Life in modern society becomes easier due to the rapid growth of different technologies like real-time analytic, ubiquitous wireless communication, commodity sensors, machine learning and embedded systems. Nowadays, there seems to be a need to merge these technologies in the form of Internet of Things (IoT) so that smart systems can be achieved. On the other hand, cloud computing is a pillar in IoT by which end users get connected through the cloud servers for getting different services. However, to recognise the legitimacy of communicators during communication sessions through insecure channels like the Internet, serious issues in cloud-based IoT applications need to be addressed. Thus, authentication procedure is highly desirable to remove the unapproved access in IoT applications. This study presents an ElGamal cryptosystem and biometric information along with a user's password-based authentication scheme for cloud-based IoT applications refereed as SAS-Cloud. Security of the proposed scheme has been analysed by well popular random oracle model and it is found that SAS-Cloud has the ability to defend all the possible attacks. Furthermore, the performance of SAS-Cloud has been evaluated and it was found that SAS-Cloud has better efficiency than other existing competing ElGamal cryptosystem-based authentication schemes.