Logo TU Ilmenau


Prof. Dr.-Ing. habil. Andreas Mitschele-Thiel


Telefon +49 3677 / 69 2819

E-Mail senden


MIFA - Mobile IP Fast Authentication Protocol


Real time applications are highly affected by the disruption in the communication during the movement from cell to another. However, as the user mobility of IP-based mobiles increases and the cell size of the systems decreases, handoffs will cause frequent service interruptions. Therefore the development of mobility management solutions is big challenge in the future IP-based mobile networks.

When the Mobile Node (MN) notices that the current Access Point (AP) is no longer reachable, it starts to scan the medium for other available APs. After that the MN authenticates and re-associates itself with the newly discovered AP. These procedures are called layer2 handoff. No additional procedures are required if the new AP belongs to the same subnet as the old one. However, the MN must discover the new Foreign Agent (FA) serving this subnet, register and authenticate itself with the Home Agent (HA) or another special agent through this FA, if the new AP belongs to another subnet. These additional procedures are called layer3 handoff.

There are a numerous proposals to reduce the handoff latency during the movement between the cells. These proposals can be broadly classified into four groups. The first group tries to support the global mobility, which clalled macro mobility too. The second group aims to reduce the time required to register with the network by processing the handoff procedure locally .e.g. through the using of hierarchical network architecture. This group realizes the micro mobility management. The third group attempts to reduce the address resolution time through the using of layer2 information to accelerate the layer3 handoff. The fourth  group combines the third group with one of the others groups to reduce the address resolution times and to support macro or micro mobility management.

Mobile IP presents the standard mobility management protocol to support the movement in the Internet. However, Mobile IP is not adequate for the delay sensitive applications. Mobile IP Fast Authentication protocol (MIFA) is proposed to avoid the problems of Mobile IP and to match the requirements of real time applications. MIFA processes the handoff procedure locally, as the case by the micro mobility management protocols,  without introducing intermediate nodes between the HA and the FA. Additionally, MIFA does not require hierarchical network architecture as the case by the most micro mobility management protocols such as Hierarchical Mobile IP (HMIP). Our analysis shows that

  • MIFA does not need hierarchical FAs. Only the FA and the HA must support MIFA. In contrary, HMIP depends on a hierarchical structure of the network.
  • MIFA can be seen as a macro and/or micro mobility solution while HMIP can be seen only as micro mobility solution.
  • MIFA falls back to MIP (or anchor FA) in the case of errors or missing MIFA support, whereas HMIP suffers the single point of failure (any mistake in the GFA will affect all of the nodes in the domain).
  • Handoff latency using MIFA is independent of the distance between the current FA and the HA, similar to HMIP. Thus MIFA performs a fast handoff. Additionally, MIFA depends on the previous FA to get the packets during the establishment of a tunnel between the HA and the new binding of the MN. This means that MIFA performs smooth handoff too. The results show that MIFA performs similar to HMIP when the MN moves within a domain consisting of two hierarchy levels only and outperforms HMIP otherwise.
  • MIFA clearly outperforms HMIP with respect to the packet delivery cost. This is because MIFA eliminates the extra packet delivery costs resulting from the triangular routing the packets experience when deploying HMIP (from HA via GFA to the current FA)
  • Location update cost when deploying MIFA is comparable to the location update cost using HMIP.
  • MIFA is more adequate for the real-time applications with respect to the signalling cost and the performance

Protocol Operation

In order to avoid the problems of MIP without needing to insert intermediate nodes between the FA and the HA, MIFA has been proposed. The basic idea of MIFA is that the HA delegates the authentication to the FA. As a result the MN authenticates itself with the FA and with the HA. However this happens in the FA. Thus the MN sends RegRqst to the FA, which in turn directly replies by sending a Registration Reply message (RegRply) to the MN. After receiving the RegRply, the MN can resume the transmission on the uplink. In downlink a tunnel is established to forward the packets, arriving at the  previous FA, to the current FA until the HA is informed about the movement and a tunnel from the HA to the current FA is established to forward the packets directly to the current FA. Thus the delay experienced from the communication between the current FA and the HA is eliminated, similar to the micro mobility protocols. Additionally the time required to build an IPSec tunnel, if needed, is avoided.

