In recent years, Internet of Things (IoT) technology has become an essential part of civil and commercial sectors, which are eager to realize their digital transformation. Generally, IoT devices are deployed to gather various information from their surroundings. Nevertheless, disclosing/compromising IoT devices' data to/by unauthorized entities during transmission might compromise the objectives of IoT applications. In addition, low-cost IoT devices are usually made of small circuit with limited computing power and energy supply, thus, security protocols must not affect IoT devices' and systems' functionalities. Recently, several authentication schemes are developed to enable IoT entities (e.g., devices and gateway) to securely exchange information over insecure wireless channels. However, the existing solutions either incur high computation/communication overhead, or have intrinsic security design flaws, which make IoT systems suffer performance degradation or cyber attacks. Especially, none of them distinguish between the different types of data collected by IoT devices. In this paper, we propose a resource-efficient and data type-aware authentication protocol using Chebyshev polynomials, hereafter referred to as CHEAP, for IoT systems. The CHEAP consists of two sub-schemes: (i) authentication and key establishment between IoT device and IoT gateway; and (ii) authentication and key establishment between two IoT devices. We verify the security properties of CHEAP on AVISPA, and the verification results indicate that the CHEAP can operate safely in an adversarial setting. We also conduct simulation-based comparative experiments in terms of diverse performance metrics. The experimental results imply that the CHEAP is a more efficient security protocol with smaller running time, less energy consumption, and lower communication overhead.