Internet　of　Things　(IoT)　becomes　a　new　era　of　the　Internet,　which　consists　of　several　connected　physical　smart　objects　(i.e.,　sensing　devices)　through　the　Internet.　IoT　has　different　types　of　applications,　such　as　smart　home,　wearable　devices,　smart　connected　vehicles,　industries,　and　smart　cities.　Therefore,　IoT　based　applications　become　the　essential　parts　of　our　day-to-day　life.　In　a　cloud-based　IoT　environment,　cloud　platform　is　used　to　store　the　data　accessed　from　the　IoT　sensors.　Such　an　environment　is　greatly　scalable　and　it　supports　real-time　event　processing　which　is　very　important　in　several　scenarios　(i.e.,　IoT　sensors　based　surveillance　and　monitoring).　Since　some　applications　in　cloud-based　IoT　are　very　critical,　the　information　collected　and　sent　by　IoT　sensors　must　not　be　leaked　during　the　communication.　To　accord　with　this,　we　design　a　new　lightweight　authentication　mechanism　in　cloud-based　IoT　environment,　called　LAM-CIoT.　By　using　LAM-CIoT,　an　authenticated　user　can　access　the　data　of　IoT　sensors　remotely.　LAM-CIoT　applies　efficient　“one-way　cryptographic　hash　functions”　along　with　“bitwise　XOR　operations”.　In　addition,　fuzzy　extractor　mechanism　is　also　employed　at　the　user＇s　end　for　local　biometric　verification.　LAM-CIoT　is　methodically　analyzed　for　its　security　part　through　the　formal　security　using　the　broadly-accepted　“Real-Or-Random　(ROR)”　model,　formal　security　verification　using　the　widely-used　“Automated　Validation　of　Internet　Security　Protocols　and　Applications　(AVISPA)”　tool　as　well　as　the　informal　security　analysis.　The　performance　analysis　shows　that　LAM-CIoT　offers　better　security,　and　low　communication　and　computation　overheads　as　compared　to　the　closely　related　authentication　schemes.　Finally,　LAM-CIoT　is　evaluated　using　the　NS2　network　simulator　for　the　measurement　of　network　performance　parameters　that　envisions　the　impact　of　LAM-CIoT　on　the　network　performance　of　LAM-CIoT　and　other　schemes.　©　2019　Elsevier　Ltd