Abstract
Wi-Fi is a ubiquitous technology that enables a variety of devices to access the internet.
Increasingly, people are becoming reliant on the availability of Wi-Fi networks and the security
they provide. Wi-Fi Protected Access 3 is the latest Wi-Fi security standard that seeks to
improve the security of its predecessor Wi-Fi Protected Access 2 by introducing the
simultaneous authentication of equals authentication process and mandating the use of
protected management frames.
The research conducted in this dissertation details the development of the fuzzing strategy
called WPA3Fuzz. The development of WPA3Fuzz is informed by a review of the security
features introduced in WPA3 and a critical evaluation of existing vulnerabilities in Wi-Fi
security standards. WPA3Fuzz seeks to identify vulnerabilities caused by implementation
errors in the simultaneous authentication of equals process and the protected management
frames mechanism. Using WPA3Fuzz four vulnerabilities are discovered. The fuzzing strategy
successfully identifies vulnerabilities in Linux virtualization utilities as well as commercially
available WPA3 devices caused by vendor-specific implementation errors.
The contributions of the current research provide benefits to information security researchers
investigating the security of WPA3 and consumers that use WPA3 devices. The vulnerabilities
discovered in the course of the current research have been mitigated by vendors, thereby
improving the security of the affected devices.