Security Intelligence for the Blockchain
Sentinel Protocol provides a solution to one of the most infamous problems in the crypto-space to this day, its “dark-side”:
- Security has always been a major concern for all industries and blockchain is no exception.
- Blockchain technology is revolutionary on a worldly scale however, it’s surrounded by many dangers.
- This is one of the obstacles as to why greater adoption has not occurred and that is why Sentinel Protocol is essential for the crypto space.
Being responsible for your own cryptoassets in the crypto-space is both a truly fulfilling, yet risky endeavour. There are a multitude of threats such as scammers, phishers, and hackers that can jeopardize your stash of cryptocurrencies.
Imagine walking through a deep, eerie jungle where you feel as if you’re being stalked… This is akin to what it feels like as cybercriminals are constantly snooping around in the cryptoworld looking for their next victim.
This is especially true for newer crypto users. Extra precautions must be put in place so that new users to the ecosystem aren’t taken advantage of or lose their shirts causing them to leave the crypto space with a sour taste.
Such a negative outlook could easily harm the adoption of blockchain technology and limit its usefulness to mankind.
Sentinel Protocol is the fair solution to this dilemma.
- It uses blockchain technology and applies intelligence-based threat algorithms to analyse potential harms for crypto users.
- This is combined with cryptographic functions to help solve the problems of security in the crypto-space by utilizing a decentralized collective intelligence system built by cybersecurity experts.
Sentinel Protocol aims to create a secure, innovative blockchain ecosystem so that everyone may benefit. (…apart from hackers and scammers of course!)
In Summary: A protocol that crypto-lovers may use to protect their cryptoassets.
In order to experience this level of trust and confidence a high security protocol is essential and that’s what Sentinel Protocol is here to build.
The Problem
The Crypto World needs a hero.
- Crypto users are limited in options to protect themselves from hackers, phishers, ransomware attacks and scammers
- Regulations vary by country, region and state making it difficult to protect individuals on a global level
- Individuals do not have the budgets that corporations have to protect themselves and may not have the expertise to choose a service that will actually protect them
- In addition, even when a crypto organization or exchange has the knowledge, of their security procedures, there may be vulnerabilities making them susceptible to being hacked.
Recent large scale examples include the hacks where Coincheck lost 523 million NEM coins which while they cannot be spent by the perpetrators, the victims have not been completely made whole. Even well known Internet personalities are not completely safe. Most recently, Ian Balina, famous crypto entertainer and investor lost about 2 million dollars of his personal wealth.
Since 2011 at least 36 cryptocurrency exchanges have been hacked resulting in the loss of over 980,000 bitcoins, at today’s rate this equates to over $8 billion USD.
Lack of Laws, Rules, Regulations, and Oversight
As crypto laws, rules, and regulations differ between each country, region, and state, this makes protecting individuals and organizations who transact in the cryptosphere an extremely difficult and convoluted task.
Due to the lack of regulation and the inherent nature of blockchains it is practically impossible for victims to have any stolen tokens returned to them.
Everyone is left to fend for themselves as the autonomous nature of blockchain ensures the onus of responsibility and security rests on the shoulders of each individual that holds crypto.
What makes it worse is that there are countless ways for a crypto hodler to get hacked or scammed. This issue runs rampant throughout the cryptospace as there are no laws, rules, regulations, or even a governing body overwatching the space.
Countless hacks, scams, and frauds have permeated the ICO space.
The problem here isn’t blockchain and crypto that’s underpinning everything, it’s a variable of other factors.
- Where the real problem lies is in the systems and applications surrounding the blockchain & crypto ecosystem that leaves users and organizations vulnerable to attacks. This includes attack vectors such as poorly secured websites, apps, and lack of mere safety precautions.
And of course we can’t forget the common denominator here and that is us — humans!
- Human error, stupidity, ignorance and greed likely causes the far majority of successful hacks, scams, and frauds to date.
The Non-Cooperative Nature of the Cybersecurity Industry
“It is truly maddening to see examples of bad guys sharing data, tricks, methods and good guys having no effective way of doing it.” — Anton Cuvahkin, VP at Gartner
As it stands today in the cybersecurity industry, service providers are actually disincentivized from sharing trade secrets and knowledge with one another because this is exactly what provides them an edge over competitors in the market.
Cybersecurity companies such as McAfee and Kaspersky would rather see each other fail and allow customers to fall prey to malware and computer viruses so that these customers would then choose to jump ship and use other antivirus programs and services.
Unfortunately the end user and customer are the ones who bear the cost of this discrepant inefficiency in the cybersecurity industry, thankfully with the invention of blockchain technology there’s now a better alternative.
