A new industrial revolution is emerging with the Internet of Things (IoT) growing use in enabling the machine to machine communication between the devices, sensors, actuators, and gateways. IoT lets the communication across devices and the network happen in real-time and helps make technologically smart homes, smart hospitals, and smart industrial applications. The authentication schemes in IoT have to be robust and lightweight to be useful for resource-constrained real-time applications where user privacy and physical security are the priority concerns. The IoT devices are prone to physical attacks due to their installation in hostile environments. The intruders want to physically capture the IoT nodes for cloning and accessing the stored confidential information, thus necessitating IoT nodes’ physical protection. This article proposes a less expensive and physically secured user authentication and secure key exchange protocol for industry 4.0 applications. Physically unclonable functions (PUF), hash, and XOR operations are used in the proposed method to attain robustness and efficiency. The scheme's other benefits include low computational cost, retaining the device's confidentiality, safety from major security threats, low communication, and storage overhead.