Abstract:The strong mobility of wireless mesh clients incurs the frequent handover among multiple wireless mesh routers.In order to overcome the problem that current handover authentication schemes cannot achieve high efficiency and privacy protection simultaneously,an efficient anonymous handover authentication scheme with privacy protection was proposed.The proposed scheme was based on the idea of identity-based blind signature in cryptography.Firstly,the wireless mesh router sends its identity to the authentication server to get a key pair that is used to generate the pseudo identities for the wireless mesh client.Secondly,the wireless mesh client sends blind messages to the wireless mesh router to request the pseudo identities that is used in the handover authentication phase.Finally,the wireless mesh client sends a pre-acquired pseudo identity to the target router to complete the handover authentication.The proposed scheme adopted identity-based cryptographic technology,which effectively reduces the whole network consumption caused by the generation,management and revocation of the traditional public key certificate.On the other hand,through the blind signature technique,the client only needs to use thepre-acquired pseudo identity for handover authentication.Using the pseudo identity could protect the confidentiality of the user's true identity information and the moving path,as well as the data privacy of the client.Security analysis showed that the proposed scheme can satisfied the security requirements of mutual authentication,anonymity,revocation and resistance to attacks.Performance analysis showed that the handover authentication process is achieved after two handshakes without pairing operations.Comparing with other schemes,the proposed scheme effectively reduces the communication cost and the number of calculation times,lightens the load of authentication server,and improves the authentication efficiency as well.