An Efficient Generation and Security Analysis of Substitution Box Using Fingerprint Patterns

Information and its security have attracted the research community in recent years with increasing usage of mobile applications. Mobile devices have different security options in data transmission such as reading some biometric values. The keystone of the modern block and stream ciphers is the use of a substitution box (s-box) that obscures correlation between plaintext and ciphertext. In this study, we proposed a novel s-box generation algorithm by using the fingerprint pattern of the person who transfers information to the target. We generated several s-boxes by using bifurcation and ridge ending features of the fingerprint. Proposed s-boxes are compared with several known s-boxes over nonlinearity, bijectiveness, strict avalanche criterion, bit independence criterion, linear probability, and differential probability. Along with these properties, we analyzed confidence interval and randomness properties of new s-boxes as well. Also, the execution time of the proposed s-box generation algorithm is calculated and examined. The results of the cryptographic properties have shown that the proposed s-boxes by using ridge ending of the fingerprint performs better. The performances analysis show that the proposed s-box has satisfactory results according to the results of chaotic-based s-boxes. On the other hand, the fingerprint s-boxes are much better than the existing biometric s-boxes according to the s-box security metrics. The results have shown that the execution time of the proposed s-box generation algorithm is more minimum than the existing biometric s-box generation algorithms. Resulting from applying fingerprint biometric data to generate an s-box, such a successful algorithm is promising to be used in mobile devices.


I. INTRODUCTION
Nowadays, information and its security are hot topics all over the world. Information security is based on good communication. It means that the processes between sender and receiver are designed to deliver information over uninterrupted, reliable, and accurate channels. If the channel is not reliable, the system must protect the information by using a cryptographic technique before the information is sent over that unreliable channel. Modern cryptography is generally divided into two categories: symmetric cryptography that has only one secret key and asymmetric cryptography that has a key pair and is based on the explicit key principle. In this study, Advanced Encryption Standard (AES), that was published in 2001 by the National Institute of Standards and Technology (NIST), has been adopted by the US government The associate editor coordinating the review of this manuscript and approving it for publication was Zahid Akhtar . and other countries in the world to protect confidential data and information [1], is used.
Substitution box (s-box) is a vital part of block cipher since commercial computer cryptography [2] was introduced by Horst Feistel. An s-box includes 2 n elements, n is the number of bits in input. If all elements in the s-box are unique and different, it is called a crypto s-box. There must not be a correlation between the sequence of the values to generate a good s-box [3]. Rijndael algorithm [4], [5] uses Nyberg's s-box [6] that is constructed with inverse mapping based on finite fields.
The strength of the AES algorithm is related to the s-box and mix column operation. These two elements ensure security against the linear and differential attacks. There is a lot of scientific research focus on the key generation [7], [8], the round operations of algorithm [9], [10], an s-box design [11], [12], and the mathematical operations of the AES algorithm to get a more robust system. There are lots of studies and papers that improve the algorithm's key and s-box with either biometric traits [8], [13]- [19] to get unique data or machine learning techniques [20]- [22] to get a function with a sequence of mathematical operations.
In this article, to address generating with minimum time consumption, a more secure, and person specific s-box problem, a new biometric s-box is proposed. Our main contribution is developing a personal s-box with personal biometric traits. The most person specific biometric data is fingerprint that has good entropy with its unique pattern. In this study, fingerprint biometric data have been used to get a good source of randomness. The user can add their fingerprint pattern while using their mobile devices to transfer data to the target. The logical and mathematical processes are applied to generate values from the fingerprint patterns. Feature extraction from a fingerprint takes time and time complexity is vital for mobile applications. When any modification is applied to the system, it must be completed with minimum time consumption, otherwise it could not be acceptable [23]. Another signifint contribution of this study is that the proposed s-box generation algorithm is completed within a few milliseconds with high privacy. The proposed algorithm has minimum time consumption, great success in randomization and personal sequence. To improve the shortcomings of existing s-box construction methods, this article presents a novel and person specific s-box construction method by using strong characteristics of biometric data.
The rest of the paper is organized as follows: the different kinds of existing s-boxes are introduced in Section 2. The proposed s-box and inverse s-box generation algorithms are presented in Section 3. Section 4 introduces biometric parameters and explains why fingerprint biometric is preferred. The results of the good s-box criteria and performance assessments are presented in the same section. Moreover, the proposed fingerprint s-box generation algorithm is compared with existing s-boxes in literature according to the good s-box criteria in Section 5. Finally, the conclusion summarizes the proposed fingerprint s-box generation algorithm and presents comments and discussions.

