The Internet of Things (IoT) is an emerging trend that generates many new challenges in security and privacy through the interconnect of ubiquitous devices and services over the Internet. Depending on the device and its strict constraints in the IoT, one often needs to refrain from implementing costly public key cryptography to solve the key distribution problem. In this context, Physical Unclonable Functions (PUF) have been identified as a promising replacement that uses already present physical properties of the device. For encryption and authentication services, we combine this technology with Physical Key Generation (PKG) over wireless communication that leverages physical properties of the communications channel. Note that PKG uses same or similar components as PUFs, rendering the combination of both cheap compared to common public-key cryptography such as RSA or ECC. To the best of our knowledge, this is the first approach to combine both technologies to provide confidentiality and authenticity of devices for a lightweight key distribution mechanism. To demonstrate the validity and usefulness of our approach, we derive a generalized architecture for smart home systems and adopt our approach to this scenario.978-1-4799-5927-3/15/$31.00 ©2015 IEEE