In this blog post, we’d like to share more details about our product and answer some questions that we frequently receive. We know this is a lot to digest, so John Kirch (Chief Evangelist) and Karly Choi (Head of Marketing) will be going through the list of questions this saturday. If time allows, we’ll also do a live AMA, so mark April 28, 1:00 PM SGT (GMT+8) on your calendar.
Q. What is Uppsala Foundation’s ultimate goal?
Over time, Uppsala Foundation will evolve into a truly decentralized organization. In the beginning, Uppsala Foundation is needed to initiate the platform and review the applications for the role of the “Sentinels”. Through a vigorous vetting process, we will select the best applicants to fulfill that role. However, when the platform becomes self-sustainable and self-governed, the Sentinels will be chosen by the community itself. Uppsala Foundation (UPP) tokens will be circulated to pay for advanced security features like S-Wallet and D-Sandboxing. Uppsala Foundation members will shift focus toward providing the community with new and innovative products beyond S-Wallet and D-Sandboxing.
Q. How is game theory applied in Sentinel Protocol?
While black hat hackers steal financial assets, white hat hackers typically do not get any financial rewards for improving security. White hat hackers only receive dignity or social reputation, if any. Until now. Sentinel Protocol is an ecosystem where white hackers earn both financial rewards and positive reputation for protecting sensitive data from malicious hackers. As financial benefits of protecting data increase, the incentive to behave maliciously will disappear.
Q. Is Sentinel Protocol an open-source project?
Yes, to some extent. Our code, for the most part, will be published to Github to provide transparency and trust. However, due to the sensitive nature of the project, some of our code will not be published for security reasons.
Q. Who are Sentinel Protocol’s competitors?
It’s great to see new projects tackling blockchain cybersecurity and to witness this vital field expanding. Just a year ago, we did not see anything like this. It is hard to tell what competitive advantages a project has over another because almost all projects are still in the early stages with no working products or security features available on the market.
However, in terms of value proposition and grand vision, we are unaware of any companies doing exactly what we are doing. Note how we positioned ourselves as a ‘protocol’. One of our key goals is to become the standard protocol for the blockchain security industry.
Both traditional and crypto cybersecurity companies are not our competitors. We consider them as potential Sentinels and they are welcome to join our ecosystem. We are opening up an opportunity for traditional cybersecurity companies to add blockchain security to their experience. Cryptosecurity companies focused on providing transaction data, data analytics, or Know Your Customer (KYC) validations are also our potential partners. Cybersecurity vendors and individuals are economically incentivized to share data and contribute to the Sentinel Protocol’s ecosystem.
Q. Can stolen cryptocurrencies be returned to their original users with Sentinel Protocol?
Possibly. With the Sentinel Protocol integrated into cryptocurrency exchanges, wallets, and payment services, stolen cryptocurrencies could be returned to their original users without taking legal action. We also provide consulting services to help exchanges implement suitable security policies. Although each exchange may have different policies regarding returning stolen assets to their rightful owners, any stolen assets would be frozen and withheld.
Q. Who can become the Sentinels?
In the early stages of building the reputation system, real world cybersecurity experts will have priority in securing these roles. As the system matures, and as individuals develop greater knowledge of cybersecurity and how to protect themselves, these roles will eventually be offered to members of the community.
Q. Why only seven (7) delegates? Isn’t it too small for a validator set?
The early Sentinels will need to work closely with the Uppsala Foundation team to collect data, set standards, and test the reputation system. Seven is a number we can manage, and it is more than the minimum number of validators required to reach Delegated Proof-of-Stake consensus (DPOS).
Decentralized Threat Reputation Database (TRDB)
Q. How do you collect TRDB data?
Until the Sentinel Portal is released commercially and the community starts reporting hacking incidents, the Sentinels will be collecting data for the TRDB. They will review blockchain hacking incidents from cryptocurrency history and add those cases including those that may not have been analyzed in depth. The Sentinels will not only compile all the identified or unidentified information, but they will also add root cause and attack vector analysis. We will also be partnering with database companies.