II. RELATED WORKS
Information security and privacy are hot topics in the information technology industry, finance and banking, and scientific research. All applications for these fields need authentication to verify the users. There are different kinds of verifications such as password, biometric traits that are stored in servers of the applications. The transfer of information is protected by using cryptographic algorithms. The more the information is important, the more the application is strong. Researchers develop different parts of the cryptographic algorithms such as key operation, rounds operation, s-box operation because using the only cryptographic algorithm does not ensure security. One of the most important operations for developing a cryptographic algorithm is generating the s-box. There are different methods to produce an s-box such as heuristic techniques, finite field inverse, finite field exponent, pseudo-random [3].
The chaotic map has a spread spectrum to increase the performance of random number generators in heuristic techniques. There are a significant number of published chaotic s-boxes. Chen [24] presented an efficient algorithm that is based on chaotic maps and simulated annealing to obtain an 8 × 8 s-box. Çavuşoğlu et al. [25] designed the random number generation algorithm by using the new scaled Zhongtang chaotic system to generate a complicated and dynamic s-box. Lambic [26] proposed a discrete chaotic map based on the composition of permutations. The 3-D four-wing autonomous chaotic system is used by [27] to generate an s-box. The Gingerbreadman chaotic map and S 8 permutations are synthesized by [28] to present resilient nonlinear mechanisms. Lambic [29] presented an s-box with low complexity and large key space and applied composition of operations on existing s-boxes.
Researchers focused on the genetic algorithm that is the best in complex multi-dimensional search space to generate chaotic s-boxes. The chaotic logistic and chaotic tent map are iterated to generate the initial population of the genetic algorithm [30]. The logistic map is used to generate the initial s-box and the three-dimensional chaotic Lorenz system is applied to generate the control parameters of the genetic algorithm [31]. The s-box generation problem transformed the travelling salesman problem and an s-box designed based on the chaotic map and the genetic algorithm [32].
There are various optimization approaches to design an efficient s-box. Ahmad et al. [33] proposed an ant colony optimization-based scheme to design an s-box by iterating the chaotic logistic map and chaotic tent map for initialization. The differential uniform and nonlinearity are considered as the fitness function in the optimization step of the algorithm [34], [35]. A chaotic s-box is generated by using the six-dimensional hyper-chaotic map and artificial bee colony optimization algorithm [34]. Many s-boxes are generated by using the intertwining logistic map and then the bacterial foraging optimization algorithm is applied to find the optimal s-box [35]. The travelling salesman problem and piece-wise linear chaotic map are synthesized by [36]. The chaotic map and new Teaching-Learning-Based Optimization (TLBO) are presented to optimize keys generated as a result of round [37]. An s-box is generated by using the discrete space chaotic map and the firefly algorithm optimized the initial s-box [38]. According to ancient Chinese I-Ching philosophy, there are three innovative I-Ching operators (ICOs): intrication, turnover, and mutual operators are used to generate an s-box [39].
The cryptographic primitives and the properties of the chaotic system share unique characteristics that are unpredictable operations and random data. Ullah et al. [40] constructed an s-box with the chaotic system and linear fractional transformation and Ullah et al. [41] constructed an s-box with arithmetic background based on group action of projective general linear group on units of finite local ring.
Özkaynak [42] designed two s-boxes by applied the chaotic Chen system and chaotic Henon map, and Özkaynak [43] used the chaotic logistic map and chaotic sine map with the properties of existing iris dataset as initial condition and control parameters to improve randomness. A sixdimensional fractional Lorenz-Duffing chaotic system and O-shaped path scrambling algorithm are offered to construct an s-box [44]. The five-dimensional hyperchaotic system [45] and four-dimensional hyperchaotic Lorenz system [46] is discussed to construct an s-box. The one-dimensional discrete chaotic map and β-hill climbing search technique are introduced to construct an s-box [47].
A mathematical operation named as Determinant Rotation is introduced by [48] to produce different s-boxes for each round of AES. Ahmad and Malik [49] proposed the chaos-based neural network with four layers; input layer with eight neurons, two hidden layers with four neurons, two neurons respectively and output layer with one neuron. The sequence of the corresponding multiplicative inverse in GF (2 8 ) and artificial neural network with seven perceptron neurons in three layers operations are synthesized to generate an s-box [50].
The standard s-box is constructed by using 11B 16 (2 8 ) and additive constant 63 16 . An irreducible polynomial is not a constant polynomial that cannot be a product of two non-constant polynomials and ends with a constant one. The affine transformation is used to construct the AES s-box with an affine matrix that should be nonsingular. Approximately 2 63 affine matrices can be generated with each irreducible polynomial according to [51] and they generated fifty s-boxes over 17B 16 , 1BD 16 , 14D 16 , 165 16 with maximum avalanche criteria. Some irreducible polynomials with different affine matrices are compared by [52]. A system can use different irreducible polynomials every time to obtain a ciphertext and this irreducible polynomial is sent with a secret key to the receiver to obtain a plaintext [53]. Several irreducible polynomials are paired with the valid additive constants to generate a secure s-box [54]. The level of security with cryptographic properties of s-boxes with all irreducible polynomials is evaluated and the polynomial 163 16 has an extremely good result according to the s-box security metrics [55].
The Deoxyribose Nucleic Acid (DNA) cryptography [56] is also a hot topic in generating an s-box. The DNA based s-box inspired by the strands of DNA that is a sequence of nucleotides. There are four nucleic acid bases: adenine (A), cytosine (C), guanine (G), thymine (T) to form a DNA sequence. Each nucleic acid base is represented with two-bits that are 00, 01, 10, 11 [57]. The DNA based s-box is generated in four steps: generating DNA strands, reverse complement, XOR operation, central dogma operation [58]. Two DNA strands are presented: first one is for the value of s-box, second one is for the location of the value in s-box [59]. Either logical operations or arithmetic operations are used to generate a DNA s-box. Data processing, DNA addition, DNA subtraction, the logical and arithmetic operations, and searching operation are applied to generate both s-box and inverse s-box by [60]. The RNA based multi s-boxes [61] with secret key initialization, inspired by the DNA based sboxes [59], [60]. Data translation, addition, subtraction, XOR operation, and transcription processes are applied to generate an RNA s-box from a DNA strand [61].

