In clustered sensor networks, an adversary can easily capture and damage a member node. Therefore, it is important to detect the compromised nodes and renew the keys of all other nodes. Although many key renewal schemes have been proposed, the detection of compromised nodes is still difficult to achieve. Furthermore, due to the resources limitation, conventional encryption and authentication protocols are impractical when we take the power consumption and resource usage into consideration. In this paper, a lightweight and energy-efficient authentication protocol and key renewal scheme for clustered sensor networks was proposed, in which the configurable ring oscillator (CRO) physical unclonable function (PUF) is adopted to enhance the security. Typical CRO PUFs, including multiplexer (MUX) based PUF and XOR gate based CRO PUF, are analyzed and compared. The proposed scheme is implemented and evaluated on Zynq 7000 series SoC FPGAs. The results indicate that the configurable PUF structure is cost efficient and the proposed protocol is secure against major attacks on clustered sensor networks.