Q. How can the TRDB be trusted?
Only the Sentinels will have the authority to update the TRDB. Under the reputation system, the Sentinels are encouraged to add new and accurate threat information to the TRDB. Additionally, our machine learning technology will analyze the data to generate add-on value and benefits.
Q. Where do you keep the data?
The data will be stored on a public blockchain. Just like transaction data is stored on the blockchain, threat information data will also be stored on the blockchain. As the content will be immutable, its data integrity will be very high.
Q. Can the Sentinels change an existing block that had already been confirmed? If so, how?
Yes. Using the DPOS consensus system, the Sentinels can agree to create a new block to overwrite an old one if it contains outdated threat information. While the blockchain data is immutable as long as the consensus has already been made, the Sentinels chosen by the community have the authority to update blocks with new threat information. The Sentinels would only take this action to enhance cybersecurity and to maintain good reputation.
Q. How can Sentinel Protocol catch malicious entities that impersonate influencers on social media asking people to send crypto to a wallet?
Such scam cases have to be reported manually at first. Later, machine learning technology will learn these behaviors and automatically warn users that they are about to engage with potential scams. In the initial phase, the Sentinels will manually validate reported incidents individually and decide whether they are scams.
Q. Can the TRDB be integrated to decentralized exchanges? How?
The TRDB will release APIs for the public. Exchanges will be able to query the TRDB directly. Any application, DAPP, or decentralized exchange could query the TRDB. For instance, decentralized exchanges can seamlessly integrate the TRDB by making API calls to our TRDB in their code. By doing so, they would be using Sentinel Protocol to add an extra layer of security.
Q. How can Sentinel Protocol deal with anonymous coin?
For now only public coins can be traced. However, there are companies that can track anonymous coins. We plan to build partnerships with those companies.
Q. Can Sentinel Protocol be applied to the OTC crypto providers?
Yes. Over-The-Counter (OTC) crypto providers have also shown positive interest in our project. They informed us they are most interested in learning how the Sentinel Protocol ecosystem works and how to use the TRDB to maintain their own security.
Q. How can the Sentinels know whether the reported case is real or fake?
All attacks or hacking incidents have identifiable patterns. Similarly, false reporting will also have patterns that The Sentinels can identify. The Sentinels will analyze these patterns to determine whether they are real or fake. For example, an user might submit fake hacking reports, or sabotage the security of another user’s wallet by sending a small amount of cryptocurrencies. To submit a hacking report to the Sentinel Portal, one needs to include detailed information based on six principles. The hacked amount of the reported case is also one factor. A price threshold high enough will make it economically inefficient for bad actors for sabotage.
Q. How do you prevent the Sentinels’ bad behavior and users’ false reporting?
Uppsala Foundation will conduct KYC for the Sentinels and for registered users. If the Sentinels behave maliciously at any time, they permanently lose the authority to participate as well as the the chance to earn both system reputation and any financial gain. Users are also penalized for false reporting. Since your reputation within Sentinel Protocol is critically important, we believe people will strive to maintain trustworthy reputations.
Q. How do you prioritize each case?
During the beta testing period, we will do data sampling and categorize cases. This will help us create sound policies and to discover exceptional cases. While opening a case will always be free, additional UPP payment for expediting case resolution could also be an option.
Q. What is the function of an S-Wallet? Who can have S-Wallets?
An S-Wallet by itself is a free wallet that stores, sends, and/or receives UPP tokens. Any Sentinel Protocol user can install S-Wallet software on a PC or mobile device. S-Wallets will have features that enable Machine Learning and Distributed Malware Sandboxing. To use these features, an user would be expected to remit UPP tokens on a subscription basis. S-Wallets can become the nodes for distributed malware sandboxing.
Q. Is an S-Wallet a new independent wallet or will it be integrated to other crypto wallet services?
It is an independent wallet. Other crypto wallet services are integrating the TRDB’s APIs, not the S-Wallet itself.
