Internet of Vehicles (IoV) has greatly improved safety and quality of services in intelligent transportation system (ITS). However, the deployed dedicated short-range communication (DSRC) protocol broadcasts messages after every 100–300 ms. This presents some challenges in message validation within this short duration. As such, most of the current authentication schemes which incur heavy computation and communication overheads are not suitable in this environment. In this article, an efficient authentication scheme is presented based on lightweight cryptographic primitives, such as collision-resistant one-way hashing functions and exclusive OR (XOR) operations. In our protocol, two-factor authentication is attained using physically unclonable function (PUF) generated identities and random nonces, as well as passwords. Extensive formal security verification using the Real or Random (RoR) model shows that it is provably secure. In addition, elaborate semantic security analysis shows that it offers anonymity, untraceability, and key secrecy as well as resilience against numerous IoV attack vectors. In terms of performance, comparative evaluations demonstrate that it reduces computation and energy consumptions by 42.31%. Moreover, it increases the supported security features by 26.67%.