<img alt="" src="https://secure.weed6tape.com/193471.png" style="display:none;">
Download Factsheet

Centurion carrier encryptor

Using the Centurion Network Encryptors, (als called layer-2 encryptors and layer-2 over layer-3 encryptors) you can easily and cost-effectively secure broadband communications. It is the securest way to connect two or more sites. Through its native support of Ethernet and IP Centurion is ideal for all layer-2 encryption and layer-3 encryption over carrier Ethernet, MPLS and IP networks in any configuration: link, point-to-point, point-to-multipoint or mesh. No network reconfiguring nor sacrificing performance is required.



Securing networks is the prime domain of the Securosys Centurion Network Encryptor (layer-2 encryptor and layer-2 over layer-3 encryptor). Simple use case range from a point to point setup to connect headquarters to its datacenter and expand to complex multi-site systems connecting hundreds of sites. Using the proven, industry standard 256 bit AES algorithm with symmetrical AES-GCM authentication combined with true random number generators with quantum effects results in the securest solution for any communications system. Centurion Network Encryptors operate at bandwidths from 100Mbit/s to 100Gbit/s.

Best key management and encryption

Encryption, key exchange, and signature are using the strongest commercially available algorithms with key strength of 256 bits. The mature and proven key management supports both paired keys as well as bi-directional group keys and handles even the most complex network topologies with ease. The partial keys of the asymmetric Diffie-Hellman key exchange are signed and encrypted with a 256 bit AES key, resulting in a quantum computer safe key exchange. On top, the entire control plane is encrypted using authenticated symmetrical AES-GCM encryption at the native network layer. All processes, including key storage, take place in tamper-proof boxes, limiting any attack vectors.

For highest security requirements

The Centurion Network Encryptors (layer-2 encryptor and layer-2 over layer-3 encryptor) combine a secure device with a secure data plane, a secure control plane, and a secure management plane. They provide a protection level of "High Assurance" and are the best choice for the protection of government and enterprise multi-site networks with high security requirements. For the most stringent security requirements, the Centurion Network Encryptors also provide the option of traffic flow security, a mechanism that completely obfuscates network traffic. The Centurion Network Encryptors can secure your networks in a way that leaves any attacker frustrated. Uncompromising security. "Deploy and forget" instead of "patch and pray" also reduces operating costs and increases availability.

Multi-tenancy built in

The Centurion Network Encryptors include extensive multi-tenancy support and are also a perfect fit for managed security services. They integrate seamlessly with existing Network Operation Center (NOC), and Security Operation Center (SOC). Centurion is particularly suitable when high availability with low latency is required and where communications between servers, PBXs, terminal systems, databases and audio / video systems must be protected.

Drop in Solution

The Centurion Network Encryptors (layer-2 encryptor and layer-2 over layer-3 encryptor) provide secure encryption without the need to replace the whole network infrastructure. The Centurion appliance is autonomous and operates independently in point-to-point or large WAN networks. It is transparent to all higher layer network protocols. It is drop-in, that means it can be deployed without changing the network infrastructure or changing other network devices. It allows organizations to implement a security solution quickly with minimal network disruption while preserving current investments.


Centurion Network Encryptors Gallery

Business Advantage

Centurion systems provide a stable backbone to any multi-site infrastructure. Thanks to its uncompromising security remote sites can connect to headquarters on the network level. It is designed with the focus on “deploy and forget” rather than a constant “patch and pray”. This reduces operating cost and increases availability – key performance indicatiors in any communications system.

Key Features

Supported networks

  • Carrier ethernet
  • MPLS
  • IP (IPv4 und IPv6)
  • 100Mbit, 1Gbit, 10Gbit, 4x10Gbit, 40Gbit, 100Gbit

Supported topologies

  • Link and point-to-point
  • point-to-multipoint
  • multipoint and mesh

Assurance Level


Your investment is protected

  • Use of FPGA instead of ASIC
  • Secure, tamper proof appliance

Triple network security

  • Secure data plane
  • Secure control plane
  • Secure management plane

Authenticated encryption

  • AES-GCM 256 with additional authenticated data

Short key renewal intervals (Frequent change of keys reduces amount of data available for crypto analytics)

  • For data every minute
  • For key encryption (rollover) every ten minutes.

Quantum computer safe key exchange: Diffie-Hellmann partial keys are signed/encrypted with a symmetrical AES 256 bit key and control plane is additionally secured using the same protection level as for the data plane.

Perfect forward secrecy due to asymmetric Elliptic Curve Diffie-Hellman with 521 bit encryption technology (AES256-GCM, 512Bit ECC)

Simple setup, configuration, and operation

Hardware true random number generation (TRNG) using two different stochastic physical quantum effects.

Optional trafficflow security

Interoperable with other Securosys products

No modification of existing network infrastructure

No change to existing redundancy setup

Didn't find what you were looking for?

Please find here our product overview or solutions overview page.

Contact us

Interested in what security standards are applied in today’s networks? 

Want to know more about network encryption?

Write us a message or request a call now