Network Encryptor

Centurion Carrier Ethernet, MPLS, IP Encryptor

Detailed fact sheet about the Centurion encryptor (pdf)
Application example for Centurion (VPN)


Secure broadband multi-site communications

Using our Centurion Encryptors, you can easily and cost-effectively secure broadband multi-site communications. The native support of Ethernet and IP makes the devices ideal for all layer-2 and layer-3 carrier Ethernet, MPLS and IP networks in any configuration: link, point-to-point, point-to-multipoint or mesh. Plug and play: No network reconfiguration required, no performance penalty. The mature and proven key management supports both paired keys as well as bi-directional group keys and handles even the most complex network topologies with ease.

Encryption, key exchange, and signature are using the strongest commercially available algorithms with a minimum key strength of 256 bits. The random number generation for the encryption key uses quantum effects. The partial keys of the asymmetric Diffie-Hellman key exchange are signed and encrypted with a 256 bit AES key, resulting in a quantum safe key exchange. On top, the entire control plane is encrypted using authenticated symmetrical AES-GCM encryption at the native network layer. All processes, including key storage, take place in tamper-proof boxes, limiting any attack vectors.

For highest security requirements

Our Centurion Encryptors combine a secure device with a secure data plane, a secure control plane, and a secure management plane. They provide a protection level of "High Assurance" and are the best choice for the protection of government and enterprise multi-site networks with high security requirements. For the most stringent security requirements, the Centurion Encryptors also provide the option of traffic flow security, a mechanism that completely obfuscates network traffic. Our Centurion Encryptors can secure your networks in a way that leaves any attacker frustrated. Uncompromising security. "Deploy and forget" instead of "patch and pray" also reduces operating costs and increases availability.

Centurion link encryptor in point to point configuration
Example of Centurion link encryptor in point-to-point (P2P) configuration, for example to connect two datacenters

 

The Centurion Encryptors include extensive multi-tenancy support and are also a perfect fit for managed security services. They integrate seamlessly with existing Network Operation Center (NOC), and Security Operation Center (SOC). Our solutions are particularly suitable when high availability with low latency is required and where communications between servers, PBXs, terminal systems, databases and audio / video systems must be protected.

Security for your entire multi-site network

The Securosys Centurion Encryptor appliance is autonomous and operates independently, securing everything from a simple point-to-point link to a large WAN network. It is transparent to all higher layer network protocols. As a bump-in-the-wire appliance it does not require changes to the network infrastructure or the configuration of other network devices. It allows organizations to implement a security solution quickly with minimal network disruption while preserving current investments.

Key Features:

  • Supported networks:
    • Carrier ethernet
    • MPLS
    • IP (IPv4 und IPv6)
  • Supported topologies:
    • Link and point-to-point
    • point-to-multipoint
    • multipoint and mesh
  • Assurance Level: High
  • Your investment is protected:
    • Use of FPGA instead of ASIC
    • Secure, tamper proof appliance
  • Triple network security:
    • Secure data plane
    • Secure control plane
    • Secure management plane
  • Authenticated encryption: AES-GCM 256 with additional authenticated data
  • Secure hash-algorithm: SHA-512
  • Short key renewal intervals (Frequent change of keys reduces amount of data available for crypto analytics):
    • For data every minute
    • For key encryption (rollover) every ten minutes.
  • Quantum computer safe key exchange: Diffie-Hellmann partial keys are signed/encrypted with a symmetrical AES 256 bit key and control plane is additionally secured using the same protection level as for the data plane.
  • Perfect forward secrecy due to asymmetric Elliptic Curve Diffie-Hellman with 521 bit encryption technology (AES256-GCM, 512Bit ECC)
  • Simple setup, configuration, and operation
  • Hardware true random number generation (TRNG) using two different stochastic physical quantum effects.
  • Optional trafficflow security
  • Interoperable with other Securosys products
  • No modification of existing network infrastructure
  • No change to existing redundancy setup
  • Autonomous operations

Please find here a detailed fact sheet about the Centurion encryptor (pdf).
Application example for Centurion (VPN)


Securosys-not-found-help

Not found what you were looking for?

Customers were also interested in our HSM Overview or VPN Solutions -  go to Main Menu