III. PROPOSED ALGORITHM
In this study, a more robust s-box designed against the linear and differential attacks while minimizing input-output transformation correlation and difference propagation probability.

A. SUBSTITUTION BOX
Substitution Box (s-box) is the most important variable of the symmetric key encryption algorithm in block cipher algorithms. S-box is the only nonlinear part of the algorithm so constructing the best s-box affects the complexity of the ciphertext. The aim of using an s-box is to find a byte change in an algorithm and obscure the relationship between the ciphertext and the key.
The y = S(x) function with an 8-bit input (x) and an 8-bit output (y) as polynomials over GF (2 8 ) are used by the sub byte operation of the AES algorithm. The least significant nibble of the input represents the column of the s-box, the most significant nibble of the input represents the row of the s-box. The output value is the intersection of row and column on an s-box. If the input is 01011110, the least significant nibble of input is 1110 that has a value of 14 (0xE), and the most significant nibble of input is 0101 that has a value of 5 (0 × 5). The result of the function for the AES s-box is 01011000 (0 × 58). If the output value of the s-box is used as the input for the inverse s-box, the result will be the input value of the s-box.

B. PROPOSED S-BOX AND INVERSE S-BOX GENERATION ALGORITHM
In this study, an s-box and inverse s-box are generated using fingerprint patterns of people. The general block diagram of the proposed substitution box generation algorithm consists of the four main stages as illustrated in Fig. 2. The first stage is for extracting features of a fingerprint. The fingerprint of persons can be collected from a fingerprint reader of a mobile device ( Fig. 1(a)). If the user uploads the mobile application, the fingerprint is uploaded by the fingerprint reader of the device. The fingerprint in binary format ( Fig. 1(b)) is obtained from Fig. 1(a) after binary conversation and size reduction to remove redundant space. The fingerprint processing step includes thinning the lines of fingerprint as shown in Fig. 1(c).    Each pixel of the fingerprint is scanned. There is a line if both the selected pixel and the adjacency pixel of the selected pixel is not empty. The system scans all the adjacency pixels of the selected pixel and counts the lines. If the number of lines is one, it is labeled as ridge ending. Ridge ending points of the fingerprint are shown in Fig. 4. If the number of lines is three, it is labeled as bifurcation. Bifurcation points of the fingerprint is shown in Fig. 5.
The second stage generates the values of s-box after some operations from the fingerprint features. The system uses either one of these features or a combination of these features to generate an s-box. The position values of the feature points are stored as x-coordinate and y-coordinate. The system performs the exclusive disjunction (XOR) operation on the x-coordinate and y-coordinate of the selected feature. The result of the calculation is checked for duplicate values. If the result value exists more than one time in the result array, the system stores duplicate values once and removes the others from the result array.
The third stage is for using a random function for nonexistent values of s-box. An s-box has values between 0 and 255 (0xFF). The system checks that each value of the result array is between 0 and 255. If the values between 0 and 255 do not exist in the result array, the system stores this value in a nonexistence array. The values in the nonexistence array are assigned the rest of the result array with random permutation.
In the fourth and final stage, the result array values fill the s-box.
Each s-box has a unique inverse s-box that is used to decrypt the ciphertext. The general block diagram of the proposed inverse substitution box generation algorithm consists of four main stages from the proposed s-box generation algorithm and extra two stages as illustrated in Fig. 3. The first addition stage reads a value from the s-box to find the position of the inverse s-box. The value of the s-box has two digits in hexadecimal format. The left-hand digit represents the row of the inverse s-box. The right-hand digit represents the column of the inverse s-box. The second addition stage reads the position of the selected value from the s-box to generate the value of the inverse s-box. The row position of the s-box value is the left-hand digit of the value of the inverse s-box. The column position of the s-box value is the right-hand digit of the value of the inverse s-box. All s-box values are read to generate an inverse s-box.
An overview of the proposed algorithm is presented in Algorithm 1 given in the Appendix, which consists of these eleven steps: Step 1: The original input data is a fingerprint that is read by a biometric fingerprint reader, stored as an image file F. VOLUME 8, 2020 Step 2: Fingerprint image is converted to binary image format B.
Step 3: Binary image is resized to get rid of redundant space around the fingerprint and is stored as resized image file R.
Step 4: The fingerprint lines (T) are extracted by using bwmorph function from R.
Step 5: The number of connections is counted around each pixel of T and stores in count matrix C.
Step 6: The type of the fingerprint feature is chosen (1: ridge ending, 2: bifurcation, 3: both). If the type is 1, the location of the pixel where C(x,y) value is equal to 1 is stored in R. If the type is 2, the location of the pixel where C(x,y) value is equal to 3 is stored in B. If the type is 3, the location of the pixel where C(x,y) value is either equal to 3 (for bifurcation) or equal to 2 (for ridge ending), is stored in BR.
Step 7: The algorithm performs the bitwise XOR operation on the pixel components (x-coordinate and y-coordinate) of the features. The x-coordinate and the y-coordinate are in decimal format. The result of the XOR operation is in bitwise binary format as shown in Table 1.  Step 8: The results of XOR operation are checked. If the result of XOR operation is calculated by the different pixel components before, the last result is ignored. Same values are eliminated during calculation and a distinct result is stored in the s-box (S). All elements of the S are filled after elimination shown in Fig. 7 in hexadecimal format.
Step 9: The nonexistence values of the s-box and empty index in s-box matrix are detected. The nonexistence values randomly stored in the s-box. The process of an inverse s-box generation is demonstrated in Fig. 8 to clarify the algorithm better. The following steps to generate an inverse s-box: Step 10: Read the first value of the s-box. The left-hand digit of this value represents the row of the inverse s-box, the right-hand digit of this value represents the column of the inverse s-box.
Step 11: Read the row of the s-box and store the left-hand digit of the value of the inverse s-box, read the column of the s-box and store the right-hand digit of the value of the inverse s-box (IS).
The flowchart of the proposed s-box and inverse s-box generation process is demonstrated in Fig. 6 to clarify the algorithm better.