Q. Is an S-Wallet a protocol? Is it a hot wallet or cold wallet?
An S-Wallet is not a protocol, it is client software for UPP token transactions. Since the wallet would connect to the Internet, it is a secure hot wallet.
Q. What sort of wallets are protected by Sentinel Protocol?
The TRDB can be integrated to any crypto wallet. Even hardware wallets can query the TRDB when they’re online. To leverage Sentinel Protocol as a protection layer and security service, client wallets will connect to our TRDB.
Q. TRDB integration is free, but why do you charge for Machine Learning?
To accumulate the most comprehensive threat database, the TRDB will be offered for free. Individuals and organizations can contribute to it using collective intelligence under an incentivized scheme.
The key reason for offering a Machine Learning module on top of the TRDB is for us to provide more proactive solution as opposed to being reactive to ever-evolving cyber threats. Even if there are no reported cases, Machine Learning has the ability to predict when and how cyber-attacks are likely to occur, and to spot fraudulent activities or scams. It can also prevent potential attacks by analyzing suspicious behavioral patterns. The S-Wallet with Machine Learning is similar to using antivirus software, only much smarter as it will not rely on signatures or regular updates.
Q. What is the accuracy rate of the Machine Learning technology?
The key reason we are adopting unsupervised Machine Learning is to identify new attack vectors. By nature, unsupervised Machine Learning, however, do not have high accuracy at first. It needs dedicated experts who will ensure the quality of input data to effectively train the algorithm. These experts also need to analyze the results and model the training data to continually improve the algorithm. The collective intelligence of Uppsala Foundation and the Sentinels will carefully select and polish the input data, and correct the output results to boost accuracy of the algorithms. Repeating this process would, over time, improve their accuracy and ultimately lead to defining a smart algorithm.
Distributed Malware Sandboxing
Q. What is the advantage of D-Sandboxing?
The purpose of D-Sandboxing is to test suspicious files or links in a separate environment, preventing user’s devices from getting infected. It is recommended to sandbox before installing any suspicious, unidentified files, or before opening a link in an email.
Sandboxing traditionally requires high capacity hardware to run virtual machines, thus limiting its scalability. Despite the high costs of sandboxing, it is usually slow and unstable. D-Sandboxing, on the other hand, runs the virtual machine on decentralized nodes on the blockchain, making it infinitely scalable and cost-efficient.
Q. Who can participate as the sandboxing nodes? What are rewards?
Those who pay UPP tokens to use the D-Sandboxing feature can become nodes. Since they are lending their computing resources, they will earn Sentinel Points in return. S-Wallet installation is a prerequisite to run D-Sandbox.
Q. Can D-Sandboxing run on mobile device?
No, it cannot. While S-Wallets can be installed on mobile devices, D-sandboxing cannot run on mobile devices, simply because the computing power on mobile devices is not enough.
Q. What is the conversion rate of an UPP token to a Sentinel Point or vice versa?
Although Sentinel Points can be converted to UPP tokens, UPP tokens cannot be used to purchase Sentinel Points. Sentinel Points can only be obtained by acting as a Sentinel or by contributing to cybersecurity knowledge of our community. The conversion rate will be decided at a later date.
Q. How can you manage or mitigate the situation where the UPP token price escalates due to speculation?
UPP tokens should be readily available for crypto users who plan to use our security services. If the UPP token price surges too much, Uppsala Foundation may decide to modify the number of tokens required to use our security services.
Q. Can non-Sentinels earn Sentinel Points?
Users opening a new case, or up-voting a existing case, will not earn Sentinel Points. However, users leaving useful comments or publishing articles that get up-voted can earn Sentinel Points. Contributions to the cybersecurity knowledge base and our community can also be rewarded with Sentinel Points.
Q. What are the implications of having a high number of Sentinel Points?
Sentinel Points can be converted to UPP tokens as direct benefit. An indirect benefit will be an enhanced reputation within the ecosystem. In other words, more trust and recognition will be given to those with higher Sentinel Points.