A company's security policy requires that all connections between sites be encrypted in a manner that does not

require maintenance of permanent tunnels. The sites are connected through a private MPLS-based service that

uses a dynamically changing key and spoke-to-spoke communication. Which type of transport encryption must

be used in this environment?