This work addresses a critical gap in the formal verification of the WPA3 Simultaneous Authentication of Equals (SAE) protocol within the IEEE 802.11 standard, where the interplay between communication logic and device state machines had not been rigorously analyzed, leaving potential security vulnerabilities undetected. To bridge this gap, the authors present the first integrated formal model that jointly captures both the protocol’s message exchange logic and its underlying state machine behavior. Leveraging precisely defined security properties, they conduct a machine-verifiable analysis using the ProVerif and ASMETA tools. This approach uncovers multiple previously unknown security flaws in the standard specification, directly prompting the IEEE to issue official revisions and formally update the standard documentation, thereby substantially enhancing the protocol’s security and reliability.

The latest Wi-Fi security standard, IEEE 802.11, includes a secure authentication protocol called SAE, whose use is mandatory for WPA3-Personal networks. The protocol is specified at two separate but linked levels: a traditional cryptographic description of the communication logic between network devices, and a state machine description that realises the former in each single device. Current formal verification efforts focus mainly on communication logic. We present detailed formal models of the protocol at both levels, provide precise specifications of its security properties, and analyse machine-checked proofs in ProVerif and ASMETA. The integrated analysis of the above two models is particularly novel, enabling us to identify and address several issues in the current IEEE 802.11 specification more thoroughly than would have been possible otherwise, leading to several official revisions of the standard.