The emergence of new communication applications adds high heterogeneity to 5 G networks. With the increase of heterogeneity, handover of user equipment between different service HetNets is frequent. It must smoothly realize user-free switching to provide services continuously. Although the 3 rd Generation Partnership Project (3GPP) has proposed a standard protocol for this scenario, it is found that these protocols cannot satisfy key forward/backward secrecy, lacks mutual authentication, etc. Further, it can be subjected to replay, DoS and other attacks. To alleviate these problems, we propose a mask random array protocol, MRSA. For efficient, secure handover authentication in 5 G HetNets, we first design a verification mechanism called mask array, which depends on a random number self-circulating encryption structure. The mechanism can not only check the identity of the communication entity but also evaluate the freshness of the message. Second, we devise the mask array-based key derivation method to ensure the whole mechanism's key security. Third, formal proof and automated analysis are established to verify the efficiency and safety of the proposed MRSA protocol. Finally, function and robustness analysis illustrate the ability to resist attacks, while the simulation base station communication analysis shows the efficiency of the protocol from three aspects of data, time and energy. MRSA has significant performance advantages compared to existing schemes in 5 G HetNets.