In Internet of Drones (IoD), unmanned aerial vehicles (UAVs) or drones are deployed in various mission-critical applications to collect sensitive data and disseminate it to the server placed on the ground station. Users mostly require real-time data from the drones, instead of the information stored by the server, in specific applications to perform timely actions. However, performing real-time communication with a drone through the public communication channel, which is exposed to different security risks, mandates an authenticated key exchange (AKE) between users and drones in the IoD networks for enabling users to communicate securely with the drone through the public communication infrastructure. Moreover, real-time data acquisition from drones brings about computational overheads, making the process computationally inefficient. Thus, an efficient and lightweight AKE scheme is imperative. This article proposes a resource-efficient authentication scheme for the IoD networks, called REAS-IoD, which utilizes the lightweight hash function and authenticated encryption primitive, known as ACE, to accomplish the AKE process securely. In REAS-IoD, a user’s authentication is performed, followed by establishing a secure session key (SK) between a specific drone and the user, for the future encrypted communication. The SK’s security is established utilizing a random oracle model. We, by performing informal security verification, prove that REAS-IoD is cable of obviating different active and passive pernicious security attacks. Besides, we conduct a Scyther tool-based analysis of REAS-IoD to corroborate its security strength. Lastly, a comparative study is presented to demonstrate that without compromising security and privacy features, REAS-IoD requires fewer resource, and is computationally efficient, than the related eminent security schemes.