The Solution
Prevention is better than cure and crypto is certainly no exception, especially when it comes to fraudulent hacks and scams.
[Technology Architecture: Security Intelligence Platform for Blockchain]
This is why Sentinel Protocol proposes a solution to the problems above with a “Security Intelligence Platform Blockchain” that provides a:
- S-Wallet which provides advanced security features such as Machine Learning and Distributed Malware Sandboxing
- Threat Reputation Database (TRDB)
- Sentinel Portal which is a collective intelligence framework to encourage collaboration
- A group of trusted cybersecurity experts named “The Sentinels”
The combination of these products and services aims to make the crypto ecosystem safer by lessening the frequency and damage from hacks, scams, and frauds conducted in crypto.
1. Creating legal evidence for stolen cryptocurrency
Sentinel Protocol’s “Threat Reputation Database” (TRDB) stores details including reports of all committed hacks, wallet addresses belonging to hackers, names of phishing websites and more.
By integrating KYC into the database, the TRDB should be able to identify the real-world identities of its users, and this will allow users who are hacked to file reports that are then validated by security experts so these users have evidential proof regarding each incident.
Consequently, returning stolen currencies to their original users becomes a much more practical outcome.
Because of blockchains immutable and traceable nature, the database can track where hacked funds are sent to and blacklist those addresses as they are likely controlled by the hacker.
[Wallets involved in criminal activities would be marked]
When cryptocurrency exchanges integrate with the database via APIs, they will be alerted whenever any blacklisted addresses deposit funds into their exchanges allowing them to seize the funds and return them back to the victim.
2. Providing Oversight Throughout the Cryptosphere
In Sentinel Protocol, there are a group of trusted cyber security experts and institutions who make up a group called “The Sentinels” (Sentinels), these Sentinels:
- Validate reports of hacks and also keep track of the hacker’s wallet addresses
- Analyze the root causes of threats and attacks to update information in the database
- Ensure the database accurately reflects the most up to date security research and analysis
You can consider Sentinels much like a “neighbourhood watch” group.
Additionally, there is an S-Wallet which is essentially a wallet with an antivirus attached to it that is driven by Artificial Intelligence (AI) and a machine learning (ML) engine. This wallet will help users avoid sending transactions to blacklisted wallets and addresses thus preventing them from losing their crypto.
3. Harvesting the Collective Intelligence of the Crypto Community
Unlike the current cybersecurity industry, it’s possible with blockchain technology to incentivize cooperation and collaboration between security experts and get them to work together.
This is done through an incentive mechanism of Sentinel Protocol called “Sentinel Points” that encourage experts to participate and pitch in together for the greater good of all involved.
With a larger database and subset of information on potential threats, hacks, and scams it is possible to prevent further damage or occurrences.
Through collective intelligence and the wisdom of the crypto crowd, Sentinel Protocol is able to effectively collect hacker’s wallet addresses, malicious URLs, phishing addresses, malware hashes and more.
When the Security Intelligence Platform Blockchain is integrated by crypto exchanges, payment systems, and wallets.
This will greatly disincentivize and minimize the harm hackers may cause by making it difficult for hackers to exchange stolen crypto for money as the stolen cryptocurrencies will be tracked, traced, and hopefully recovered if it falls into the hands of a benevolent user that is connected to the database.
Main Features
The Sentinel Portal is a knowledge base that is run by security professionals. Just by joining the Sentinel Protocol community the user can greatly benefit from their collective knowledge. Sentinel Protocol will be one of the first dApps built on ICON using it’s Delegated Proof of Stake (DPoS) engine.
The S-wallet is a AI-driven wallet that analyzes threats including zero-day threats to protect the user from scam URLs, ‘bad actor’ wallet addresses and other bad behavior
It is like having your own personal Fraud Detection System on the ledger that watches out for you like a virtual guard dog.
Distributed Malware Sandboxing (D-Sandbox) is a technique used to run untested or unverified applications in an isolated environment away from the primary application or machines
The D-Sandbox system works off a ticket based system that allows the experts to analyze through their collective knowledge. There are 2 advantages to this approach:
- Reduced investment so it is significantly more cost effective
- More economical as it utilizes the combined computing power of the machines in the Sentinel Portal.
A Simplified Network and Sentinel Protocol Ecosystem
A sample of the Security Process flow is below detailing the system from from a User through the system as its analyzed and cataloged.
The Threat Reputation Database (TRDB) aims to solve two different problems:
- The problem of centralization of cybersecurity data in one physical location:
- If data is stored in one location this makes it vulnerable to a targeted attack.
- Sybil attack: an attack where one user pretends to be multiple users by making fake identities to subvert a reputation system will occur in just a matter of time.
