ABSTRACT IPv6-based IoT networks, i.e. 6LoWPAN network, require authentication for security. The existing authentication schemes on symmetric-key based approaches for 6LoWPAN consume huge computational and processing overhead in the literature. In a large network, pre-deployment of the key leads to huge memory consumption due to storing many keys. Furthermore, in asymmetric key cryptography, operations with the public key are computationally expensive, which is unsuitable for resource-constrained devices. We proposed a lightweight key exchange and authentication scheme for 6LoWPAN to mutually authenticate the sensor nodes, the gateway, and the server with less computational overhead and without compromising any security credentials. The authentication scheme helps to generate a session key without storing any secrets in the 6LoWPAN devices. We utilized a one-way hash function and XOR operation to reduce overhead in multi-hop communication. The AVISPA verification tool and the formal verification show that the proposed method is resistant to well-known attacks. The proposed scheme outperforms relevant methods in computational overhead, communication cost, and computation time.