Spread Spectrum

FHSS and DSSS are two methods utilizing spread spectrum technology. The idea behind spread spectrum is to spread the signal across a wide range of frequencies. This makes spread spectrum hard to detect as it often looks like noise. It also makes it less susceptible to interference and jamming. Although spread spectrum, by definition, is an inefficient use of spectrum, it results in a much more reliable transmission.

In Figure 2.1, we see that narrow band interference would cause a great deal of degradation to a narrow band signal. However, it would cause very little interference with a spread spectrum signal. In essence, this is a design decision that emphasizes reliability over efficiency.

The 802.11 protocol defines the use of FHSS and DSSS at the physical layer. As you are reading about the details of each protocol in the sections which follow, keep in mind that FHSS has been largely overshadowed by the widespread success and sheer volume of DSSS deployments. This has created another security by obscurity effect as seen in the pre-802.11 days. While many tools exist for detecting DSSS networks (such as NetStumbler), FHSS systems are relatively unknown and commonly overlooked by hackers.

FHSS

The concept of Frequency Hopping was conceived by Hedy Lamarr (a film actress) and George Antheil (a composer) in a 1942 patent titled “Secret Communications System.” The idea was to create a system that allowed radio-controlled torpedoes to stay on course and avoid enemy RF jamming. It was hypothesized that a system which hopped from one frequency to another in rapid succession could avoid intentional interference from RF jamming because the jammer could not change frequencies fast enough to keep up with the transmitter. By the time the jammer detected the signal, the sender could be operating on the next frequency. This idea resulted in FHSS technology, in which frequencies hop according to a predetermined sequence.

Federal Communications Commission (FCC) regulations require an FHSS system to hop over a minimum of 75 channels (although this was later amended to a minimum of 15 channels) with a maximum dwell time of 400ms. 802.11 implemented 79 channels (1 megahertz [MHz] each), covering the entire spectrum from 2.4 gigahertz (GHz) to 2.483 GHz, with a dwell time of 20 ms.

In Figure 2.2, the hopping pattern is D, A, E, C, B, F. As time progresses (upwards on the Y axis), we notice that the first message (D) is sent at 2.403 to 2.404 GHz, then message A is sent at 2.400 to 2.401 GHz, etc. If you did not know the specific hopping pattern, then the sequence of messages would be unintelligible and, perhaps, even undetectable.

DSSS

The advantage of DSSS over FHSS is that it supports higher data rates. Direct sequence works by taking a single binary digit (bit) and expanding it with a chipping code. In other words, each bit is represented by a pattern of several other bits. The FCC requires the chipping code's string of zeros and ones to be a minimum of 10 bits long; 802.11 implemented a chipping code 11 bits long. For example, 0 is represented by 11101100011 and 1 is represented by 00010011100. You may notice that the chipping codes are actually inverses of each other. This is part of what makes DSSS very resilient to interference—even if part of the message is partially obscured, recovery techniques can be employed to determine the intended message.

In Figure 2.3, we see the chipping codes representing a data stream of 110. Unlike FHSS's 79 1-Mhz channels, DSSS incorporates 11 22-MHz channels across 83.5 MHz in the 2.4-GHz spectrum. This is possible because each center frequency is spaced apart by only 5 MHz. While this allows for more channels, the problem is that overlapping channels will interfere with each other, meaning that 802.11 really only has 3 usable (non-overlapping) channels. Figure 2.4 shows how the channels are spaced out.