation overhead of the PPDP proof generation stage is independent of the number of challenge blocks, the calculation overhead of the PPDP solution during the proof generation is constant. The calculation time of this scheme and the RDPC scheme in the verification phase is close. According to the experimental results of the label generation, proof generation and verification stages, the speed of this scheme is greatly improved in the label generation and proof generation stages, while the speed in the verification stage is relatively close. In the process of data integrity auditing, the steps of reducing computational cost and operation can effectively reduce computational cost. If the audit process is similar, the overall cost can be reduced by ensuring security and eliminating redundant verification steps. However, based on the theoretical analysis of communication and computing overhead, cloud and fog computing can be used to reduce communication delay and simplify verification steps in data integrity auditing to reduce computing overhead.
Comprehensive experimental results and analysis can conclude that this scheme is more efficient and safer than PPDP and RDPC schemes.

VI. CONCLUSION
This paper proposes a DBCF protocol under the cloud and fog environment. This protocol can ensure data security in the case of data integrity auditing. This scheme introduces a blind factor in the data verification process, and adds random values to each verification, thereby avoiding the adversary's multiple requests to obtain user information. At the same time, the fog computing layer is established, and the cloud and fog structure is used to change the architecture of the transmission network, which can effectively reduce the communication overhead. In addition, the security model is given and proved to be secure under the random oracle model assumed by CDH. Finally, the performance analysis shows that this protocol will be more efficient in practical applications. In future work, the architecture model of the fog computing layer can be improved to make it more efficient.
YANRU FU is currently working toward the M.S. degree in the School of Information and Control Engineering, Xi'an University of Architecture and Technology, Shaanxi, China. Her research interests include cloud computing security and privacy protection.
BILIN SHAO received his B.S. degree from the School of Management, XAUAT, Shaanxi, China. He is currently a Professor with XAUAT. He is also a member of the China Computer Federation (CCF). His research mainly includes information security, information management technology, cloud computing security, and VANETS security.
FAN ZHANG received her PhD Degree from the Department of Computing, University of Surrey, UK. She is a member of IEEE. Her current research interests include information security, cloud computing security and data mining.