The Remote Procedure Call protocol (RPC), specified by Sun Microsystems, is a protocol running on top of a transport layer protocol such as TCP or UDP. To the application programmer, RPC hides the details of network communications by making it possible to transparently call functions that are executed on a remote machine [Sun88]. A well-known application that uses RPC is the Network File System (NFS), also specified by Sun [CPS95].
In the basic configuration, RPC requests in a Unix environment contain credentials giving the user and group IDs of the caller. However, these values are not authenticated, making RPC vulnerable to impersonation attacks. In the case of NFS, this could mean that an intruder could get unauthorized access to entire file systems.
To amend these shortcomings, Secure RPC implements strong authentication. In secure RPC communications, the client and server must first agree on a symmetric session key. This can be achieved using asymmetric key cryptography where the client has a secret key and where the corresponding public key is known by the server (and known to belong to the client). Once the session key has been established, RPC packets passed between server and client contain a field with the current time, encrypted using the session key. As the session key is known only by the client and the server, this achieves mutual authentication.