Security authentication method and bidirectional forwarding detection method

Disclosed is a security authentication method, comprising: a control plane of a bidirectional forwarding detection (BFD) device receiving a first BFD packet that is sent by a control plane of a peer BFD device and carries a random number; the control plane generating a first token value according to the random number; the control plane sending the first token value to a data plane; the data plane receiving a second BFD packet sent by a data plane of the peer BFD device, the second BFD packet carrying authentication information, and the authentication information comprising a random number; the data plane generating a second token value according to the random number comprised in the authentication information and by using a calculation method the same as that of the control plane, and comparing the second token value and the first token value, wherein if the second token value is the same as the first token value, the second BFD packet passes authentication of the data plane. A network processor (NP) of the data plane of the BFD device can also perform security authentication of a higher security level.