IV. ANALYSIS AND RESULTS
In this section, the security metrics used for evaluation of the proposed s-box and inverse s-box generation algorithms are presented and the reason why we preferred fingerprint to generate an s-box and which fingerprint feature is more distinctive to generate an s-box are explained in detail. The security metrics are bijectiveness, nonlinearity, strict avalanche criterion, bit independence criterion, linear probability, differential probability, confidence interval, randomness, and the execution time of the proposed algorithm. The proposed algorithm is implemented in MATLAB R2019b running on Windows 10 64-bit operating system on a computer equipped with 16 GB RAM and an Intel Core i7-7500-U (2.70 GHz -2.90 GHz) processor.

A. BIOMETRIC PARAMETRICS (WHY FINGERPRINT?)
Biometric is the physical and behavioral characteristic feature of a human. These features are unique for each person, so the combination of these features is used to increase the accuracy of the system. Biometric technology divides into two categories: physical biometrics and behavioral biometrics as seen in Fig. 9. Physical biometrics occurs from birth and differs from person to person. The behavioral biometrics is characteristic and measurable features in human activities. The physical biometrics is more distinctive than the behavioral biometrics. The behavioral biometrics can be changed by momentary feelings such as stress.
Some of these biometric identifiers are compared according to seven factors as given in Table 2 [62]. The properties of a biometric identifier are universality, distinctiveness, permanence, and collectability. The attributes of a biometric system are performance, acceptability, and circumvention. The universality of a biometric identifier refers to the existence of the biometric feature for all people. The universality property ensures a high ratio for face recognition and iris recognition. The distinctiveness factor means that a biometric identifier can distinguish one from the other. The distinctiveness property ensures a high ratio for fingerprint and iris recognition. The permanence factor denotes the consistency of an identifier. Fingerprint and iris recognition satisfy a high ratio for the permanence property. The collectability factor represents how the identifier is captured and quantified. The collectability of face recognition, hand geometry, and signature recognition have a high ratio. Performance factor refers to speed and accuracy of the system. Fingerprint and iris recognition ensure the performance property with a high ratio. The acceptability of a system with an identifier represents how many users want to use that biometric identifier in the system. The users prefer to use face, voice, and signature identifiers with a high ratio in a system. The circumvention VOLUME 8, 2020 factor refers to foolproof of the system. Face recognition, voice recognition, and signature recognition satisfy a high ratio for the circumvention property of a system.
Distinctiveness, collectability, performance, and universality are the most important factors for cryptography. The high value set is fingerprint, iris recognition, and face recognition for these factors. Face, fingerprint, and voice can be collected by mobile devices. Face recognition has two high and two low ratios, fingerprint has two high and two medium ratios, voice recognition has two medium and two low ratios for selected factors. As a result of the ratio, fingerprint, face, and voice identifiers would be preferable for a mobile system. The intersection of the factors with biometric identifiers is provided in Table 2. Distinctiveness and performance are the most important criteria to generate an s-box for a mobile payment system. Fingerprint satisfies a high ratio for both distinctiveness and performance factors. Therefore, we preferred the fingerprint metric for the proposed algorithm. Every person has a unique fingerprint. The characteristic points in a fingerprint is called the feature (minutiae). Generally, every line in a fingerprint looks the same but there are various structures in a fingerprint. A fingerprint has different features such as island, ridge ending, bifurcation, lake, supur, and crossover that are shown in Table 3. Ridge ending and bifurcation are the most common and distinctive features to detect a fingerprint, the other features are a combination of the ridge ending and the bifurcation.

