Network Encryptor

Centurion Carrier Ethernet, MPLS, IP Encryptor

Using our Centurion Encryptors, you can easily and cost-effectively secure broadband multi-site communications. The native support of Ethernet and IP makes the devices ideal for all layer-2 and layer-3 carrier Ethernet, MPLS and IP networks in any configuration: link, point-to-point, point-to-multipoint or mesh. No network reconfiguring nor sacrificing performance is required. The mature and proven key management supports both paired keys as well as bi-directional group keys and handles even the most complex network topologies with ease.

Encryption, key exchange, and signature are using the strongest commercially available algorithms with key strength of 256 bits. The random number generation for the encryption key uses quantum effects. The partial keys of the asymmetric Diffie-Hellman key exchange are signed and encrypted with a 256 bit AES key, resulting in a quantum computer safe key exchange. On top, the entire control plane is encrypted using authenticated symmetrical AES-GCM encryption at the native network layer. All processes, including key storage, take place in tamper-proof boxes, limiting any attack vectors.


Factsheet Centurion network encryptor (pdf)

For highest security requirements

Our Centurion Encryptors combine a secure device with a secure data plane, a secure control plane, and a secure management plane. They provide a protection level of "High Assurance" and are the best choice for the protection of government and enterprise multi-site networks with high security requirements. For the most stringent security requirements, the Centurion Encryptors also provide the option of traffic flow security, a mechanism that completely obfuscates network traffic. Our Centurion Encryptors can secure your networks in a way that leaves any attacker frustrated. Uncompromising security. "Deploy and forget" instead of "patch and pray" also reduces operating costs and increases availability.

Centurion link encryptor in point to point configuration
Example of Centurion link encryptor in point-to-point (P2P) configuration, for example to connect two datacenters


The Centurion Encryptors include extensive multi-tenancy support and are also a perfect fit for managed security services. They integrate seamlessly with existing Network Operation Center (NOC), and Security Operation Center (SOC). Our solutions are particularly suitable when high availability with low latency is required and where communications between servers, PBXs, terminal systems, databases and audio / video systems must be protected.

Secure encryption without replacement of the whole network infrastructure

The Securosys Centurion encryptor appliance is autonomous and operates independently in point-to-point or large WAN networks. It is transparent to all higher layer network protocols. It is drop-in, that means it can be deployed without changing the network infrastructure or changing other network devices. It allows organizations to implement a security solution quickly with minimal network disruption while preserving current investments.

Key Features:

  • Supported networks:
    • Carrier ethernet
    • MPLS
    • IP (IPv4 und IPv6)
  • Supported topologies:
    • Link and point-to-point
    • point-to-multipoint
    • multipoint and mesh
  • Assurance Level: High
  • Your investment is protected:
    • Use of FPGA instead of ASIC
    • Secure, tamper proof appliance
  • Triple network security:
    • Secure data plane
    • Secure control plane
    • Secure management plane
  • Authenticated encryption: AES-GCM 256 with additional authenticated data
  • Short key renewal intervals (Frequent change of keys reduces amount of data available for crypto analytics):
    • For data every minute
    • For key encryption (rollover) every ten minutes.
  • Quantum computer safe key exchange: Diffie-Hellmann partial keys are signed/encrypted with a symmetrical AES 256 bit key and control plane is additionally secured using the same protection level as for the data plane.
  • Perfect forward secrecy due to asymmetric Elliptic Curve Diffie-Hellman with 521 bit encryption technology (AES256-GCM, 512Bit ECC)
  • Simple setup, configuration, and operation
  • Hardware true random number generation (TRNG) using two different stochastic physical quantum effects.
  • Optional trafficflow security
  • Interoperable with other Securosys products
  • No modification of existing network infrastructure
  • No change to existing redundancy setup
  • Autonomous operations

Please find here a detailed factsheet about the Centurion network encryptor (pdf).
Use case: Network encryptor for IT security at FLYNT Bank
Application example: Centurion for VPN


Not found what you were looking for?

Customers were also interested in our HSM Overview or go to the Main Menu