- The decentralized nature of blockchain mitigates this effect, because its immutability makes it more difficult to falsificate data.
- The lack of shared knowledge among security vendors.
- Collecting risk information is a key point to prevent attacks but security vendors has no motivation to share their information because there is no incentive.
- TRDB uses incentive scheme to encourage security experts and vendors to contribute to building the threat database under the consensus mechanism and feedback from participants, or Delegated Proof of Stake (DPOS).
Threat Reputation Database (TRDB)
Main Functions of the Threat Reputation Database (TRDB)
- No point of attack
- Data Integrity
- Transaction Traceability
- Available at API at No Cost
- Platform Agnostic
- Anti-theft System
ROADMAP
Phase 1: Sentinel Protocol of the Cryptocurrency World
- 18 JAN
- HQ R&D Center open in Singapore APAC.
- HQ R&D Center security researchers integrate cybercrime, scam information existing in history, indexing into blockchain scheme Threat Reputation Database (TRDB).
- Regional R&D Center developing Interactive Cooperation framework (ICF) interface.
- 18 FEB
- SIPB Prototype beta test.
- 18 MAR
- SIPB Testnet launch with tokens issuance.
Phase 2: Proof of Protection
- 18 JUN
- Public SIPB best release: The Sentinel Protocols Serviced by Sentinel Protocol Collective Portal.
- 18 JUL
- Mainnet launch (the manual report of TRDB featured enable into mainnet.
Phase 3: Self Purification
- 18 NOV
- Machine learning engine beta test.
- 18 DEC
- Machine learning engine feature release (auto report applied) beta
- Distributed sandbox (D-sandbox) release.
Phase 4: Self Evolution
- 2019
- Machine learning based Fraud Detection System (FDS) release into the mainnet
Phase 1 for Sentinel Protocol is focused on user adoption and equipping cryptocurrency wallet providers imToken and CoinManager with Sentinel Protocol’s system.
Phase 2 is focused on the regional adoption of Sentinel Protocol in the regions of South Korea, Japan, and Southeast Asia.
Phase 3 will then see Sentinel Protocol expand out and aim to target the non crypto market.
Token Economics
Sentinel Protocol’s native cryptocurrency is the Uppsala token.
(Fun fact: Uppsala is the name of an old Viking capital in Sweden where the co-founders of Sentinel Protocol first came up with the idea for the project.)
- Uppsala Token Symbol: UPP
- UPP is a utility token used to pay for goods and services provided by Sentinel Protocol
30% of all UPP revenue along with UPP generated by the inflationary schedule will be reserved as rewards for community contributors. UPP follows an initial inflationary schedule of 3–7%.
Contributors are incentivized to participate early in the ecosystem as early contributions receive a greater share of UPP rewards.
Token Incentive System
Sentinel Protocol also has Sentinel Points (SP) for staking the value of the reputation of a Sentinel. These SPs are obtained by acting as members of The Sentinels and partaking in Proof of Protection (PoP) activities such as:
- Reporting a hacker’s wallet addresses or IP
- Validating reports and claims of hacks
- Logging phishing websites
- Resolving incident cases
It’s also possible for individuals to earn SPs by reporting hacking incidents and upvoting helpful Sentinels. These Sentinel Points can be converted into UPP as a reward for user contributions.
Crowdsale Details
- UPP will be an ERC20 token until it is ported over to ICON’s Mainnet
- Price: 1 ETH = 5,000 UPP (With 15% Presale Bonus: 1 ETH = 5,750 UPP)
- Hardcap: 22m USD
- Bonus: 30% Private, 15% Public Presale
- Unsold tokens are burned
- Private investors have a lock-up period of 6 months [Not sure if this relates to bonus only or all tokens]
- Presale Lockup: Bonus tokens released 180 days after distribution date
Token Breakdown
- Total token supply: 500 million UPP
- $11.67m USD raised privately
- $10.33m USD remaining
- 3.8% (~$393k USD) towards selected Pre-Sentinels at no cost
- 66.5% (~$6.87m USD) towards Public Presale 50% of which ~$3.43m USD will be allocated to Strategic Contributors
- 29.7% (~$3.07m USD) towards Main Token Sale
Potential Considerations
Competition: Sentinel Protocol is the first of its kind for cryptosecurity. It therefore has first mover’s advantage and the only comparable project to it is Quantstamp, which is is focused on smart contract auditing so they are not direct competitors.
Hackers: It is possible hackers may be able to circumvent Sentinel Protocol’s system through several avenues:
- Over-the-counter transactions for stolen cryptoassets could allow hackers to off-ramp into fiat.
