Which protocol is specifically designed to combat replay attacks in WPA3?

The protocol designed specifically to combat replay attacks in WPA3 is Simultaneous Authentication of Equals (SAE). SAE is a key establishment protocol that not only provides mutual authentication but also protects against certain types of attacks, including replay attacks. Replay attacks involve capturing and retransmitting valid data transmissions to deceive a network, thus compromising its security.

SAE helps to mitigate this risk by ensuring that both parties in the authentication process are engaged in a simultaneous and dynamic exchange of cryptographic information. This dynamic exchange includes the use of nonces – unique numbers that are used only once per session – which makes it difficult for an attacker to effectively replay captured messages without being detected. Additionally, SAE is resistant to offline dictionary attacks, enhancing the overall security during the key establishment process.

While GCMP and CCMP are encryption and integrity protocols that ensure the confidentiality and integrity of the transmitted data, their primary functions do not specifically target replay attacks. Protection frames can provide other security measures in wireless communication but are not focused solely on addressing replay attacks the way SAE is.

Therefore, SAE's mechanism for handling authentication and its defense against replay attacks make it the correct answer for this question.