With the growing needs of data across the world, it is almost hard to live without data a day. The fog computing concept is aiming to change the scenarios created by Cloud Computing environments and also to make the data-centric clouds decentralized and localized. Fog devices which aim to be at a shorter distance with the user, access data from the cloud itself. Hence, exchanging data between the cloud and fog device(s) is required and in this context security and privacy come into the picture to provide data confidentiality. This paper first shows an architecture for the data flow model between the cloud and fog computing and then designs an authentication protocol with proper key establishment between the cloud, fog, and user. We have simulated the proposed protocol using a popular simulator i.e., Scyther and proved that the parameters used in our protocol are strongly protected during protocol execution. Besides, our informal security analysis also confirms the robustness of the protocol. Our protocol achieves quick responses in comparison with state-of-the-art because of less computation overhead. © 2020 Elsevier Inc.