Smart grid is a great revolution in communications that has succeeded in overcoming traditional network problems. However, smart grid components may face many security challenges that make the smart grid vulnerable to many attacks such as impersonation and replay attacks and user privacy disclosure. To cope with these challenging problems, we propose a lightweight authenticated key establishment scheme depending on data aggregation by using elliptic curve cryptography to create shared keys between smart meter and data aggregator, and between data aggregator and service provider. The data aggregator reduces the burden on smart meters and transfers consumption data safely as it is the mediator between the smart meter and the service provider. The proposed scheme can provide mutual authentication, anonymity and untraceability of smart meter, and can resist impersonation and replay attacks. In addition, the proposed scheme reduces the overall computation costs compared to other recent related schemes.