The local authentication by FAs relies on groups of neighbouring FAs. Each FA defines a set of neighbouring FAs called a Layer3 Frequent Handoff Region (L3-FHR). These L3-FHRs can be built statically by means of standard algorithms (e.g. neighbour graph or others ), or dynamically by the network itself, by observing the movements of MNs. Typically the L3-FHR of a FA consists of a small number of FAs compared to the whole number of FAs the MN may connect to. Every FA defines its own L3-FHR. The L3-FHR doesn’t necessarily comprise all of the adjacent FAs, e.g. in the case of physical obstacles between the areas that prevent a move between the adjacent FA areas. There is a security association between the FAs in each L3-FHR. This security association can be established statically, e.g. by the network administrator, or dynamically, e.g. by the network itself.

Fig 1 depicts the basic operation of MIFA. While the MN communicates with the current FA, this FA sends notifications to all of the FAs in the L3-FHR the current FA belongs to. These notifications contain the security associations between the MN and the FAs in this L3-FHR on one side and between the FAs and the HA on the other side. These security associations are recorded in soft state and will be used by one FA at the future and deleted from the others. Additionally these notifications contain the characters of the HA and the authentication values (between the MN and the HA) the MN have to generate in the next registration with the next FA. These notifications are authenticated by means of the security associations established between the FAs.

When the MN moves to one of the FAs in the L3-FHR, to which the previous FA belongs to, it sends RegRqst message to this FA. This current FA checks at first the authentication between it and the MN, this authentication will be checked by using the security association sent from the previous FA with the notification. After that the current FA checks the MIFA information, which presents the authentication information between the MN and the HA. The current FA then checks if the equirements requested from the HA can be satisfied, this can be achieved through the check of the HAs characters sent with the notification too. If the authentication succeeds, the FA builds a Previous FA Notification message to inform the previous FA that it has to forward the packets, sent to the MN, to the current FA. After that the current FA sends Registration Reply to the MN, at this time the MN can resume transmission in uplink. Additionally the current FA sends a HA Notification message to inform the HA about the new binding, the HA in turn establishes a new tunnel to the new FA, after that it intercepts the packets forwarded to the old binding and tunnels them to the new one. Thus the time to inform the HA about the new binding and to establish a new tunnel is hidden.

Figure 1: Messages exchanged by MIFA
Figure 1: Messages exchanged by MIFA



  • Ali Diab, Andreas Mitschele-Thiel, René Böringer: "Comparison of Signaling and Packet Forwarding Overhead for HMIP and MIFA", 3rd International Conference on Wired/Wireless Internet Communications WWIC 2005, Griechenland, May,11-13, 2005.
  • Ali Diab, Andreas Mitschele-Thiel, René Böringer: "Evaluation of Mobile IP Fast Authentication Protocol compared to Hierarchical Mobile IP." Accepted for IEEE Conf. On Wireless and Mobile Computing, Networking and Communications (WiMob’2005), Montreal, August 2005.
  • Ali Diab, Andreas Mitschele-Thiel, René Böringer: "Comparative Analysis of Handoff delay of MIFA, MIP." Accepted for 10th IFIP International Conference on Personal Wireless Communications (PWC'05), Colmar, France, August 2005.


  • Ali Diab, Andreas Mitschele-Thiel, René Böringer: "Extension of Mobile IP for Fast Authentication", 49. Internationales Wissenschaftliches Kolloquium, Ilmenau, Germany, 27-30 September, 2004.
  • Ali Diab, Andreas Mitschele-Thiel: "Minimizing Mobile IP Handoff Latency", 2nd International Working Conference on Performance modelling and Evaluation of Heterogeneous Networks (HET-NETs'04), Ilkley, West Yorkshire, U.K., July 26 - 28, 2004.
  • Ali Diab, Andreas Mitschele-Thiel, Esam Alnasouri, René Böringer, Jingan Xu: "Mobile IP Fast Authentication Protocol". The third Deutsche-Syrische Workshop (DSW04), Aleppo, Syria, October 2-10, 2004. PDF
  • Ali Diab, Andreas Mitschele-Thiel, Esam Alnasouri, René Böringer, Jingan Xu: "Perfomance Analysis of the Mobile IP Fast Authentication Protocol". The Seventh ACM/IEEE International Symposium on Modeling, Analysis and Simulation of Wireless and Mobile Systems (MSWIM 2004), Venice, Italy, October 4-6, 2004.