Background: The Internet of Things (IoT) is the interconnection of physical devices, controllers, sensors and actuators that monitor and share data to another end. In a smart home network, users can remotely access and control home appliances/devices via wireless channels. Due to the increasing demand for smart IoT devices, secure communication also becomes the biggest challenge. Hence, a lightweight authentication scheme is required to secure these devices and maintain user privacy. The protocol proposed is secure against different kinds of attacks and as well as is efficient. Methods: The proposed protocol offers mutual authentication using shared session key establishment. The shared session key is established between the smart device and the home gateway, ensuring that the communication between the smart devices, home gateway, and the user is secure and no third party can access the information shared. Results: Informal and formal analysis of the proposed scheme is done using the AVISPA tool. Finally, the results of the proposed scheme also compare with existing security schemes in terms of computation and communication performance cost. The results show that the proposed scheme is more efficient and robust against different types of attacks than the existing protocols. Conclusion: In the upcoming years, there will be a dedicated network system built inside the home so that the user can have access to the home from anywhere. The proposed scheme offers secure communication between the user, the smart home, and different smart devices. The proposed protocol makes sure that security and privacy are maintained since the smart devices lack computation power which makes them vulnerable to different attacks.