With rapid development of information technology, integration of industrialization and information is becoming closer and closer. SCADA (Supervisory Control and Data Acquisition) systems have been widely used in industrial control systems for promoting social productivity efficiently. In recent years, attacks against SCADA systems have caused serious damage and economic loss. Many robust cryptographic mechanisms have been introduced in SCADA systems in order to improve their defense ability of attacks. However, industry control systems have requirements of high availability, real-time and stability. Thus, designing a lightweight cryptographic mechanism is necessary for SCADA systems to have rapid emergency-response and fault-recovery in some critical situations. This paper puts forward an approach of security authentication for SCADA systems which achieves the two-way authentication and ensures the confidentiality of communication between master and slave stations. The proposed approach employs a bivariate symmetric polynomial to obtain the session key by letting master and slave stations' identity values participate in the polynomial calculation. And further the session key is extended to meet the length requirement of AES encryption key. The extended session key is further used to encrypt communication data transmitted in SCADA systems. The proposed lightweight security authentication method is effective in mutual authentication for master and slave stations and in secure communication, and also meet some special requirements of SCADA systems, including fast response in an emergency situation, real-time data communication, and high availability.