With the rise of the Internet of Things (IoT), maintaining data confidentiality and protecting user privacy have become increasingly challenging. End devices in the IoT are often deployed in unattended environments and connected to open networks, making them vulnerable to physical tampering and other security attacks. Different authentication key agreement (AKA) schemes have been used in practice; several of them do not cover the necessary security features or are incompatible with resource-constrained end devices. Their security proofs have been performed under the Random-Oracle model. We present an AKA protocol for end devices and servers. The proposal leverages the ECC-based key exchange mechanism and one-way hash function-based message authentication method to achieve mutual authentication, user anonymity, and forward security. A formal security proof of the proposed scheme is performed under the standard model and the eCK model with the elliptic curve encryption computational assumptions, and formal verification is performed with ProVerif. According to the performance comparison, it is revealed that the proposed scheme offers user anonymity, perfect forward security, and mutual authentication, and resists typical attacks such as ephemeral secret leakage attacks, impersonation attacks, man-in-the-middle attacks, and key compromise impersonation attacks. Moreover, the proposed scheme has the lowest computational and communication overhead compared to existing schemes.