- Untraceable privacy coins could allow hackers to cut off any connection to the stolen cryptoassets
- Hackers could send stolen cryptoassets to wallets they do not own by making transactions to random wallet addresses as well as to their own wallet in order to confuse Sentinels
Network effects: Sentinel Protocol is extremely reliant on partnerships with various exchanges and wallets as well as in the adoption of their S-Wallet by crypto users.
Without the adoption of their security protocol by exchanges, wallets, and payment systems across the crypto ecosystem, perpetrators could use non-integrated platforms to cash out any stolen cryptocurrencies.
Github code: As Sentinel Protocol is being built on ICON, the team is unable to reveal their code as ICON’s code is not yet available for public viewing. Once ICON’s code is available, the code, API, and SDK for Sentinel Protocol will also be made public.
Blockchain developers: The team does not seem to have any blockchain or smart contract development experience however they have several advisors with strong backgrounds and connections within the blockchain space.
Team
Patrick Kim — Founder and CEO
- 10+ years experience in IT Security Industry as Cyber Technology Specialist for Darktrace (machine learning for cybersecurity), Systems Engineer for Fortinet and Professional Services Consultant for F5 Networks and Cisco.
- Patrick Kim fell victim to a “security issue“ in Ethereum’s Mist wallet which resulted in the loss of 7,218 ETH in 2016 leading him to create Sentinel Protocol
Hae Min (HM) Park — Co-Founder and Head of Operations
- 10 years experience in IT security as Account Manager for Darktrace, F5 Networks and Penta Security Systems, Global Account Manager for Penta Security Systems Inc and a Back-end Systems Programmer at Webcash Inc.
- Accomplishments:
- April 2006 Hae won an award “Best Sales Award” during his time with F5 networks
- Patents:
- May 2017, 2012 US 20120124661 A1 — A Method for Detecting Web Application Attacks
- Dec1, 2011 KR 1020110127909 — A method of Inter-operation of Web Application Firewall and Source Code Vulnerability Analysis Tool
John Kirch — Chief Evangelist
- 25 years experience in tech industry with building and leading teams for cyber security and business intelligence
- Previously Regional Director, Country Manager for Darktrace, Director in Japan region for Nominum (Global Leader in DNS-based security and services) and Vice President of Penta Security Systems (web and data security company).
- He is also Fluent in Japanese.
Dayeol Lee — Core Developer
- Dayeol has a Computer Science PHD and 3 years experience in the IT field.
- Previously a Software/Systems Engineer at Penta Security Systems and a Network Security Researcher/Software Engineer at WINS Co. Ltd.
Michael Zhou — Head of Threat Intelligence
- 6 years experience in IT Security Industry in various roles, most recently Support Delivery Manager, Threat, End Point, Cloud & Virtualization at Palo Alto Networks and a Network Engineer at Evonik
Narong Chong — Head of Security Operations
- IT all rounder he has worked in depth in various areas, such as networking, security, hardware, software teams.
- 13 years of experience in the IT industry in various roles with Palo Alto Networks and F5 Network.
Guo Feng — Core Developer
- 11 years IT (SAP) project implementation experience.
- 3+ year of experience in BI and big data analytics in Financial Market domain
- Recent Leadership roles as Vice President at DBS Bank and Assistant Vice President at SGX (Singapore Stock Exchange).
Minwoo Ku — Head of Product
- 8+ years of Sales experience.
- Previous roles Channel Sales Manager at Westcon-Comstor Asia and Director of Solution Sales at Dimension Data
Karly Choi — Head of Marketing
- 3+ years of Marketing Experience.
- Previously Marketing Manager and Director for tech companies in Korea and the US
Advisors
Simon Seojoon Kim — CEO & Partner at Hashed
- Serial entrepreneur and previous Chief Product Officer at Knowre turned blockchain evangelist and advisor
- Organizer of Hashed Lounge, a premier Blockchain Seoul meetup community and advisor to ICON Foundation, traceto, and MediBloc
Jonghyup (JH) Kim — Foundation Council Member at ICON Foundation
- CEO of theloop, a leading provider for private blockchain solutions
- Worked in field of information security for nearly 20 years with experience in PKI, authentication and embedding security products in enterprise environments
Partners
- ICON — Decentralized Blockchain Network
- Kyber Network — Decentralized Exchange for Cryptocurrencies (Sentinel Protocol won Kyber Network’s Developer Competition in January 2018)
- Bluzelle — Decentralized Database Service for dApps
- Traceto — Decentralized Know-Your-Customer (KYC) Blockchain Solution
- imToken & CoinManager — 2 of the largest crypto wallet providers in China and Korea with a combined total of 1.3 million crypto wallets