Since the only two ports that are publicly visible on the network are port 22 (SSH) and 8181 (SAKA EncryptionService), all data traversing the network to these two ports are protected from attacks on the wire. SSH encrypts data with a randomly generated session key, while the SAKA uses Transport Layer Security (TLS) 1.2, which also protects data with a randomly generated session key. Both applications use public key cryptography to protect the session keys on the network.
The SAKA SSH key pair is generated during the installation of the Linux operating system, and its keys are protected using operating system controls. The TLS key pair and digital certificate for the SAKA service are generated during the installation of the Java Enterprise Edition (JEE) application server and are protected using operating system controls and a password.
Sites may choose to enhance their security by using the HSM for generating and storing the key pairs for both services. However, this is not a standard part of the SAKA installation and requires additional work to be done by the site's System Administrators to enable this enhanced security.