Majority of the devices in the Internet of Things (IoT) are deployed in an environment that is susceptible to cyber-attacks. Due to the resource-constraint nature of IoT, it is very hard to meet the security challenges that arise due to the deployment of IoT devices in the unsecure environment. In this context, the authentication of IoT devices is one of the core challenges. Many protocols have been designed to address and overcome the security issues that stem from the authentication failure. However, many of these protocols are designed using the complex cryptographic techniques that may not be supported by IoT devices. In this paper, we propose a lightweight and secure mutual authentication scheme for resource constraint IoT devices. The proposed scheme is robust against cyber-attacks, such as impersonation, modification, session key disclosure, and eavesdropping attacks. The security of the proposed scheme is formally tested using the Automated Validation of Internet Security Protocols and Applications tool and found the scheme to be secure in the Dolev-Yao attack model. Moreover, the performance features such as communication overhead, computation time, and the turnaround time of the proposed scheme are evaluated and compared with the recent schemes of same category, where the proposed scheme shows a balance of performance without compromising the security features.