A secure and effective authentication and communication scheme between users and underwater sensors plays an important role in improving the detection and utilization of marine resources in underwater acoustic networks (UANs). However, due to the energy limitations and susceptibility to capture of underwater sensors and gateways, it is necessary to design a lightweight authentication protocol that can resist capture of sensors and gateways during attacks. In this paper, a lightweight authentication protocol for UANs based on the Physical Unclonable Function (PUF) and chaotic map is proposed. We used the advantages of PUF to resist sensors and gateways being captured in attacks and the chaotic map to achieve lightweight authentication because the computational cost of the chaotic map is almost one-third that of Elliptic Curve Cryptography (ECC). Additionally, we used the formal security proof in the random oracle model to prove the security of the proposed scheme. Our scheme was more secure and efficient compared with some other related schemes in terms of security and performance requirements, and the proposed scheme is suitable for UANs.