To provide secure delivery of satellite data in IPTV systems, service providers charge subscribing fee by scrambling the program in conditional access system using control words. At the receiver end, smart card is used to decrypt the control words and transfer them back to set-top box to descramble the scrambled program. Therefore, secure communication between set-top box and smart card is closely related with the benefit of service providers and the legal rights of users. In this paper, we propose secure mutual authentication and key agreement protocol between set-top box and smart card in IPTV broadcasting. The proposed scheme is more efficient than any other previously proposed schemes by eliminating exponentiation operations which are time-consuming. Moreover, our scheme can prevent two common serious problems - smart card cloning and McCormac Hack problems - in IPTV broadcasting.