B. SECURITY ANALYSIS OF PROPOSED S-BOXES
In this section, the cryptographic strength of the proposed s-boxes is tested with widely used analysis techniques such as bijectiveness, nonlinearity, strict avalanche criterion, bit independence criterion, linear probability, differential probability that are presented in [63], [64]. All security metrics are implemented in MATLAB R2019b. Besides these security properties of an s-box, we deal with randomness and confidence interval to specify a perfect n × n s-box. The execution time of the proposed s-box generation algorithm is calculated to test its suitability for mobile payment applications. 11 fingerprints are used to generate three different s-boxes from each fingerprint. We generated bifurcation, ridge ending, and bifurcation-ridge ending s-boxes from one fingerprint. The security analysis of each fingerprint s-boxes is demonstrated in Table 4. The results show that the fingerprint feature type is important to generate more robust s-boxes. The ridge ending s-box for each fingerprint is more robust according to the security parameters shown in Table 4. Each fingerprint feature is analyzed by an average of the security metrics of all s-boxes with the same fingerprint feature to decide which fingerprint feature is more secure to generate an s-box.

1) NONLINEARITY
Nonlinearity (NL) is the most important parameter of crypto s-boxes. It is the measurement of the difference among outputs. High nonlinearity means that there is no linear equation to generate the s-box. These linear equations make the system breakable so the most nonlinear s-box should be used. Nonlinearity is calculated by (1) which is a different form of the Walsh spectrum.
The cyclic spectrum of f(x) is calculated by (2) where ω GF(2 n ), x. ω is the dot product.
The maximum value of nonlinearity percentage is 0.80, the minimum value of nonlinearity percentage is 0.52, an average value of nonlinearity percentage is 0.73 for the fingerprint sboxes, given in Table 4. The maximum nonlinearity is 180, the minimum nonlinearity is 62. According to nonlinearity results, the best nonlinearity value obtained with the bifurcation s-box and the bifurcation-ridge ending s-box, but the average of the ridge ending s-boxes got the best value with 0.75.
The maximum, average, and minimum nonlinearity values for each fingerprint feature are illustrated in Table 5. The best result of the nonlinearity percentage is 0.80 and both the bifurcation and the bifurcation-ridge ending s-boxes got. On the other hand, both the bifurcation and

2) STRICT AVALANCHE CRITERION
The strict avalanche criterion (SAC) is the second important criterion that is an effect of any change in an input on an output. This criterion is the combination of both completeness and avalanche effect. The avalanche effect means that the one-bit change in the plaintext should affect half of the bits in the ciphertext as given (3). Completeness means every bit in the plaintext must contribute to each output bit. If some bits of the ciphertext change only a few bits of the plaintext, the cryptanalyst can detect this relationship between the input and the output and use this relation to search for the key with the chosen plaintext attack.

Avalanche Criterion = #switched bits in output
/#total bits in output = 0.5 wt(a Xi j )/2 n = 1/2 where i, j {0, 1, 2, . . . , n} (4) The SAC is significant for a cryptographic s-box. If the s-box satisfies the completeness and avalanche criteria, this s-box can satisfy the strict avalanche criteria. The probability of the n-th bit of y value that output of the S function is approximately equal to 1/2 when the m-th bit of x (input value of S function) is changed as given (4).
The strict avalanche criterion of all fingerprint s-boxes is close to 0.5 as shown in Table 4. The maximum, minimum, and average SAC values are 0.5098, 0.4753 and, 0.4954, respectively. The results show that using a fingerprint for a biometric s-box reveals good SAC value. The maximum, average, and minimum SAC values for each fingerprint feature are illustrated in Table 5. The SAC range of the bifurcation s-boxes is [0.4761, 0.5100], the SAC range of the ridge ending s-boxes is [0.4900, 0.5098], the SAC range of the bifurcation-ridge ending s-boxes is [0.4753, 0.4980]. The average SAC value of the bifurcation s-boxes is 0.4950, the average SAC value of the ridge ending s-boxes of fingerprint is 0.5011, the average SAC value of the bifurcation-ridge ending s-boxes is 0.4902. The SAC results show that generating an s-box with the ridge ending feature of fingerprint has the best SAC value.

