Abstract: Aimed at the problem of balancing anti-modeling attack capability and authentication protocol cost in the authentication process of internet of things devices, a lightweight anti-modeling attack authentication protocol based on DMCM-APUF (dual mode configurable mixer-DMCM, arbiter physical unclonable function-APUF) is proposed. In order to improve the anti-modeling attack capability of APUF, DMCM obfuscation mode (DMCM-O) was used to obfuscate the original excitation response. Authentication information was encrypted and decrypted using DMCM encryption mode (DMCM-E) to achieve symmetric encryption. We mathematically modeled the DMCM-APUF, conducted anti-attack analysis in DMCM-O mode and security analysis in DMCM-E mode. Experimental results show that the authentication protocol has good anti-modeling attack capability and saves hardware cost.