The Internet of Things (IoT) revolutionizes connectivity, as IoT devices grow exponentially, vulnerabilities emerge, ranging from data breaches to device hijacking. Thus there is the critical need for robust security measures, including encryption protocols and authentication mechanisms, to safeguard against cyber threats. Despite advancements in the authentication mechanism, still IoT security remains an ongoing concern. Because most of the authentications are vulnerable to diverse security attacks and other resource intensive. Thus protecting user data in this increasingly interconnected IoT-enabled world requires a secure and lightweight authentication mechanism. In this direction, in this paper, we propose a physically secure authentication framework for the IoT (PSAF-IoT). PSAF-IoT utilizes a combination of physical unclonable functions, secure hash algorithm, and elliptic curve cryptography to establish robust security measures. It guarantees the creation of a secure channel (session key) following user authentication at the gateway node, allowing the user to use the established secure channel for future communication. The secure channel establishment procedure is validated for security by employing formal methods such as the random oracle model and Scyther-based simulations. Additionally, PSAF-IoT undergoes informal validation to demonstrate resilience against node capture, replay attacks, impersonation, and other common security threats. Notably, PSAF-IoT demonstrates efficiency in terms of execution time, energy consumption, and communication costs, as evidenced by comparative analyses with related authentication frameworks, all while enhancing information security functionalities.