3) LINEAR PROBABILITY
The Linear Approximation Table (LAT) is a good method for testing an s-box against the linear cryptanalyze, because linear probability is a significant property. The achievement of linear attacks will be difficult when the maximum value of the LAT is minimum. The LAT is 2 n x 2 n table for n-bit input and n-bit output s-box (S: GF(2 n ) →GF(2 n )). LAT table is filled with the result of (5) for each a, b, a , b GF(2 n ).
The maximum LAT is 66, the minimum LAT is 32, the average LAT is 41 is given in Table 4. The maximum, average, and minimum LAT values for each fingerprint feature are illustrated in Table 5. The LAT range of the bifurcation s-boxes is [31], [65], the LAT range of the ridge ending s-boxes is [33], [43], the LAT range of the bifurcation-ridge ending s-boxes is [31], [61]. The average LAT value of the bifurcation, ridge ending, and bifurcation-ridge ending s-boxes are 40, 38, and 44, respectively. The LAT results show that the ridge ending s-boxes have the best LAT value.
The Linear Probability (LP) is expressed mathematically as: where a is corresponding input mask and b is corresponding output mask, ''.'' denotes the dot product operation, ''#'' denotes the number of x satisfying the condition.
If an s-box has a low linear probability, the system resists against the linear cryptanalysis. The maximum, minimum, and average LP values are 0.2578, 0,1250, and 0.1586, respectively. The maximum, average, and minimum LP values for each fingerprint feature are illustrated in Table 5

4) DIFFERENTIAL PROBABILITY
Differential Uniformity (DU) is the maximum similarity of generating a ciphertext differential when plaintext changes. The XOR distribution is 2 n × 2 n table for n-bit input and n-bit output s-box (S: GF(2 n ) →GF(2 n )). The XOR table is filled with the result of (7) for each x, y ∈ GF(2 n ).
The maximum DU is 32, the minimum DU is 10, the average DU is 15 is given in Table 4. The maximum, average, and minimum DU for each fingerprint feature are illustrated in Table 5. The DU range for the bifurcation s-boxes is [10], [31], the DU range for the ridge ending s-boxes is [10], [14], the DU range for the bifurcation-ridge ending s-boxes is [10], [31]. The average DU value of the bifurcation, ridge ending, and bifurcation-ridge ending s-boxes are 15, 12, and 17, respectively. The DU results show that generating an s-box with the ridge ending feature of fingerprint has the best DU value.
Differential Probability (DP) finds the same differential pairs between the plaintext and corresponding ciphertext. Differential probability is calculated by (8) where x, y are the differential pairs for input and output.

DP
= max x =0, y (#{x GF (2 n If an s-box has low differential probability, the system is more robust against the differential cryptanalysis. The maximum DP is 0.1250, the minimum DP is 0.0391, the average DP is 0.0568 is given in Table 4. The maximum, average, and minimum DP for each fingerprint feature are illustrated in Table 5. The DP range for the bifurcation s-boxes is [0.0391, 0.1250], the DP range for the ridge ending s-boxes is [0.0391, 0.0547], the DP range for the bifurcation-ridge ending s-boxes is [0.0391, 0.1250]. The average DP value of the bifurcation, ridge ending, and bifurcation-ridge ending s-boxes are 0.0582, 0.0469, and 0.0653, respectively. The DP results show that generating an s-box with the ridge ending feature of fingerprint has the best DP value.

5) BIT INDEPENDENCE CRITERION
Bit Independence Criterion (BIC) means that a change in one bit of an input does not affect any change in the output bit of the s-box. If the a-th bit of the input flips, the b-th bit and c-th bit of the output changes independently. There are two indicators of bit independence criterions to measure this feature of an s-box. One of them is the bit independence criterion for strict avalanche criterion (BIC-SAC) which calculates the average of (9) where x and w are the n-bit input and have only one-bit difference for each calculation.
) (9) An s-box has an ideal BIC-SAC value when the average BIC-SAC is close to 0.5. The maximum, minimum, and average BIC-SAC values are 0.5075, 0.4885, and 0.4987, respectively. The maximum, average, and minimum BIC-SAC values for each fingerprint feature are illustrated in Table 5 The other indicator is the bit independence criterion for nonlinearity (BIC-NL) which calculates the average of equation (10) where b and c are the n-bit output.
An s-box has an ideal BIC-NL value when the average BIC-NL is close to 103. The maximum BIC-NL is 104, the minimum BIC-NL is 100, the average BIC-NL is 102 is given in Table 4. The maximum, average, and minimum BIC-NL values for each fingerprint feature are illustrated in Table 5. The BIC-NL range for the bifurcation s-boxes is [101,104], the BIC-NL range for the ridge ending s-boxes is [102,103], and the BIC-NL range for the bifurcation-ridge ending s-boxes is [100, 103]. The average BIC-NL of the bifurcation s-boxes is 102, the average BIC-NL of the ridge ending s-boxes is 103, and the average BIC-NL of the bifurcation-ridge ending s-boxes is 102. The BIC-NL results show that generating an s-box with the ridge ending feature of fingerprint has the best BIC-NL value, but the other features are also very good.

