Page 64                                        Jiang et al. J Surveill Secur Saf 2020;1:61-78  I  http://dx.doi.org/10.20517/jsss.2020.09

               firstly put forward a notion of Provable Data Possession to confirm the outsourced data possession on the
               untrusted cloud, which is based on RSA homomorphic linear verification and supports third-party public
               auditing. However, the dynamic update of data is not supported in this scheme, and this scheme cannot
                                                           [14]
               protect users’ privacy. In the same year, Juels et al.  proposed a model named Proof of Retrievability, as
               well as presented a practical scheme which supports the integrity verification of data and the recovery of
               damaged data. Nevertheless, this scheme has a limited number of times to verify data integrity and does
               not support dynamic auditing or batch auditing. Since then, to solve the aforementioned problems, many
               scholars have devoted themselves to making improvements based on these two schemes, and they have
               made great progress in supporting more performance such as batch auditing, operating efficiency, and
               dynamic data update. Nevertheless, few people paid attention to the problem that these schemes leak users’
                                                                                        [15]
               private data to third-party auditors in the process of auditing. In 2010, Wang et al.  first proposed an
               auditing scheme that can be publicly verified to support user privacy protection. This scheme is based on
               public key homomorphic label technology so that the auditor can perform auditing without obtaining all
               the data of the user which greatly increases the operating efficiency of the system. The scheme also uses
               a random masking technique which makes it impossible for third party auditors to obtain users’ private
               information through the verification returned by cloud service providers. In addition, the auditing protocol
               supports dynamic update of data, batch auditing, and multiple auditing tasks that can be performed
                                                                                                        [16]
               simultaneously. It was later confirmed that there were still security risks. Therefore, in 2011, Wang et al.
               improved the system for the security but caused a huge computing burden on the cloud server, greatly
                                                                                            [17]
               reducing the efficiency of system operation. In terms of this problem, in 2015, Worku et al.  increased the
               efficiency of system operation while ensuring data security, but unfortunately, it did not support dynamic
               data operations.

               Besides storage data, users would like to perform updates to outsourced data directly in the cloud. Based
                                [18]
               on this, Wang et al.  proposed a relatively complete protocol which can support data update, user privacy
               protection, and batch auditing, but it will lead to the problem of high computing cost on the client side.
                              [19]
               Then, Garg et al.  designed a protocol that can minimize the computational complexity for the client
               during the system setup phase, which is publicly verifiable and supports dynamic operations on data.


               After that, many multi-user modification and user revocation schemes have been proposed [20-23] . However,
                                                                                                       [24]
               the above scheme cannot solve the problem of data redundancy well. To solve that problem, Wu et al. ,
                                 [25]
               Daniel and Vasanthi  removed redundant data from the cloud server which saved the storage cost of
               cloud service providers and greatly improved the efficiency of data validation. However, none of the above
                                                                                            [26]
               schemes have been designed specifically for images stored on the cloud, thus Tang et al.  proposed an
               efficient real-time integrity auditing protocol specially designed for cloud images, which also supported
                                                                                     [27]
               fair arbitration. In 2019, based on a new primitive fuzzy identity, Zhao et al.  presented a dynamic
               auditing protocol for the integrity verification of big data. This scheme applies fuzzy identity to the integrity
               verification of big data for the first time.

               However, the above existing solutions cannot be well applied to the e-health systems due to the special
               relationship between medical staff and patients, and the particularity of medical data. Therefore, we explore
               a novel storage structure for storing medical data for the e-health system and design a one-way anonymous
               auditing protocol in this paper.

               1.3  Organization
               The rest of this paper consists of the following parts: We first introduce the preliminaries in Section 2,
               mainly including some definitions and basic properties about bilinear pairing and one-way anonymous key
               agreement required for this paper. Then, we describe the system architecture that contains the proposed
               system model, system components, and stereo storage structure in Section 3. In Section 4, we formalize