The　use　of　Internet　of　Drones　(IoD)　technology　has　surged　across　various　domains　such　as　logistics,　surveying,　industrial　inspections,　emergency　response,　security,　infrastructure　monitoring,　crop　management,　and　more.　However,　real-time　communication　with　drones　or　Unmanned　Aerial　Vehicles　(UAVs)　in　the　IoD　environment　occurs　over　an　insecure　open　channel,　making　it　susceptible　to　various　security　and　privacy　vulnerabilities,　including　unauthorized　access,　data　interception,　denial　of　service　attacks,　and　privacy　concerns.　Due　to　their　unique　characteristics,　including　long　transmission　distances,　unstable　communication　environments,　resource　limitations,　and　the　highly　dynamic　nature　of　UAVs,　ensuring　the　security　and　privacy　of　IoD　systems　is　of　paramount　importance　for　the　success　of　IoD-based　applications.　Furthermore,　drones　are　resource-constrained　devices,　and　employing　expensive　security　solutions　is　impractical,　as　it　would　significantly　reduce　the　operational　capacity　of　drones.　In　this　paper,　we　present　the　design　of　an　ultralightweight,　secure,　and　robust　user-authenticated　key　agreement　framework　for　the　IoD　environment,　named　USAF-IoD.　The　proposed　USAF-IoD　is　developed　by　incorporating　authenticated　encryption　(ASCON),　cryptographic　hashing,　XOR　operations,　and　the　use　of　physical　unclonable　functions　(PUFs).　PUFs　are　employed　to　enhance　resistance　against　physical　tampering　attacks.　The　security　analysis　reveals　that　the　proposed　USAF-IoD　meets　the　essential　security　requirements　of　the　IoD　environment.　The　comparative　analysis　further　highlights　the　effectiveness　of　the　proposed　USAF-IoD,　notably　excelling　in　terms　of　security　and　functionality　characteristics　when　compared　to　existing　benchmark　schemes,　and　showcasing　competitive　performance　in　computation,　communication,　and　energy　overheads.　IEEE