6) BIJECTIVENESS
Bijective means that a function must be both one to one and surjective (onto). Bijective function is that each element of the domain has only one match in the co-domain and there is no element in the co-domain without matching. Therefore, the number of elements in domain must be equal to the number of elements in co-domain.
S-box uses the y = S(x) function where S: x ∈ N → y ∈ . N is bounded in

7) RANDOMNESS
Randomness means that an s-box generated with independent random numbers, each value of the s-box is obtained completely randomly and there is no correlation among the sequence values. When the s-box is produced with a random function, there is no mathematical correlation between the columns of the s-box. Proposed fingerprint s-box can generate different s-boxes from one fingerprint due to the fingerprint pattern. The fingerprint is unique to each person, so the pattern list is different. The proposed s-box generation algorithm uses ridge ending and bifurcation features, each of the features shows different points on the fingerprint. Therefore, unique s-boxes are generated from one fingerprint. The proposed s-box generation algorithm satisfies randomness fully, so this attribute makes the s-boxes more robust, unpredictable, and untraceable.

8) CONFIDENCE INTERVAL
Confidence interval is a kind of statistical range calculation of the observed data. It obtains the upper and lower bound of the interval to show confidence level. The 95% confidence level is used commonly to examine the observed data. The interval calculates by (11) where X is the mean of observed data, Z chosen z-value according to confidence level, s is the standard deviation, n is the number of observations. X ±Z (s/n 1/2 ) The mean of proposed s-boxes is 12.5, Z is 9.11 according to confidence level, and the standard deviation is 74. As a result of (11) the upper bound of s-boxes is 170 and the lower bound of s-boxes is 85. The confidence interval of all fingerprint s-boxes is [85,170]. The confidence interval of the fingerprint s-boxes has the same value as the AES s-box.

9) EXECUTION TIME
The execution time of a given algorithm is described as the time spent by the system while executing the algorithm. Time consumption is very important for mobile applications. If any additional part of the cryptographic algorithm takes a long time, this additional part cannot be appropriate for a mobile application. The execution time of the proposed s-box and inverse s-box generation algorithms for bifurcation, ridge ending and bifurcation-ridge ending feature are demonstrated in Fig. 10, Fig. 11, and Fig. 12, respectively. The execution time of the proposed inverse s-box generation algorithm for all fingerprint patterns is approximately the same. The execution time of the proposed s-box generation algorithm by using the bifurcation feature of the fingerprint is between 0.1346 milliseconds and 0.3794 milliseconds. The execution time of the proposed s-box generation algorithm by using ridge ending feature of the fingerprint is between   The average execution time of the proposed s-box and inverse s-box generation algorithms for each feature and all fingerprint s-boxes are given in Table 6. The average execution time of the proposed s-box generation algorithm is 0.248923 milliseconds which is much better than [60], [61], the average execution time of the proposed inverse s-box generation algorithm is 0.116345 milliseconds which is much better than [60], [61]. The execution time changes according to the fingerprint and its feature. The average execution time of the s-box generation algorithm for the bifurcation fingerprint feature is 0.200769 milliseconds, the average execution time of the inverse s-box generation algorithm for the bifurcation fingerprint feature is 0.114827 milliseconds. The average execution time of the s-box generation algorithm for the ridge ending fingerprint feature is 0.260732 milliseconds, the average execution time of the inverse s-box generation algorithm for the ridge ending fingerprint feature is 0.117938 milliseconds. The average execution time of the s-box generation algorithm for the bifurcation-ridge ending fingerprint feature is 0.285266 milliseconds, the average execution time of the inverse s-box generation algorithm for the bifurcation-ridge ending fingerprint feature is 0.116271 milliseconds.
The execution time of the proposed s-box generation algorithm by using the bifurcation fingerprint feature has the smallest time. The number of bifurcation features for any fingerprint is fewer than the number of the ridge ending features for any fingerprint. Therefore, there are a few milliseconds difference between the execution time of algorithm with bifurcation and the execution time of algorithm with ridge ending. The execution time of the proposed s-box generation algorithm is less than 0.29 milliseconds and this value is acceptable.

