Method and apparatus for performing cross-authentication based on secret information

What is claimed is: 1 . A method of performing cross-authentication in a vehicle controller interworking with an external device, the method comprising: generating a random number S and transmitting the random number S to the external device in response to an authentication request message received from the external device; generating a variable i using a first function having the random number S as a parameter; generating a first session key Ks using a second function having the variable i and a pre-stored secret key K as parameters; receiving a first response key from the external device; generating a second response key using a third function having the random number S, the variable i and the first session key Ks as parameters; and authenticating the external device based on whether the first response key is equal to the second response key. 2 . The method according to claim 1 , wherein a random number R and the random number S are set as parameters of the first function to generate the variable i when the random number R is included in the authentication request message. 3 . The method according to claim 2 , wherein the variable i is calculated by: i=f 1 ( R,S )= L S ( R )+ S mod 16, where L S (R) is a function for cyclic-shifting the random number R by the number of bits of the random number S. 4 . The method according to claim 1 , wherein the random number S is further used to generate the first session key Ks. 5 . The method according to claim 4 , wherein the first session key Ks is generated by performing a bitwise XOR operation with respect to a first value generated by performing an XOR operation of the secret key K and the random number S and a second value generated by cyclic-shifting the first value by the variable i. 6 . The method according to claim 5 , wherein the first value is generated by repeatedly concatenating the random number S by the number of bits of the secret key K and then performing the bitwise XOR operation. 7 . The method according to claim 1 , wherein a random number R is further used to generate the second response key when the random number R is included in the authentication request message. 8 . The method according to claim 7 , wherein the second response key is calculated by: f 3 ( i,K S ,R,S )= g ( i+m,K S ,R,S )=[ g 3 ( w i+m ( K S ) g 2 ( g 1 ( R⊕S ))))] i+m , where m is a minimum repeat count predetermined based on a security level required for the vehicle controller. 9 . The method according to claim 8 , wherein R⊕S is calculated by: R⊕S=l 7 ∥l 6 ∥l 5 ∥l 4 ∥l 3 ∥l 2 ∥l 1 ∥l 0 , where l j is a value obtained by dividing a result of performing a bitwise XOR operation of the random number R and the random number S by 4 bits. 10 . The method according to claim 9 , wherein g 1 (R⊕S) is calculated by: g 1 ( R⊕S )= h ( l 7 )∥ h ( l 6 )∥ h ( l 5 )∥ h ( l 4 )∥ h ( l 3 )∥ h ( l 2 )∥ h ( l 1 )∥ h ( l 0 ), where h(l j ) is a substitution operation. 11 . The method according to claim 10 , wherein h(l j ) is calculated by: ( l j )={9,4,10,11,13,1,8,5,6,2,0,3,12,14,15,7}. 12 . The method according to claim 10 , wherein g 2 (g 1 (R⊕S) is calculated by a product of a pre-defined 4×4 matrix and 4-bit h(l j ). 13 . The method according to claim 12 , wherein g 2 (g 1 (R⊕S) is calculated by: ( 1 1 2 3 1 2 3 1 2 3 1 1 3 1 1 2 )  ( h  ( l 7 ) h  ( l 6 ) h  ( l 5 ) h  ( l 4 ) h  ( l 3 ) h  ( l 2 )