The Internet of Things (IoT) has become an important technology which permits different devices and machines to interconnect with each other using heterogeneous networks. The integration of numerous techniques is expected to offer extraordinary growth in future and current promising applications of IoT. In these days, the secure communication among interconnected IoT components has become an important issue of concern. Therefore, it has become a foremost need to design such authentication protocol which can make the secure communication among IoT components. In this article, we proposed an identity-based authentication and key agreement protocol for the IoT environment in order to offer the secure communication between various IoT entities. The devised protocol utilizes the physically unclonable function which helps to robustly resist the physical attack on IoT components. We analyze the proposed protocol informally which clearly shows that the proposed protocol offers the perfect forward secrecy, device anonymity and untraceability and also resists the desynchronization, IoT node impersonation and server impersonation attacks. The security features of proposed protocol are also analyzed formally using well known Random Oracle Model (ROM). Moreover, the performance of the devised protocol has also been determined in terms of communication and computational overhead. The performance and security analysis shows the supremacy of the devised protocol over the various related protocols.