V. PERFORMANCE COMPARISON
The performance comparison of the existing s-boxes is demonstrated in Table 7. The following points are important when we compare the performance of fingerprint s-boxes given in Table 4 and the average value of the fingerprint feature given in Table 8 with existing s-boxes: • The ideal nonlinearity percentage is 93%, the average nonlinearity percentage is 81%, the maximum nonlinearity percentage is 93%, and the minimum nonlinearity percentage is 73% for the existing s-boxes. The average nonlinearity percentage of all fingerprint s-boxes, bifurcation s-boxes, and ridge ending s-boxes is in the range of the nonlinearity percentage of the existing s-boxes. However, the average nonlinearity percentage of the bifurcation-ridge ending s-boxes is not in the range of the nonlinearity percentage of the existing s-boxes.
• The DP of the existing s-boxes is in the [0.0156,0.0469] range. Most of the s-boxes have a probability less than 0.0547. The DP of bifurcation and ridge ending s-boxes is in the range of the existing s-boxes. The ridge ending s-boxes are more robust and the average DP for ridge ending s-boxes is 0.0469 such as [65], [72], [73], [76]-1, [76]-2.
• The existing s-boxes have differential uniformity between 4 and 12. The average DU of the fingerprint s-boxes is 15. If we prefer the ridge ending feature to generate a fingerprint s-box, the average DU is 12 like [65], [72], [73], [76]-1, [76]-2. The ridge ending s-boxes are more robust against the differential attack than the bifurcation and bifurcation-ridge ending s-boxes.
• The average LAT value is 31 and the range of the LAT is [16,40] for the existing s-boxes. The average LAT value for all bifurcation s-boxes is 40 and the average LAT value for all ridge ending s-boxes is 38.
• The ideal BIC-SAC is 0.5 and the BIC-SAC value of all fingerprint s-boxes has an ideal value nearly. The average BIC-SAC value for all fingerprint s-boxes is 0.4987. The average BIC-SAC value for ridge ending s-boxes is 0.5005.
We find following points when we compare the average performance of each fingerprint features is given in Table 8 with the lower and upper bound of the existing s-boxes is given in Table 7 [61] are given in Table 9. The comparison comments are as follows: • The DNA-based s-boxes and the RNA-based s-boxes do not reach the ideal SAC value. The average SAC value of the fingerprint s-boxes is much better than the average SAC of the DNA and RNA s-boxes.   The best fingerprint s-box is given in Table 10 with its analysis results. The analysis results showed that the fingerprint s-box is much better than the existing biometric s-boxes.

VI. CONCLUSION
In this article, a new, simple, and effective fingerprint s-box generation algorithm is introduced by using different fingerprint patterns. The feasibility of the proposed algorithm is evaluated, and the fingerprint s-boxes are compared with not only some existing chaotic s-boxes but also biometric s-boxes according to security metrics of a good s-box. As evaluation security metrics, Nonlinearity, Nonlinearity Percentage, Strict Avalanche Criteria, Differential Uniformity, Differential Probability, LAT, Linear Probability, Bit Independence Criterion-SAC, Bit Independence Criterion-NL, Bijective, Randomness, Confidence Interval, Time Consumption are utilized. The obtained performance parameters show that; (1) the fingerprint s-boxes get the different result according to fingerprint pattern, (2) the fingerprint s-boxes with the ridge ending feature has the best security metrics results, (3) the fingerprint s-boxes have satisfactory results according to the result of the existing chaotic s-boxes, (4) the fingerprint s-boxes have a higher security performance than both the DNA and the RNA s-boxes, (5) the execution time of the proposed fingerprint s-box generation algorithm is better than both the DNA and the RNA s-box generation algorithms, (6) the execution time of the proposed fingerprint inverse s-box generation algorithm is better than both the DNA and the RNA inverse s-box generation algorithms (7) the LP and DP results of the fingerprint s-boxes have a higher score than the DNA s-boxes showing that the proposed fingerprint s-boxes has apparent advantages to restrain the differential and linear cryptanalysis attacks. Taking into consideration the success of the proposed fingerprint s-box generation algorithm based on utilizing biometric data, to ensure uniqueness and randomness the algorithm confirms its suitability for using as a good s-box in cipher algorithm.
We have more scenarios for the inverse s-box: (1) it can be generated by sender and send it over communication channel to the receiver, (2) the fingerprint image is sent over communication channel to the receiver and the receiver generates an inverse s-box, (3) the fingerprint image can be stored in application to generate an inverse s-box, (4) an s-box can be stored in the application to generate an inverse s-box. We will test the s-boxes on cipher algorithms to decide which scenario is suitable for inverse s-box as a future work. APPENDIX See Algorithm 1.