IoT-based UAV networks comprise interconnected UAVs outfitted with sensors and microcontrollers to simplify data exchange in environments such as smart cities. In light of open-access communication landscapes, IoT-based UAV networks could pose security challenges, encompassing authentication vulnerabilities and the inadvertent disclosure of location and other confidential information to unauthorised parties. Henceforth, we have proposed a lightweight and secure authentication protocol: Hyperelliptic Curve and Fuzzy Extractor based Authentication in IoT-based UAV networks (HCFAIUN) leveraging Hyperelliptic Curve Cryptography(HCC), Fuzzy Extractor (FE), XOR operations and hash functions. HCC's maximum key size is 80 bits, differing from the 160-bit requirement of the elliptic curve, making it apt for UAVs with limited resources. The proposed scheme utilises biometrics traits of users to avoid exposing data from stealing smart devices using FE. This protocol facilitates the mutual authentication of users and UAVs, allowing them to exchange a session key for secure communication. The Hyperelliptic Curve (HC) scalar multiplication protects the user's private key from attackers, even in public channels. The obfuscation identity of the user and UAVs generated through the hash function and timestamp makes the external user and UAV anonymous. The efficacy of this proposed framework is examined using the Scyther verification tool and Random oracle model-based formal analysis, and informal analysis is also discussed, which validates its robustness against well-known potential physical and logical attacks. The performance analysis shows that the HCFAIUN scheme has lower computation, communication, and storage costs, i.e., 3.832 ms and 1456 bits and 1128 bits, respectively, compared to existing schemes.