The Internet of things (IoT) became quickly one of the most popular and most discussed topics in research. Studies paid attention to the Internet stuff, primarily to new products that aim to achieve greater efficiency and simplicity in life. IoT may cover several fields of the smart environment. Because of the data exposure that occurs when data is transferred via various channels, data protection issues have become a major problem as the company continues to expand. When user privacy and property are taken into consideration, the situation may become much worse. As a result, the authentication process for communicating entities has garnered considerable attention. In this paper, we proposed a secure authentication model for smart home applications, which privacy considered and complies with the General Data Protection Regulation GDPR. The proposed scheme improved the existing authentication schemes' performance and security level. This work based on the Elliptic curve cryptography ECC, one-way hash function, and XOR operation. The proposed lightweight authentication model is suitable for resource-constrained devices. This study is developing the offline direct authentication model to authenticate users and IoT devices in the local network. In addition, our scheme uses the online authentication server to authenticate all system parts.