Method and apparatus for performing cross-authentication based on secret information

What is claimed is: 1. A method of performing cross-authentication in a vehicle controller interworking with an external device via a wired or wireless connection, the method comprising: generating, by a random number generator of the vehicle controller, a random number S and transmitting the random number S to the external device in response to an authentication request message received from the external device; generating, by a repeat count generator of the vehicle controller, a variable i using a first function having the random number S as a parameter, wherein a random number R and the random number S are set as parameters of the first function to generate the variable i when the random number R is included in the authentication request message, and the variable i is calculated using a function for cyclic-shifting the random number R by a specified number of bits of the random number S; generating, by a session key generator of the vehicle controller, a first session key Ks using a second function having the variable i and a pre-stored secret key K as parameters; receiving, at the vehicle controller, a first response key from the external device; generating, by a response key generator of the vehicle controller, a second response key using a third function having the random number S, the variable i and the first session key Ks as parameters; authenticating, by an authenticator of the vehicle controller, the external device based on whether the first response key is equal to the second response key; and granting, by the vehicle controller, the external device access to the vehicle controller when the external device is authenticated. 2. The method according to claim 1 , wherein the variable i is calculated by: i=f 1 ( R, S )= L S ( R )+ S mod 16, where L S (R) is the function for cyclic-shifting the random number R by the specified number of bits of the random number S. 3. The method according to claim 1 , wherein the random number S is further used to generate the first session key Ks. 4. The method according to claim 3 , wherein the first session key Ks is generated by performing a bitwise XOR operation with respect to a first value generated by performing an XOR operation of the secret key K and the random number S and a second value generated by cyclic-shifting the first value by the variable i. 5. The method according to claim 4 , wherein the first value is generated by repeatedly concatenating the random number S by a specified number of bits of the secret key K and then performing the bitwise XOR operation. 6. The method according to claim 1 , wherein the random number R is further used to generate the second response key when the random number R is included in the authentication request message. 7. The method according to claim 6 , wherein the second response key is calculated by: f 3 ( i, K S , R, S )= g ( i+m, K S , R, S )=[g 3 ( w i+m ( K S ), g 2 ( g 1 ( R⊕S ))))] i+m , where m is a minimum repeat count predetermined based on a security level required for the vehicle controller. 8. The method according to claim 7 , wherein R⊕S is calculated by: R⊕S=l 7 ∥l 6 ∥l 5 ∥l 4 ∥l 3 ∥l 2 ∥l 1 ∥l 0 , where l j is a value obtained by dividing a result of performing a bitwise XOR operation of the random number R and the random number S by 4 bits. 9. The method according to claim 8 , wherein g 1 (R⊕S) is calculated by: g 1 ( R⊕S )= h ( l 7 )∥ h ( l 6 )∥ h ( 5 )∥ h ( l 4 )∥ h ( l 3 )∥ h ( l 2 )∥ h ( l 1 )∥ h ( l 0 ), where h(l j ) is a substitution operation. 10. The method according to claim 9 , wherein h(l j ) is calculated by: (l j )={9, 4, 10, 11, 13, 1, 8, 5, 6, 2, 0, 3, 12, 14, 15, 7}. 11. The method according to claim 9 , wherein g 2 (g 1 (R⊕S) is calculated by a product of a pre-defined 4×4 matrix and 4-bit h(l j ). 12. The method according to claim 11 , wherein g 2 (g 1 (R⊕S) is calculated by: ( 1 1 2 3 1 2 3 1 2 3 1 1 3 1 1 2 ) ⁢ ( h ⁡ ( l 7 ) h ⁡ ( l 6 ) h ⁡ ( l 5 ) h ⁡ ( l 4 ) h ⁡ ( l 3 )