Internet of Things (IoT) devices are vulnerable due to their limited resources and inadequate security mechanisms. The number of IoT devices has increased day by day, so the number of devices that are connected to the Internet has also increased. Devices may be deployed anywhere and made available to anyone, making the management of numerous devices problematic. Device management is crucial, as the compromise of IoT devices might cause serious consequences and already there are examples of such a compromise caused widespread DDoS attacks. This paper aims to propose a mechanism that ensures the security of IoT devices and presents a management model and lightweight authentication mechanism simultaneously. The proposed mechanism is novel, computationally lightweight, financially low-cost, remotely usable, and requires no special hardware. This mechanism includes a key management phase to generate ephemeral keys for every session and a trivial and cost-efficient data transfer phase. The proposed mechanism provides an IoT device management model to achieve a scalable IoT environment. Data is transferred cost-effectively via XORs and hash functions. The security of the authentication mechanism is formally verified using AVISPA model checker.