The growing reliance on wireless communication in Internet-of-Things (IoT) devices highlights the critical need for secure and efficient communication protocols, especially in environments vulnerable to cyber threats. Existing IoT protocols often lack sufficient security, creating a need for robust authentication and key exchange mechanisms that can resist attacks while maintaining low computational overhead. In this paper, we propose a fog-enabled network architecture integrated with IoT devices (Intra and Inter IoT device) and develop the DEAC-IoT scheme using Elliptic Curve Cryptography (ECC) for secure authentication and key agreement. Our protocol is designed to protect device-to-device communication from security threats in resource-constrained IoT environments. We validate DEAC-IoT’s security through both informal analysis and formal verification using the Real-Or-Random (RoR) model, demonstrating its resistance to major attacks. Simulation via the Scyther tool confirms that private parameters remain secure throughout the protocol’s execution. For practical feasibility, we implement DEAC-IoT on a Field Programmable Gate Array (FPGA) and conduct performance evaluations. The results show that our protocol surpasses existing protocols in both computational and communication efficiency, making it highly suitable for real-world IoT applications.