{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,4]],"date-time":"2026-05-04T11:00:00Z","timestamp":1777892400516,"version":"3.51.4"},"reference-count":14,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2022,10,20]],"date-time":"2022-10-20T00:00:00Z","timestamp":1666224000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>This work attempts to provide a way of scrutinizing the security robustness of Wi-Fi implementations in an automated fashion. To this end, to our knowledge, we contribute the first full-featured and extensible Wi-Fi fuzzer. At the time of writing, the tool, made publicly available as open source, covers the IEEE 802.11 management and control frame types and provides a separate module for the pair of messages of the Simultaneous Authentication of Equals (SAE) authentication and key exchange method. It can be primarily used to detect vulnerabilities potentially existing in wireless Access Points (AP) under the newest Wi-Fi Protected Access 3 (WPA3) certification, but its functionalities can also be exploited against WPA2-compatible APs. Moreover, the fuzzer incorporates: (a) a dual-mode network monitoring module that monitors, in real time, the behavior of the connected AP stations and logs possible service or connection disruptions and (b) an attack tool used to verify any glitches found and automatically craft the corresponding exploit. We present results after testing the fuzzer against an assortment of off-the-shelf APs by different renowned vendors. Adhering to a coordinated disclosure process, we have reported the discovered issues to the affected vendors, already receiving positive feedback from some of them.<\/jats:p>","DOI":"10.3390\/cryptography6040053","type":"journal-article","created":{"date-parts":[[2022,10,20]],"date-time":"2022-10-20T20:35:55Z","timestamp":1666298155000},"page":"53","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["WPAxFuzz: Sniffing Out Vulnerabilities in Wi-Fi Implementations"],"prefix":"10.3390","volume":"6","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4492-5104","authenticated-orcid":false,"given":"Vyron","family":"Kampourakis","sequence":"first","affiliation":[{"name":"Department of Information Security and Communication Technology, Norwegian University of Science and Technology, 2802 Gj\u00f8vik, Norway"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6507-5052","authenticated-orcid":false,"given":"Efstratios","family":"Chatzoglou","sequence":"additional","affiliation":[{"name":"Department of Information and Communication Systems Engineering, University of the Aegean, 83200 Karlovasi, Greece"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6348-5031","authenticated-orcid":false,"given":"Georgios","family":"Kambourakis","sequence":"additional","affiliation":[{"name":"European Commission, Joint Research Centre (JRC), 21027 Ispra, Italy"}]},{"given":"Apostolos","family":"Dolmes","sequence":"additional","affiliation":[{"name":"Department of Information and Communication Systems Engineering, University of the Aegean, 83200 Karlovasi, Greece"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1425-5138","authenticated-orcid":false,"given":"Christos","family":"Zaroliagis","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering and Informatics, University of Patras, 26504 Patras, Greece"}]}],"member":"1968","published-online":{"date-parts":[[2022,10,20]]},"reference":[{"key":"ref_1","unstructured":"(2021). IEEE Standard for Information Technology\u2013Telecommunications and Information Exchange between Systems\u2014Local and Metropolitan Area Networks\u2013Specific Requirements\u2014Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. IEEE Std 802.11-2020 (Revision of IEEE Std 802.11-2016), IEEE."},{"key":"ref_2","first-page":"103058","article-title":"How is your Wi-Fi connection today? DoS attacks on WPA3-SAE","volume":"64","author":"Chatzoglou","year":"2022","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Vanhoef, M., and Ronen, E. (2020, January 18\u201321). Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd. Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA.","DOI":"10.1109\/SP40000.2020.00031"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"34188","DOI":"10.1109\/ACCESS.2021.3061609","article-title":"Empirical Evaluation of Attacks Against IEEE 802.11 Enterprise Networks: The AWID3 Dataset","volume":"9","author":"Chatzoglou","year":"2021","journal-title":"IEEE Access"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Schepers, D., Ranganathan, A., and Vanhoef, M. (2022, January 16\u201319). On the Robustness of Wi-Fi Deauthentication Countermeasures. Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Antonio, TX, USA.","DOI":"10.1145\/3507657.3528548"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"64761","DOI":"10.1109\/ACCESS.2022.3183597","article-title":"Pick Quality Over Quantity: Expert Feature Selection and Data Preprocessing for 802.11 Intrusion Detection Systems","volume":"10","author":"Chatzoglou","year":"2022","journal-title":"IEEE Access"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"82","DOI":"10.1109\/MC.2021.3074262","article-title":"WiF0: All Your Passphrase Are Belong to Us","volume":"54","author":"Chatzoglou","year":"2021","journal-title":"Computer"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Vanhoef, M. (2022, January 30). A Time-Memory Trade-Off Attack on WPA3\u2019s SAE-PK. Proceedings of the 9th ACM on ASIA Public-Key Cryptography Workshop, Nagasaki, Japan.","DOI":"10.1145\/3494105.3526235"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"6","DOI":"10.1186\/s42400-018-0002-y","article-title":"Fuzzing: A survey","volume":"1","author":"Li","year":"2018","journal-title":"Cybersecurity"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"2312","DOI":"10.1109\/TSE.2019.2946563","article-title":"The Art, Science, and Engineering of Fuzzing: A Survey","volume":"47","author":"Han","year":"2021","journal-title":"IEEE Trans. Softw. Eng."},{"key":"ref_11","unstructured":"(2022, October 07). The WPAxFuzz Tool. Available online: https:\/\/github.com\/efchatz\/WPAxFuzz."},{"key":"ref_12","unstructured":"Nikolai Tschacher (2022, July 31). Dragonfuzz. Available online: https:\/\/github.com\/NikolaiT\/dragonfuzz."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Marais, S., Coetzee, M., and Blauw, F. (2020, January 18\u201320). Simultaneous Deauthentication of Equals Attack. Proceedings of the Security, Privacy, and Anonymity in Computation, Communication, and Storage: SpaCCS 2020 International Workshops, Nanjing, China.","DOI":"10.1007\/978-3-030-68884-4_45"},{"key":"ref_14","unstructured":"Aki Helin (2022, July 31). Blab\u2014A Grammar-Based Data Generator. Available online: https:\/\/gitlab.com\/akihe\/blab."}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/6\/4\/53\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T00:57:55Z","timestamp":1760144275000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/6\/4\/53"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,10,20]]},"references-count":14,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2022,12]]}},"alternative-id":["cryptography6040053"],"URL":"https:\/\/doi.org\/10.3390\/cryptography6040053","relation":{},"ISSN":["2410-387X"],"issn-type":[{"value":"2410-387X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,10,20]]}}}