The notion of a smart city is a modern concept characterized by the widespread integration of the Internet of Things (IoT) across various facets of urban life, including healthcare, traffic management, agriculture, and more. This establishes real-time communication and data exchange between all users, servers and devices through the Internet. As we begin to discuss communication between parties, one must also recognize the imperative need for this exchange to be secure and private, as such exchanges are extremely vulnerable to attacks such as man-in-the-middle and replay attacks and even situations like compromising of anonymity during exchanges. This paper focuses on finding an innovative solution to the same challenge. It proposes a mechanism to establish secure communication between the smart IoT devices and the connected cloud servers through a secure mutual authentication and key establishment process with a short name “SLA-SCA”. The security analysis of the proposed SLA-SCA is done, which proves its resilience against the various potential attacks of such a communication. The proposed SLA-SCA outperformed the other existing schemes regarding important security and functionality features.