Once Attach request is received, MME has to authenticate the UE
This Authentication procedure involves,
1.AIR [Authentication Information Request] sent from MME to HSS
2.AIA [Authentication Information Answer] sent from HSS to MME
3.Authentication request sent from MME to UE
4.Authentication response sent from UE to MME
1.Authentication Information Request has username and visited PLMN ID in addition to many other AVPs. These AVPs are used by HSS to generate authentication parameters
2.Authentication Information Answer sends Authentication Info AVP in addition to many other AVPs. This will be used by MME to authenticate UE
3.MME sends AUTN, RAND in authentication request
4.UE uses RAND and generates AUTN and XRES. If AUTN sent in Authentication request matches the one UE generates, UE has successfully authenticated MME. Now UE send Authentication Ans which has
XRES.
MME checks this XRES received from UE against the one received from HSS. If both match, MME has successfully authenticated the UE
In this way mutual authentication happens.
Authentication can also happen during inter-RAT TAU, periodic TAU