FHSS Security

One of the most pressing problems in WLANs is the question of whether
or not frequency hopping can increase the security of your wireless network.
You will notice there are a number of people who tout the security
of HomeRF using FHSS (as opposed to DSSS) in 802.11b networks.
HomeRF proponents insist that frequency hopping makes it far more
difficult to eavesdrop on or intercept network traffic. In addition, it is
difficult to decipher this information, which is transmitted all over the
spectrum. 802.11 using DSSS is said to be more susceptible to these
types of security concerns (eavesdropping and interception) because it
uses the same channel to transmit both data and security information—
making it easier for someone to circumvent the inherent security measures
of the 802.11 protocol.

However, there is no “real” benefit to HomeRF over 802.11b with
respect to security issues. All types of WLANs support distinct types of
security protocols; both FHSS and DSSS systems employ methods of data
encryption to stop any types of unauthorized eavesdropping of network
traffic. Furthermore, the user authentication procedures of 802.11b stop
unauthorized hackers from acquiring access to mission-critical data.
In many cases, it seems that FHSS offers a superior level of security
because of the design elements of this transmission technology. While
there are some elements that could make FHSS more secure than
DHSS, the principal element that gives it greater security includes “hop
sequences” that are specified by somewhat unpredictable methods of
spectrum usage. Hop sequences are generated by HomeRF radios are
designated in five seconds or less.

HomeRF systems utilize FHSS modulation in an effort to satisfy the
regulation set by the FCC with respect to radio operation in the 2.4-GHz
ISM band. The idea is to make these networks comply with regulatory
specifications rather than to provide security.

HomeRF networks do not have any security mechanisms to prevent
hackers from determining the specific frequency hop set their devices use;
what is supposed to be a more secure method is essentially less secure.
Even the algorithm used for hopping is not necessarily one of the
actual elements controlling security; the HomeRF control point (access point) sends the hop-set identification information unencrypted across
the network from every beacon. This action takes place each time the
network hops channels (as many as 50 times per second). Should the
hop-set identification information be sent across the network unencrypted
from the control point beacon, the hop set could still be deciphered.