The Internet of Things (IoT) represents a giant ecosystem where many objects are connected. They collect and exchange large amounts of data at a very high speed. One of the main parts of IoT is the Wireless Sensor Network (WSN), which is deployed in various critical applications such as military surveillance and healthcare that require high levels of security and efficiency. Authentication is a primary security factor that ensures the legitimacy of data requests and responses in WSN. Moreover, sensor nodes are characterized by their limited resources, which raise the need for lightweight authentication schemes applicable in IoT environments. This paper presents an informal analysis of the security of X. Li et al.'s protocol, which is claimed to be efficient and resistant to various attacks. The analysis results show that the reviewed protocol does not provide user anonymity and it is vulnerable to session key disclosure attack, many-time pad attack, and insider attack. To address all these requirements, a new three-factor authentication protocol is presented, which guarantees higher security using Physically Unclonable Function (PUF) and Elliptic Curve Cryptography (ECC). This protocol does not only withstand the security weaknesses in X. Li et al.'s scheme but also provides smart card revocation and is resistant to cloning attack. In terms of both computational and communicational costs, results demonstrate that the proposed scheme provides higher efficiency in comparison with other related protocols, which makes it notably suitable for IoT environments.