Due to the massive increase in the Internet of Things (IoT) devices in various applications requiring an IoT–cloud environment, the network latency is high since all the IoT devices have to be authenticated by the cloud servers. Fog nodes can be used as an intercessor between IoT devices and the cloud, thereby reducing the latency of the network since the burden of authenticating the devices can be offloaded from the cloud. This paper proposes a lightweight secure mutual authentication scheme based on physically unclonable function that best addresses the current issues. Since the fog nodes are constrained, a lightweight authentication scheme will be the best solution. The formal security analysis of the scheme LASSI is done using real-or-random model. We used the widely accepted tool Scyther for formal security verification, and the results show that the scheme LASSI is resilient against various attacks. The performance evaluation of the scheme and the comparison with related other schemes show that our scheme is better in terms of communication and computation costs.